nixos/gitea: fix commit signing (gpg) core dump

Gitea spawns `gpg` processes for commit signing related actions.
Those `gpg` processes need `mlock` (probably to prevent secrets
in the memory to swap).
Blocking it (as part of the `@memlock` preset) causes any
commit signing related actions to error out as http/500
This commit is contained in:
IndeedNotJames 2023-03-01 23:44:21 +01:00
parent 249f6c4c1d
commit 93c1d370db
No known key found for this signature in database
GPG Key ID: 0AD773CE46FD0F87

View File

@ -597,7 +597,7 @@ in
PrivateMounts = true;
# System Call Filtering
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
};
environment = {