From 05bb108323cd7a28968f38a21817443ce17a429a Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sun, 26 Dec 2021 10:15:25 +0100
Subject: [PATCH] Disable privileged containers

---
 app/core/deploy/core.hcl | 1 -
 configuration.nix        | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/core/deploy/core.hcl b/app/core/deploy/core.hcl
index 67a3e64..fd4176a 100644
--- a/app/core/deploy/core.hcl
+++ b/app/core/deploy/core.hcl
@@ -21,7 +21,6 @@ job "core" {
         image = "lxpz/amd64_diplonat:2"
         network_mode = "host"
         readonly_rootfs = true
-        privileged = true
       }
 
       restart {
diff --git a/configuration.nix b/configuration.nix
index 98ae874..726e425 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -257,7 +257,7 @@ in
             config = [
               {
                 volumes.enabled = true;
-                allow_privileged = true;
+                #allow_privileged = true;
               }
             ];
           }