From 21c7809cb6e07021f4e5ea4a12a4ca5f4d067231 Mon Sep 17 00:00:00 2001
From: Satria <admin@satr14.my.id>
Date: Sat, 14 Mar 2026 20:53:28 +0700
Subject: [PATCH] Revert "disable sandbox"

This reverts commit 04700f6f657da9fad4ce59ce7d8c60152dc1d323.
---
 modules/system/homelab/git.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix
index 4ea9bc1..792246c 100644
--- a/modules/system/homelab/git.nix
+++ b/modules/system/homelab/git.nix
@@ -48,5 +48,10 @@
       hostPackages = with pkgs; [ bash coreutils git nix ];
     };
   };
+  systemd.services."gitea-runner-nixos-deploy".serviceConfig = {
+    NoNewPrivileges = lib.mkForce false;
+    RestrictSUIDSGID = lib.mkForce false;
+    PrivateUsers = lib.mkForce false;
+  };
   systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false;
 }