nixos/tinc: disable chroot by default

author: Sandro Jäckel <sandro.jaeckel@gmail.com> 2021-11-09 21:30:18 +0100
committer: Sandro Jäckel <sandro.jaeckel@gmail.com> 2021-11-09 21:30:18 +0100
commit: c819ee9b672f6dda5693c52dbc7a402e2dd74fc1 (patch)
tree: 31c405c796cbe39c28ff2eade957b2c967dd80ac /nixos
parent: 37bd69672dc8592fe56e87011de4dc6ceca720a8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix
index 1d77503d68bc..9db433fa0735 100644
--- a/nixos/modules/services/networking/tinc.nix
+++ b/nixos/modules/services/networking/tinc.nix
@@ -289,13 +289,13 @@ in
             };
 
             chroot = mkOption {
-              default = true;
+              default = false;
               type = types.bool;
               description = ''
                 Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security.
                 The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
 
-                Note that tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
+                Note that this currently breaks dns resolution and tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
               '';
             };
author	Sandro Jäckel <sandro.jaeckel@gmail.com>	2021-11-09 21:30:18 +0100
committer	Sandro Jäckel <sandro.jaeckel@gmail.com>	2021-11-09 21:30:18 +0100
commit	c819ee9b672f6dda5693c52dbc7a402e2dd74fc1 (patch)
tree	31c405c796cbe39c28ff2eade957b2c967dd80ac /nixos
parent	37bd69672dc8592fe56e87011de4dc6ceca720a8 (diff)