From 14d5e92afa12955db43f4890fcca114c7c3a529c Mon Sep 17 00:00:00 2001
From: azahi <azat@bahawi.net>
Date: Wed, 8 Jan 2025 13:47:09 +0300
Subject: [PATCH] nixos/endlessh-go: fix DNS resolution

As suggested by toast003[1].

[1]: https://github.com/shizunge/endlessh-go/discussions/127#discussioncomment-11760912

(cherry picked from commit 99778e1bb590c984d91f39322e57d59220402c59)
---
 nixos/modules/services/security/endlessh-go.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/security/endlessh-go.nix b/nixos/modules/services/security/endlessh-go.nix
index 8a22c01390a65..9cac615ac4fc1 100644
--- a/nixos/modules/services/security/endlessh-go.nix
+++ b/nixos/modules/services/security/endlessh-go.nix
@@ -113,7 +113,13 @@ in
             );
           DynamicUser = true;
           RootDirectory = rootDirectory;
-          BindReadOnlyPaths = [ builtins.storeDir ];
+          BindReadOnlyPaths = [
+            builtins.storeDir
+            "-/etc/hosts"
+            "-/etc/localtime"
+            "-/etc/nsswitch.conf"
+            "-/etc/resolv.conf"
+          ];
           InaccessiblePaths = [ "-+${rootDirectory}" ];
           RuntimeDirectory = baseNameOf rootDirectory;
           RuntimeDirectoryMode = "700";