Add --no-sandbox flag to nixos-rebuild command

Fixes kernel namespace sandboxing issues when running as systemd service. The --no-sandbox flag disables Nix build sandboxing which requires kernel namespaces not available in restricted service environments.
2025-10-25 01:37:21 +02:00 · 2025-10-25 01:37:21 +02:00 · f5d2ebeaec
commit f5d2ebeaec
parent 2d3844b5dd
1 changed files with 1 additions and 0 deletions
--- a/agent/src/agent.rs
+++ b/agent/src/agent.rs
@ -302,6 +302,7 @@ impl Agent {
            tokio::process::Command::new("sudo")
                .arg("/run/current-system/sw/bin/nixos-rebuild")
                .arg("switch")
+                .arg("--no-sandbox")
                .arg("--flake")
                .arg(".")
                .current_dir(working_dir)