From 3da50e27a93fd701de6eb7036188cc49cfde4b69 Mon Sep 17 00:00:00 2001
From: chaos <chaos@owo.monster>
Date: Fri, 24 May 2024 20:20:24 +0100
Subject: [PATCH] add missing capability to vault server

---
 hosts/hetzner-arm/containers/vault-ca/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/hetzner-arm/containers/vault-ca/default.nix b/hosts/hetzner-arm/containers/vault-ca/default.nix
index 6a0eebf..9a56240 100644
--- a/hosts/hetzner-arm/containers/vault-ca/default.nix
+++ b/hosts/hetzner-arm/containers/vault-ca/default.nix
@@ -16,6 +16,7 @@ in {
     privateNetwork = true;
     hostAddress = hostIP;
     localAddress = containerIP;
+    additionalCapabilities = [ "CAP_IPC_LOCK" ];
 
     specialArgs = {
       inherit inputs;