all the mounts, none of the secure

hosts/tesla-nixos/configuration.nix

@@ -36,6 +36,9 @@
     internalInterfaces = ["ve-+"];
     externalInterface = "ens18";
   };
+  environment.systemPackages = with pkgs; [
+    fuse-overlayfs
+  ];
 
   containers.gitlab-runner = {
     autoStart = true;
@@ -55,6 +58,15 @@
         hostPath = "/var/lib/gitlab-runner";
         isReadOnly = false;
       };
+      "/proc" = {
+        hostPath = "/run/proc";
+      };
+      "/sys" = {
+        hostPath = "/run/sys";
+      };
+      "/dev/fuse" = {
+        hostPath = "/dev/fuse";
+      };
     };
 
     # Guest (inside the nspawn container)
@@ -91,6 +103,7 @@
         docker
         git
         crun
+        fuse-overlayfs
       ];
       systemd.services."enable-linger-gitlab-runner" = {
         description = "Enable linger for gitlab-runner";