From fbcc6c5e436275a64dd4e4d0fd7c01b331eb63b5 Mon Sep 17 00:00:00 2001
From: dev-qwen2 <dev-qwen2@disinto.local>
Date: Fri, 17 Apr 2026 12:48:08 +0000
Subject: [PATCH] =?UTF-8?q?fix:=20[nomad-step-3]=20S3-fix-5=20=E2=80=94=20?=
 =?UTF-8?q?nomad/client.hcl=20must=20allow=5Fprivileged=20for=20woodpecker?=
 =?UTF-8?q?-agent=20(#961)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nomad/client.hcl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nomad/client.hcl b/nomad/client.hcl
index b90d5c1..1d60ab4 100644
--- a/nomad/client.hcl
+++ b/nomad/client.hcl
@@ -64,11 +64,11 @@ client {
 
 # Docker task driver. `volumes.enabled = true` is required so jobspecs
 # can mount host_volume declarations defined above. `allow_privileged`
-# stays false — no factory workload needs privileged containers today,
-# and flipping it is an audit-worthy change.
+# is true — woodpecker-agent requires `privileged = true` to access
+# docker.sock and spawn CI pipeline containers.
 plugin "docker" {
   config {
-    allow_privileged = false
+    allow_privileged = true
 
     volumes {
       enabled = true