veryroundbird.house / core
forked from tangled.org/core
this repo has no description
fork atom

spindle/{models,engine}: mount /etc/nix as volume; configure /etc/nix/nix.conf

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.sh>

anirudh.fi 944d0f1a 7c1e2364

verified
options
unified split
Changed files
+17 -1
spindle
engine
engine.go
models
pipeline.go
setup_steps.go
+7 -1
spindle/engine/engine.go 
···

       
497

       
497

       
 

       
					Mode: 0o1777, // world-writeable sticky bit


     

       
498

       
498

       
 

       
				},


     

       
499

       
499

       
 

       
			},


     

       

       
500

       
+

       
			{


     

       

       
501

       
+

       
				Type:   mount.TypeVolume,


     

       

       
502

       
+

       
				Source: "etc-nix-" + wid.String(),


     

       

       
503

       
+

       
				Target: "/etc/nix",


     

       

       
504

       
+

       
			},


     

       
500

       
505

       
 

       
		},


     

       
501

       
506

       
 

       
		ReadonlyRootfs: false,


     

       
502

       
507

       
 

       
		CapDrop:        []string{"ALL"},


     

       
503

       

       
-

       
		SecurityOpt:    []string{"seccomp=unconfined"},


     

       

       
508

       
+

       
		CapAdd:         []string{"CAP_DAC_OVERRIDE"},


     

       

       
509

       
+

       
		SecurityOpt:    []string{"no-new-privileges"},


     

       
504

       
510

       
 

       
	}


     

       
505

       
511

       
 

       



     

       
506

       
512

       
 

       
	return hostConfig
+1
spindle/models/pipeline.go 
···

       
55

       
55

       
 

       
		swf.addNixProfileToPath()


     

       
56

       
56

       
 

       
		setup := &setupSteps{}


     

       
57

       
57

       
 

       



     

       

       
58

       
+

       
		setup.addStep(nixConfStep())


     

       
58

       
59

       
 

       
		setup.addStep(cloneStep(*twf, *pl.TriggerMetadata.Repo, cfg.Server.Dev))


     

       
59

       
60

       
 

       
		setup.addStep(checkoutStep(*twf, *pl.TriggerMetadata))


     

       
60

       
61

       
 

       
		setup.addStep(dependencyStep(*twf))
+9
spindle/models/setup_steps.go 
···

       
8

       
8

       
 

       
	"tangled.sh/tangled.sh/core/api/tangled"


     

       
9

       
9

       
 

       
)


     

       
10

       
10

       
 

       



     

       

       
11

       
+

       
func nixConfStep() Step {


     

       

       
12

       
+

       
	setupCmd := `echo 'extra-experimental-features = nix-command flakes' >> /etc/nix/nix.conf


     

       

       
13

       
+

       
echo 'build-users-group = ' >> /etc/nix/nix.conf`


     

       

       
14

       
+

       
	return Step{


     

       

       
15

       
+

       
		Command: setupCmd,


     

       

       
16

       
+

       
		Name:    "Configure Nix",


     

       

       
17

       
+

       
	}


     

       

       
18

       
+

       
}


     

       

       
19

       
+

       



     

       
11

       
20

       
 

       
// checkoutStep checks out the specified ref in the cloned repository.


     

       
12

       
21

       
 

       
func checkoutStep(twf tangled.Pipeline_Workflow, tr tangled.Pipeline_TriggerMetadata) Step {


     

       
13

       
22

       
 

       
	if twf.Clone.Skip {