mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-15 21:08:21 +00:00
Code Activity

Merge pull request #791 from lilyball/linux-builder-tmpdir

Browse source 
linux-builder: avoid /tmp for certs
This commit is contained in:
Michael Hoang 2023-10-27 19:55:34 +02:00 committed by GitHub
commit afe83cbc2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
modules/nix/linux-builder.nix
View file

@ -10,6 +10,18 @@ let
builderWithOverrides = cfg.package.override { builderWithOverrides = cfg.package.override {
inherit (cfg) modules; inherit (cfg) modules;
}; };
# create-builder uses TMPDIR to share files with the builder, notably certs.
# macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days.
# If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish.
# So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves.
script = pkgs.writeShellScript "linux-builder-start" ''
export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1
rm -rf $TMPDIR
mkdir -p $TMPDIR
trap "rm -rf $TMPDIR" EXIT
${builderWithOverrides}/bin/create-builder
'';
in in
{ {
@ -85,7 +97,7 @@ in
serviceConfig = { serviceConfig = {
ProgramArguments = [ ProgramArguments = [
"/bin/sh" "-c" "/bin/sh" "-c"
"/bin/wait4path /nix/store && exec ${builderWithOverrides}/bin/create-builder" "/bin/wait4path /nix/store && exec ${script}"
]; ];
KeepAlive = true; KeepAlive = true;
RunAtLoad = true; RunAtLoad = true;