forked from hercules-ci/arion
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhost-store.nix
42 lines (39 loc) · 1.61 KB
/
host-store.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
/*
This service-level bind mounts the host store into the container
when the service.useHostStore option is set to true.
*/
{ lib, config, pkgs, ... }:
let
inherit (lib) mkOption types mkIf;
escape = s: lib.replaceStrings ["$"] ["$$"] s;
in
{
options = {
service.useHostStore = mkOption {
type = types.bool;
default = false;
description = "Bind mounts the host store if enabled, avoiding copying.";
};
service.hostStoreAsReadOnly = mkOption {
type = types.bool;
default = true;
description = "Adds a ':ro' (read-only) access mode to the host nix store bind mount.";
};
service.useHostNixDaemon = mkOption {
type = types.bool;
default = false;
description = "Make the host Nix daemon available.";
};
};
config = mkIf config.service.useHostStore {
image.nixBuild = false; # no need to build and load
service.image = "arion-base";
service.build.context = "${../../../arion-image}";
service.environment.NIX_REMOTE = lib.optionalString config.service.useHostNixDaemon "daemon";
service.volumes = [
"${config.host.nixStorePrefix}/nix/store:/nix/store${lib.optionalString config.service.hostStoreAsReadOnly ":ro"}"
"${config.host.nixStorePrefix}${pkgs.buildEnv { name = "container-system-env"; paths = [ pkgs.bashInteractive pkgs.coreutils ]; }}:/run/system${lib.optionalString config.service.hostStoreAsReadOnly ":ro"}"
] ++ lib.optional config.service.useHostNixDaemon "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket";
service.command = lib.mkDefault (map escape (config.image.rawConfig.Cmd or []));
};
}