Ophestra
f95e0a7568
All checks were successful
Test / Create distribution (push) Successful in 34s
Test / Sandbox (race detector) (push) Successful in 4m6s
Test / Hpkg (push) Successful in 4m12s
Test / Hakurei (race detector) (push) Successful in 4m46s
Test / Sandbox (push) Successful in 1m22s
Test / Hakurei (push) Successful in 2m18s
Test / Flake checks (push) Successful in 1m37s
Doc comments are also reworded for clarity. Signed-off-by: Ophestra <cat@gensokyo.uk>
131 lines
4.0 KiB
Go
131 lines
4.0 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"os"
|
|
"strings"
|
|
|
|
"hakurei.app/container/check"
|
|
"hakurei.app/container/fhs"
|
|
"hakurei.app/hst"
|
|
"hakurei.app/message"
|
|
)
|
|
|
|
func withNixDaemon(
|
|
ctx context.Context,
|
|
msg message.Msg,
|
|
action string, command []string, net bool, updateConfig func(config *hst.Config) *hst.Config,
|
|
app *appInfo, pathSet *appPathSet, dropShell bool, beforeFail func(),
|
|
) {
|
|
flags := hst.FMultiarch | hst.FUserns // nix sandbox requires userns
|
|
if net {
|
|
flags |= hst.FHostNet
|
|
}
|
|
if dropShell {
|
|
flags |= hst.FTty
|
|
}
|
|
|
|
mustRunAppDropShell(ctx, msg, updateConfig(&hst.Config{
|
|
ID: app.ID,
|
|
|
|
ExtraPerms: []hst.ExtraPermConfig{
|
|
{Path: dataHome, Execute: true},
|
|
{Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true},
|
|
},
|
|
|
|
Identity: app.Identity,
|
|
|
|
Container: &hst.ContainerConfig{
|
|
Hostname: formatHostname(app.Name) + "-" + action,
|
|
|
|
Filesystem: []hst.FilesystemConfigJSON{
|
|
{FilesystemConfig: &hst.FSBind{Target: fhs.AbsEtc, Source: pathSet.cacheDir.Append("etc"), Special: true}},
|
|
{FilesystemConfig: &hst.FSBind{Source: pathSet.nixPath, Target: pathNix, Write: true}},
|
|
{FilesystemConfig: &hst.FSLink{Target: pathCurrentSystem, Linkname: app.CurrentSystem.String()}},
|
|
{FilesystemConfig: &hst.FSLink{Target: pathBin, Linkname: pathSwBin.String()}},
|
|
{FilesystemConfig: &hst.FSLink{Target: fhs.AbsUsrBin, Linkname: pathSwBin.String()}},
|
|
{FilesystemConfig: &hst.FSBind{Target: pathDataData.Append(app.ID), Source: pathSet.homeDir, Write: true, Ensure: true}},
|
|
},
|
|
|
|
Username: "hakurei",
|
|
Shell: pathShell,
|
|
Home: pathDataData.Append(app.ID),
|
|
|
|
Path: pathShell,
|
|
Args: []string{bash, "-lc", "rm -f /nix/var/nix/daemon-socket/socket && " +
|
|
// start nix-daemon
|
|
"nix-daemon --store / & " +
|
|
// wait for socket to appear
|
|
"(while [ ! -S /nix/var/nix/daemon-socket/socket ]; do sleep 0.01; done) && " +
|
|
// create directory so nix stops complaining
|
|
"mkdir -p /nix/var/nix/profiles/per-user/root/channels && " +
|
|
strings.Join(command, " && ") +
|
|
// terminate nix-daemon
|
|
" && pkill nix-daemon",
|
|
},
|
|
|
|
Flags: flags,
|
|
},
|
|
}), dropShell, beforeFail)
|
|
}
|
|
|
|
func withCacheDir(
|
|
ctx context.Context,
|
|
msg message.Msg,
|
|
action string, command []string, workDir *check.Absolute,
|
|
app *appInfo, pathSet *appPathSet, dropShell bool, beforeFail func(),
|
|
) {
|
|
flags := hst.FMultiarch
|
|
if dropShell {
|
|
flags |= hst.FTty
|
|
}
|
|
|
|
mustRunAppDropShell(ctx, msg, &hst.Config{
|
|
ID: app.ID,
|
|
|
|
ExtraPerms: []hst.ExtraPermConfig{
|
|
{Path: dataHome, Execute: true},
|
|
{Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true},
|
|
{Path: workDir, Execute: true},
|
|
},
|
|
|
|
Identity: app.Identity,
|
|
|
|
Container: &hst.ContainerConfig{
|
|
Hostname: formatHostname(app.Name) + "-" + action,
|
|
|
|
Filesystem: []hst.FilesystemConfigJSON{
|
|
{FilesystemConfig: &hst.FSBind{Target: fhs.AbsEtc, Source: workDir.Append(fhs.Etc), Special: true}},
|
|
{FilesystemConfig: &hst.FSBind{Source: workDir.Append("nix"), Target: pathNix}},
|
|
{FilesystemConfig: &hst.FSLink{Target: pathCurrentSystem, Linkname: app.CurrentSystem.String()}},
|
|
{FilesystemConfig: &hst.FSLink{Target: pathBin, Linkname: pathSwBin.String()}},
|
|
{FilesystemConfig: &hst.FSLink{Target: fhs.AbsUsrBin, Linkname: pathSwBin.String()}},
|
|
{FilesystemConfig: &hst.FSBind{Source: workDir, Target: hst.AbsPrivateTmp.Append("bundle")}},
|
|
{FilesystemConfig: &hst.FSBind{Target: pathDataData.Append(app.ID, "cache"), Source: pathSet.cacheDir, Write: true, Ensure: true}},
|
|
},
|
|
|
|
Username: "nixos",
|
|
Shell: pathShell,
|
|
Home: pathDataData.Append(app.ID, "cache"),
|
|
|
|
Path: pathShell,
|
|
Args: []string{bash, "-lc", strings.Join(command, " && ")},
|
|
|
|
Flags: flags,
|
|
},
|
|
}, dropShell, beforeFail)
|
|
}
|
|
|
|
func mustRunAppDropShell(ctx context.Context, msg message.Msg, config *hst.Config, dropShell bool, beforeFail func()) {
|
|
if dropShell {
|
|
if config.Container != nil {
|
|
config.Container.Args = []string{bash, "-l"}
|
|
}
|
|
mustRunApp(ctx, msg, config, beforeFail)
|
|
beforeFail()
|
|
msg.BeforeExit()
|
|
os.Exit(0)
|
|
}
|
|
mustRunApp(ctx, msg, config, beforeFail)
|
|
}
|