ghoscht/arion
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #29 from hercules-ci/tmp-tmpfs

Browse source 
Support boot.tmpOnTmpfs without privileges
This commit is contained in:
Domen Kožar 2019-03-22 09:22:25 +07:00 committed by GitHub
commit e721145f38
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
examples/full-nixos/arion-compose.nix
View file

@ -1,6 +1,7 @@
{
docker-compose.services.webserver = { pkgs, ... }: {
nixos.useSystemd = true;
nixos.configuration.boot.tmpOnTmpfs = true;
nixos.configuration.services.nginx.enable = true;
nixos.configuration.services.nginx.virtualHosts.localhost.root = "${pkgs.nix.doc}/share/doc/nix/manual";
service.useHostStore = true;

4
src/nix/modules/service/nixos-init.nix
View file

@ -29,10 +29,10 @@ in
"/sys/fs/cgroup:/sys/fs/cgroup:ro"
];
service.tmpfs = [
"/tmp:exec,mode=777"
"/run" # noexec is fine because exes should be symlinked from elsewhere anyway
"/run/wrappers" # noexec breaks this intentionally
];
] ++ lib.optional (config.nixos.evaluatedConfig.boot.tmpOnTmpfs) "/tmp:exec,mode=777";
service.stop_signal = "SIGRTMIN+3";
service.tty = true;
};