try store mounted read-only

- `--store` as per https://blog.kotatsu.dev/posts/2023-04-21-woodpecker-nix-caching/ - `--eval-store` as per https://kevincox.ca/2022/01/02/nix-in-docker-caching/
2025-08-04 17:49:42 +02:00 · 2025-08-04 17:49:42 +02:00 · ba2870d659
commit ba2870d659
parent 1e99075184
2 changed files with 6 additions and 2 deletions
--- a/.woodpecker/cd.yaml
+++ b/.woodpecker/cd.yaml
@ -13,7 +13,9 @@ steps:
        mkdir -p ~/.ssh
        echo "$CD_SSH_KEY" > ~/.ssh/id_ed25519
        chmod 600 ~/.ssh/id_ed25519
-      - nix-shell --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && ssh-agent -s && SHELL=$(which bash) nixops4 apply -v default'
+      - nix-shell --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && ssh-agent -s && SHELL=$(which bash) nixops4 apply -v default'
    environment:
      CD_SSH_KEY:
        from_secret: cd_ssh_key
+    volumes:
+      - /nix:/mnt/nix:ro
--- a/.woodpecker/check-deployment-basic.yaml
+++ b/.woodpecker/check-deployment-basic.yaml
@ -10,4 +10,6 @@ steps:
  - name: check-deployment-basic
    image: nixos/nix
    commands:
-      - nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-basic -L
+      - nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-basic -L
+    volumes:
+      - /nix:/mnt/nix:ro