From ba2870d65991cbb68d0ce175597f165647f8ff4d Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Mon, 4 Aug 2025 17:49:42 +0200
Subject: [PATCH] try store mounted read-only

- `--store` as per
https://blog.kotatsu.dev/posts/2023-04-21-woodpecker-nix-caching/
- `--eval-store` as per
https://kevincox.ca/2022/01/02/nix-in-docker-caching/
---
 .woodpecker/cd.yaml                     | 4 +++-
 .woodpecker/check-deployment-basic.yaml | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.woodpecker/cd.yaml b/.woodpecker/cd.yaml
index 49404830..f0c689d9 100644
--- a/.woodpecker/cd.yaml
+++ b/.woodpecker/cd.yaml
@@ -13,7 +13,9 @@ steps:
         mkdir -p ~/.ssh
         echo "$CD_SSH_KEY" > ~/.ssh/id_ed25519
         chmod 600 ~/.ssh/id_ed25519
-      - nix-shell --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && ssh-agent -s && SHELL=$(which bash) nixops4 apply -v default'
+      - nix-shell --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --run 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519 && ssh-agent -s && SHELL=$(which bash) nixops4 apply -v default'
     environment:
       CD_SSH_KEY:
         from_secret: cd_ssh_key
+    volumes:
+      - /nix:/mnt/nix:ro
diff --git a/.woodpecker/check-deployment-basic.yaml b/.woodpecker/check-deployment-basic.yaml
index 9d470181..ab8e957d 100644
--- a/.woodpecker/check-deployment-basic.yaml
+++ b/.woodpecker/check-deployment-basic.yaml
@@ -10,4 +10,6 @@ steps:
   - name: check-deployment-basic
     image: nixos/nix
     commands:
-      - nix build --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-basic -L
+      - nix build --eval-store local --store unix:///mnt/nix/var/nix/daemon-socket/socket?root=/mnt --extra-experimental-features 'nix-command flakes' .#checks.x86_64-linux.deployment-basic -L
+    volumes:
+      - /nix:/mnt/nix:ro