fix(ops): add +x for /nix/var/nix/gcroots

Previously, the buildkite users were not able to traverse there.

Removing /nix/var/nix/gcroots/buildkite/canon might not be needed, and
is racy with other anchor step - the first one might still be building
`ci.gcroot` (and didn't create the new symlink), so the second one will
fail trying to remove the non-existing symlink.

Change-Id: I0449447f7193113d807d597750b26c7beb48a3a6
Reviewed-on: https://cl.snix.dev/c/snix/+/30257
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
This commit is contained in:
Florian Klink 2025-03-23 14:42:24 +00:00 committed by clbot
parent 1fab06d851
commit 00950aa91d
2 changed files with 1 additions and 1 deletions

View file

@ -93,6 +93,7 @@ in
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '/nix/var/nix/gcroots/buildkite' 0770 - buildkite-agents - -" "d '/nix/var/nix/gcroots/buildkite' 0770 - buildkite-agents - -"
"z '/nix/var/nix/gcroots' 0771 - - - -"
]; ];
services.openssh.enable = true; services.openssh.enable = true;

View file

@ -25,7 +25,6 @@ let
label = ":anchor:"; label = ":anchor:";
branches = "refs/heads/canon"; branches = "refs/heads/canon";
command = '' command = ''
rm /nix/var/nix/gcroots/buildkite/canon
nix-build -A ci.gcroot --out-link /nix/var/nix/gcroots/buildkite/canon nix-build -A ci.gcroot --out-link /nix/var/nix/gcroots/buildkite/canon
''; '';