From 8c4f447ec7fef83c864208fcc7aab7184a03c7fe Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sat, 22 Mar 2025 22:28:37 +0000
Subject: [PATCH] fix(ops/pipelines): fix anchor steps

Every buildkite user needs to be able to update these symlinks, and the
directory doesn't exist. It was probably created imperatively on whitby.

Use a tmpfiles rule creating a /nix/var/nix/gcroots/buildkite directory,
and add a `canon` symlink in there.

Change-Id: Ic4d67fbb69f77cebe891b0fff9b824713ebec87c
Reviewed-on: https://cl.snix.dev/c/snix/+/30247
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
---
 ops/machines/build01/default.nix | 3 +++
 ops/pipelines/depot.nix          | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ops/machines/build01/default.nix b/ops/machines/build01/default.nix
index 7c01840a4..7f13ae67d 100644
--- a/ops/machines/build01/default.nix
+++ b/ops/machines/build01/default.nix
@@ -91,6 +91,9 @@ in
         group = "buildkite-agents";
       };
     };
+  systemd.tmpfiles.rules = [
+    "d '/nix/var/nix/gcroots/buildkite' 0770 - buildkite-agents - -"
+  ];
 
   services.openssh.enable = true;
   time.timeZone = "UTC";
diff --git a/ops/pipelines/depot.nix b/ops/pipelines/depot.nix
index 293ef12ae..5737f7357 100644
--- a/ops/pipelines/depot.nix
+++ b/ops/pipelines/depot.nix
@@ -25,7 +25,8 @@ let
         label = ":anchor:";
         branches = "refs/heads/canon";
         command = ''
-          nix-build -A ci.gcroot --out-link /nix/var/nix/gcroots/depot/canon
+          rm /nix/var/nix/gcroots/buildkite/canon
+          nix-build -A ci.gcroot --out-link /nix/var/nix/gcroots/buildkite/canon
         '';
 
         # Ensure that anchoring happens on build01, so that a possibly deployed