nix: Include runtime deps in enclosure

We weren't actually including these, so a bit of mystery how it was working for me. What's not included is new{uid,gid}map in the shadow package because it requires the suid bit to be set. So we have to rely on that being on the system already.
premAI-io · Sep 12, 2024 · b0e1121 · b0e1121
1 parent eedf653
commit b0e1121
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/distros/nix/cli-cross.nix b/distros/nix/cli-cross.nix
@@ -15,7 +15,6 @@ in
   version = version;
   src = srcWithProtobuf;
   modRoot = "./go";
-  # Use lib.fakeHash when updating deps
   inherit vendorHash;
   # Avoids workspace mode error
   proxyVendor = true;

diff --git a/distros/nix/server.nix b/distros/nix/server.nix
@@ -1,8 +1,19 @@
 {
-    lib, stdenv, makeWrapper, version, buildkit, cli
+    lib, stdenv, makeWrapper, version, cli,
+    buildkit, slirp4netns, rootlesskit, runc, cni, buildkit-cni-plugins,
+    util-linux, iproute2
 }:
 let
-    runtimeDeps = [ buildkit ];
+    runtimeDeps = [
+        slirp4netns
+        rootlesskit
+        runc
+        cni
+        buildkit-cni-plugins
+        buildkit
+        util-linux # unshare,nsenter for rootlesskit
+        iproute2 # ip for slirp4netns
+    ];
 in
     stdenv.mkDerivation {
         pname = "ayup-server";

diff --git a/flake.nix b/flake.nix
@@ -61,7 +61,7 @@
         GOARCH = "amd64";
       };
       server = pkgs.callPackage ./distros/nix/server.nix {
-        inherit version cli;
+        inherit version cli buildkit-cni-plugins;
       };
   in
     {