Add sandbox warning in setup script

diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap
index 20949246349d3828229d18dfb51e8eb4194ea891..3a894f9f2e01ac579db3e6d5a11b1055a0b1cb74 100755 (executable)
--- a/nixops/scripts/nixops_wrap
+++ b/nixops/scripts/nixops_wrap
@@ -29,5 +29,6 @@ done
 nixops set-args --argstr privateFiles "$TEMP"
 
 source $(dirname $(dirname $DIR))/nix_path_env
+# __noChroot: ssh-config-file requires relaxed
 export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:$NIX_PATH"
 nixops "$@"

diff --git a/nixops/scripts/setup b/nixops/scripts/setup
index 929b27a3b6db719114fb594b03e49a74b6cb9aaf..38cee65e91a4d758aef097c1b464aba8d9e9324f 100755 (executable)
--- a/nixops/scripts/setup
+++ b/nixops/scripts/setup
@@ -93,6 +93,19 @@ if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
   fi
 fi
 
+if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then
+  cat <<-EOF
+       There are some impure derivations in the repo currently (grep __noChroot), please put
+         sandbox = "relaxed"
+       in /etc/nix/nix.conf
+       you may also want to add
+         keep-outputs = true
+         keep-derivations = true
+       to prevent garbage collector from deleting build dependencies (they take a lot of time to build)
+       EOF
+  exit 1
+fi
+
 if ! which nixops 2>/dev/null >/dev/null; then
   cat <<-EOF
        nixops is needed: