diff options
author | Robert Hensing <robert@roberthensing.nl> | 2021-12-09 10:47:26 +0000 |
---|---|---|
committer | Robert Hensing <robert@roberthensing.nl> | 2023-05-11 21:18:38 +0200 |
commit | 5bdf63819b383c47aad629ec3fe404b77a6b58a3 (patch) | |
tree | 5c1bc20279c8117bacdd5a240f3ef4dc55ec0175 /nixos/modules/system/activation | |
parent | 24b162805d7e24997c6736444726b2652e918256 (diff) |
nixos/top-level.nix: Add system.checks
Note that this does not add to the `forbiddenDependenciesRegex` code because that code check should be unaffected as it only checks output dependencies, not build dependencies. Build deps are added after that check, if those are enabled in the first place.
Diffstat (limited to 'nixos/modules/system/activation')
-rw-r--r-- | nixos/modules/system/activation/top-level.nix | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index f2e7413547828..c28e530cdc777 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -263,8 +263,23 @@ in default = []; description = lib.mdDoc '' A list of packages that should be included in the system - closure but not otherwise made available to users. This is - primarily used by the installation tests. + closure but generally not visible to users. + + This option has also been used for build-time checks, but the + `system.checks` option is more appropriate for that purpose as checks + should not leave a trace in the built system configuration. + ''; + }; + + system.checks = mkOption { + type = types.listOf types.package; + default = []; + description = lib.mdDoc '' + Packages that are added as dependencies of the system's build, usually + for the purpose of validating some part of the configuration. + + Unlike `system.extraDependencies`, these store paths do not + become part of the built system configuration. ''; }; @@ -363,7 +378,17 @@ in fi ''; - system.systemBuilderArgs = lib.optionalAttrs (config.system.forbiddenDependenciesRegex != "") { + system.systemBuilderArgs = { + # Not actually used in the builder. `passedChecks` is just here to create + # the build dependencies. Checks are similar to build dependencies in the + # sense that if they fail, the system build fails. However, checks do not + # produce any output of value, so they are not used by the system builder. + # In fact, using them runs the risk of accidentally adding unneeded paths + # to the system closure, which defeats the purpose of the `system.checks` + # option, as opposed to `system.extraDependencies`. + passedChecks = concatStringsSep " " config.system.checks; + } + // lib.optionalAttrs (config.system.forbiddenDependenciesRegex != "") { inherit (config.system) forbiddenDependenciesRegex; closureInfo = pkgs.closureInfo { rootPaths = [ # override to avoid infinite recursion (and to allow using extraDependencies to add forbidden dependencies) @@ -371,6 +396,7 @@ in ]; }; }; + system.build.toplevel = if config.system.includeBuildDependencies then systemWithBuildDeps else system; }; |