feat(sterni/nix/misc): predicate to check if isRestrictedEval

This is merely a little demonstration of nix#6579:
`users.sterni.nix.misc.isRestrictEval` returns whether the restrict-eval
setting is true or false by exploiting the aforementioned Nix bug.

Change-Id: Icca354d1cd6571cdf0804abae27aac91a18cda1e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5692
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This commit is contained in:
sterni 2022-05-26 18:47:56 +02:00
parent f54ea857ec
commit ae422c1353
2 changed files with 19 additions and 0 deletions

View file

@ -0,0 +1,18 @@
{ ... }:
let
/* Returns true if it is being evaluated using restrict-eval, false if not.
It's more robust than using `builtins.getEnv` since it isn't fooled by
`env -i`.
See https://github.com/NixOS/nix/issues/6579 for a description of the
behavior. Precise cause in the evaluator / store implementation is unclear.
Type: bool
*/
inRestrictedEval = builtins.pathExists (toString ./guinea-pig + "/.");
in
{
inherit inRestrictedEval;
}

View file

@ -0,0 +1 @@
default.nix