modules/darwin/hercules-ci: add security to service path

2024-04-10 08:47:07 +10:00 · 2024-04-10 08:47:07 +10:00 · 5da85a9b72
commit 5da85a9b72
parent b23eb88225
1 changed files with 10 additions and 0 deletions
--- a/modules/darwin/hercules-ci/default.nix
+++ b/modules/darwin/hercules-ci/default.nix
@ -1,5 +1,15 @@
+{ config, pkgs, ... }:
+let
+  securityWrapper = pkgs.writeScriptBin "security" ''
+    exec /usr/bin/security "$@"
+  '';
+in
 {
  # hercules secrets are installed manually from ./secrets.yaml
  # https://docs.hercules-ci.com/hercules-ci/getting-started/deploy/nix-darwin
  services.hercules-ci-agent.enable = true;
+
+  # hercules-ci-agent: security: createProcess: posix_spawnp: does not exist
+  # https://github.com/LnL7/nix-darwin/blob/36524adc31566655f2f4d55ad6b875fb5c1a4083/modules/services/hercules-ci-agent/default.nix#L28
+  launchd.daemons.hercules-ci-agent.path = pkgs.lib.mkForce [ config.nix.package securityWrapper ];
 }