clan-cli: improve runtime dependency management
Many dependencies of clan-cli are currently dynamically loaded via nix-shell on each execution. This is nice, as it reduces the initial closure size of clan, but the overhead introduced by nix-shell piles up quickly, as some commands shell out many times during their lifetime. For example, when adding a secret git is called 10+ times. This reduces the time of a test which adds a secret from around 50 seconds to 15 seconds. - add run_cmd() as an alternative to nix_shell() - introduce the concept of static dependencies which do not need to go through nix-shell - static dependencies are defined at build time and included into the wrapper for clan-cli - add package: clan-cli-full which statically ships all required dependencies TODO: deprecate nix_shell() in favor of run_cmd()
This commit is contained in:
DavHau
15
pkgs/clan-cli/clan_cli/nix/allowed-programs.json
Normal file
15
pkgs/clan-cli/clan_cli/nix/allowed-programs.json
Normal file
@@ -0,0 +1,15 @@
|
||||
[
|
||||
"age",
|
||||
"bash",
|
||||
"e2fsprogs",
|
||||
"git",
|
||||
"mypy",
|
||||
"nix",
|
||||
"openssh",
|
||||
"qemu",
|
||||
"rsync",
|
||||
"sops",
|
||||
"sshpass",
|
||||
"tor",
|
||||
"zbar"
|
||||
]
|
||||
Reference in New Issue
Block a user