about summary refs log tree commit diff
path: root/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'default.nix')
-rw-r--r--default.nix19
1 files changed, 18 insertions, 1 deletions
diff --git a/default.nix b/default.nix
index fcd83d07ad48..232783085093 100644
--- a/default.nix
+++ b/default.nix
@@ -59,10 +59,27 @@ let
     ];
   };
 
+  # Disallow access to //corp from other depot parts.
+  corpFilter = restrictFolder {
+    folder = "corp";
+    reason = ''
+      Code under //corp may use incompatible licensing terms with
+      other depot parts and should not be used anywhere else.
+    '';
+
+    exceptions = [
+      # For the same reason as above, whitby is exempt to serve the
+      # corp website.
+      [ "ops" "machines" "whitby" ]
+      [ "ops" "nixos" ]
+      [ "ops" "machines" "all-systems" ]
+    ];
+  };
+
   readDepot = depotArgs: import ./nix/readTree {} {
     args = depotArgs;
     path = ./.;
-    filter = usersFilter;
+    filter = parts: args: corpFilter parts (usersFilter parts args);
     scopedArgs = {
       __findFile = _: _: throw "Do not import from NIX_PATH in the depot!";
     };