Recipe: `pip` / `poetry`

Goal: allow Python dependency fetching while keeping egress minimal.

Start restrictive (PyPI)

{
  "filesystem": {
    "allowWrite": [".", "/tmp"]
  }
}

Run:

greywall --settings ./greywall.json pip install -r requirements.txt

For Poetry:

greywall --settings ./greywall.json poetry install

greywall -m --settings ./greywall.json poetry install

If you use private indexes, configure your proxy to allow those domains.