depot/ops/nixos/lib/switch-prebuilt.nix

37 lines
1.3 KiB
Nix
Raw Normal View History

2021-03-20 12:39:23 +00:00
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, pkgs, ... }:
pkgs.writeShellScriptBin "switch-prebuilt" ''
set -ue
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
system="''${1}"
if [[ "$system" == "latest" ]]; then
tmpdir="$(mktemp -d)"
trap '{ rm -rf -- "$tmpdir"; }' EXIT
${pkgs.curl}/bin/curl -so "$tmpdir/archive.zip" 'https://hg.lukegb.com/api/v4/projects/lukegb%2Fdepot/jobs/artifacts/branch%2Fdefault/download?job=nixCache'
${pkgs.unzip}/bin/unzip -d "$tmpdir" -q -o "$tmpdir/archive.zip"
system="$(${pkgs.jq}/bin/jq -r ".\"$(hostname)\"" "$tmpdir/systems.json")"
fi
if [[ ! -e "$system" ]]; then
# We should be a trusted-user.
nix copy -v --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system"
fi
2021-03-20 12:39:23 +00:00
diff "$system/etc/hostname" "/etc/hostname"
# The next phase requires sudo, but it's harmless to run the preceding commands twice.
if [[ $EUID -ne 0 ]]; then
exec sudo "$0" "$system"
fi
2021-03-20 12:39:23 +00:00
nix-env -p /nix/var/nix/profiles/system --set "$system"
"$system/bin/switch-to-configuration" switch
''