diff --git a/ops/nixos/lib/latest_system_closure.sh b/ops/nixos/lib/latest_system_closure.sh new file mode 100755 index 0000000000..3f2d851695 --- /dev/null +++ b/ops/nixos/lib/latest_system_closure.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p bash jq curl unzip + +set -euo pipefail + +tmpdir="$(mktemp -d)" +trap '{ rm -rf -- "$tmpdir"; }' EXIT + +curl -so "$tmpdir/archive.zip" 'https://hg.lukegb.com/api/v4/projects/lukegb%2Fdepot/jobs/artifacts/branch%2Fdefault/download?job=nixCache' +unzip -d "$tmpdir" -q -o "$tmpdir/archive.zip" +jq -r ".$(hostname)" "$tmpdir/systems.json" diff --git a/ops/nixos/lib/switch-prebuilt.nix b/ops/nixos/lib/switch-prebuilt.nix index 7820cb557d..e4e21f3b78 100644 --- a/ops/nixos/lib/switch-prebuilt.nix +++ b/ops/nixos/lib/switch-prebuilt.nix @@ -10,6 +10,10 @@ pkgs.writeShellScriptBin "switch-prebuilt" '' export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}" system="''${1}" + if [[ "$system" == "latest" ]]; then + system="$(${./latest_system_closure.sh})" + fi + if [[ ! -e "$system" ]]; then # We should be a trusted-user. nix copy -v --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system"