switch-prebuilt: run stuff assuming we're a trusted-user
This commit is contained in:
parent
e1aa4132d8
commit
422c47c3e0
1 changed files with 8 additions and 5 deletions
|
@ -5,17 +5,20 @@
|
||||||
{ depot, pkgs, ... }:
|
{ depot, pkgs, ... }:
|
||||||
pkgs.writeShellScriptBin "switch-prebuilt" ''
|
pkgs.writeShellScriptBin "switch-prebuilt" ''
|
||||||
set -ue
|
set -ue
|
||||||
if [[ $EUID -ne 0 ]]; then
|
|
||||||
exec sudo "$0" "$@"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
|
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
|
||||||
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
|
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
|
||||||
system="''${1}"
|
system="''${1}"
|
||||||
|
|
||||||
nix copy --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system"
|
# We should be a trusted-user.
|
||||||
|
nix copy -v --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system"
|
||||||
diff "$system/etc/hostname" "/etc/hostname"
|
diff "$system/etc/hostname" "/etc/hostname"
|
||||||
|
|
||||||
|
# The next phase requires sudo, but it's harmless to run the preceding commands twice.
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
exec sudo "$0" "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
nix-env -p /nix/var/nix/profiles/system --set "$system"
|
nix-env -p /nix/var/nix/profiles/system --set "$system"
|
||||||
"$system/bin/switch-to-configuration" switch
|
"$system/bin/switch-to-configuration" switch
|
||||||
''
|
''
|
||||||
|
|
Loading…
Reference in a new issue