switch-prebuilt: run stuff assuming we're a trusted-user

This commit is contained in:
Luke Granger-Brown 2021-03-20 13:22:17 +00:00
parent e1aa4132d8
commit 422c47c3e0

View file

@ -5,17 +5,20 @@
{ depot, pkgs, ... }: { depot, pkgs, ... }:
pkgs.writeShellScriptBin "switch-prebuilt" '' pkgs.writeShellScriptBin "switch-prebuilt" ''
set -ue set -ue
if [[ $EUID -ne 0 ]]; then
exec sudo "$0" "$@"
fi
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}" export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}" export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
system="''${1}" system="''${1}"
nix copy --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system" # We should be a trusted-user.
nix copy -v --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system"
diff "$system/etc/hostname" "/etc/hostname" diff "$system/etc/hostname" "/etc/hostname"
# The next phase requires sudo, but it's harmless to run the preceding commands twice.
if [[ $EUID -ne 0 ]]; then
exec sudo "$0" "$@"
fi
nix-env -p /nix/var/nix/profiles/system --set "$system" nix-env -p /nix/var/nix/profiles/system --set "$system"
"$system/bin/switch-to-configuration" switch "$system/bin/switch-to-configuration" switch
'' ''