ops/nixos: move rebuilder derivation into its own file.

ops/nixos/default.nix

@@ -12,20 +12,7 @@ let
       modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ];
     }).config.system.build.toplevel;
   systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" ];
-  rebuilder = system:
+  rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; }));
-    pkgs.writeShellScriptBin "rebuilder" ''
-      set -ue
-      if [[ $EUID -ne 0 ]]; then
-        exec sudo "$0" "$@"
-      fi
-
-      export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
-      export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
-
-      system="$(nix-build -E '(import <depot> {}).ops.nixos.${system}' --no-out-link)"
-      nix-env -p /nix/var/nix/profiles/system --set "$system"
-      "$system/bin/switch-to-configuration" switch
-    '';
   systemCfgs = lib.genAttrs systems
     (name: import (./. + "/${name}"));
   systemDrvs = mapAttrs systemFor systemCfgs;

ops/nixos/lib/rebuilder.nix

@@ -0,0 +1,14 @@
+{ system, depot, pkgs, ... }:
+pkgs.writeShellScriptBin "rebuilder" ''
+  set -ue
+  if [[ $EUID -ne 0 ]]; then
+    exec sudo "$0" "$@"
+  fi
+
+  export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
+  export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
+
+  system="$(nix-build -E '(import <depot> {}).ops.nixos.${system}' --no-out-link)"
+  nix-env -p /nix/var/nix/profiles/system --set "$system"
+  "$system/bin/switch-to-configuration" switch
+''