switch-prebuilt: init

This commit is contained in:
Luke Granger-Brown 2021-03-20 12:39:23 +00:00
parent 154db9706a
commit be5eee48b3
2 changed files with 27 additions and 0 deletions

View file

@ -5,6 +5,8 @@
{ pkgs, config, depot, lib, rebuilder, ... }@args: { pkgs, config, depot, lib, rebuilder, ... }@args:
let let
inherit (lib) mkDefault; inherit (lib) mkDefault;
switch-prebuilt = import ./switch-prebuilt.nix args;
in in
{ {
imports = [ ../../../third_party/home-manager/nixos ]; imports = [ ../../../third_party/home-manager/nixos ];
@ -60,6 +62,7 @@ in
(mercurial.overridePythonAttrs (origAttrs: { (mercurial.overridePythonAttrs (origAttrs: {
propagatedBuildInputs = [python3Packages.hg-evolve depot.nix.pkgs.hg-git]; propagatedBuildInputs = [python3Packages.hg-evolve depot.nix.pkgs.hg-git];
})) }))
switch-prebuilt
]; ];
networking.firewall = { networking.firewall = {
@ -103,6 +106,9 @@ in
commands = [{ commands = [{
command = "${rebuilder}/bin/rebuilder"; command = "${rebuilder}/bin/rebuilder";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} {
command = "${switch-prebuilt}/bin/switch-prebuilt";
options = [ "NOPASSWD" ];
}]; }];
}]; }];
security.sudo.extraConfig = '' security.sudo.extraConfig = ''

View file

@ -0,0 +1,21 @@
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, pkgs, ... }:
pkgs.writeShellScriptBin "switch-prebuilt" ''
set -ue
if [[ $EUID -ne 0 ]]; then
exec sudo "$0" "$@"
fi
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
system="''${1}"
nix copy --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system"
diff "$system/etc/hostname" "/etc/hostname"
nix-env -p /nix/var/nix/profiles/system --set "$system"
"$system/bin/switch-to-configuration" switch
''