switch-prebuilt: init
This commit is contained in:
parent
154db9706a
commit
be5eee48b3
2 changed files with 27 additions and 0 deletions
|
@ -5,6 +5,8 @@
|
||||||
{ pkgs, config, depot, lib, rebuilder, ... }@args:
|
{ pkgs, config, depot, lib, rebuilder, ... }@args:
|
||||||
let
|
let
|
||||||
inherit (lib) mkDefault;
|
inherit (lib) mkDefault;
|
||||||
|
|
||||||
|
switch-prebuilt = import ./switch-prebuilt.nix args;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [ ../../../third_party/home-manager/nixos ];
|
imports = [ ../../../third_party/home-manager/nixos ];
|
||||||
|
@ -60,6 +62,7 @@ in
|
||||||
(mercurial.overridePythonAttrs (origAttrs: {
|
(mercurial.overridePythonAttrs (origAttrs: {
|
||||||
propagatedBuildInputs = [python3Packages.hg-evolve depot.nix.pkgs.hg-git];
|
propagatedBuildInputs = [python3Packages.hg-evolve depot.nix.pkgs.hg-git];
|
||||||
}))
|
}))
|
||||||
|
switch-prebuilt
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
|
@ -103,6 +106,9 @@ in
|
||||||
commands = [{
|
commands = [{
|
||||||
command = "${rebuilder}/bin/rebuilder";
|
command = "${rebuilder}/bin/rebuilder";
|
||||||
options = [ "NOPASSWD" ];
|
options = [ "NOPASSWD" ];
|
||||||
|
} {
|
||||||
|
command = "${switch-prebuilt}/bin/switch-prebuilt";
|
||||||
|
options = [ "NOPASSWD" ];
|
||||||
}];
|
}];
|
||||||
}];
|
}];
|
||||||
security.sudo.extraConfig = ''
|
security.sudo.extraConfig = ''
|
||||||
|
|
21
ops/nixos/lib/switch-prebuilt.nix
Normal file
21
ops/nixos/lib/switch-prebuilt.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
{ depot, pkgs, ... }:
|
||||||
|
pkgs.writeShellScriptBin "switch-prebuilt" ''
|
||||||
|
set -ue
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
exec sudo "$0" "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
|
||||||
|
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
|
||||||
|
system="''${1}"
|
||||||
|
|
||||||
|
nix copy --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system"
|
||||||
|
diff "$system/etc/hostname" "/etc/hostname"
|
||||||
|
nix-env -p /nix/var/nix/profiles/system --set "$system"
|
||||||
|
"$system/bin/switch-to-configuration" switch
|
||||||
|
''
|
Loading…
Reference in a new issue