switch-prebuilt: init
This commit is contained in:
parent
154db9706a
commit
be5eee48b3
2 changed files with 27 additions and 0 deletions
|
@ -5,6 +5,8 @@
|
|||
{ pkgs, config, depot, lib, rebuilder, ... }@args:
|
||||
let
|
||||
inherit (lib) mkDefault;
|
||||
|
||||
switch-prebuilt = import ./switch-prebuilt.nix args;
|
||||
in
|
||||
{
|
||||
imports = [ ../../../third_party/home-manager/nixos ];
|
||||
|
@ -60,6 +62,7 @@ in
|
|||
(mercurial.overridePythonAttrs (origAttrs: {
|
||||
propagatedBuildInputs = [python3Packages.hg-evolve depot.nix.pkgs.hg-git];
|
||||
}))
|
||||
switch-prebuilt
|
||||
];
|
||||
|
||||
networking.firewall = {
|
||||
|
@ -103,6 +106,9 @@ in
|
|||
commands = [{
|
||||
command = "${rebuilder}/bin/rebuilder";
|
||||
options = [ "NOPASSWD" ];
|
||||
} {
|
||||
command = "${switch-prebuilt}/bin/switch-prebuilt";
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
}];
|
||||
security.sudo.extraConfig = ''
|
||||
|
|
21
ops/nixos/lib/switch-prebuilt.nix
Normal file
21
ops/nixos/lib/switch-prebuilt.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
{ depot, pkgs, ... }:
|
||||
pkgs.writeShellScriptBin "switch-prebuilt" ''
|
||||
set -ue
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
exec sudo "$0" "$@"
|
||||
fi
|
||||
|
||||
|
||||
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
|
||||
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
|
||||
system="''${1}"
|
||||
|
||||
nix copy --from 's3://lukegb-nix-cache?endpoint=storage.googleapis.com' --no-check-sigs "$system"
|
||||
diff "$system/etc/hostname" "/etc/hostname"
|
||||
nix-env -p /nix/var/nix/profiles/system --set "$system"
|
||||
"$system/bin/switch-to-configuration" switch
|
||||
''
|
Loading…
Reference in a new issue