# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, pkgs, ... }: pkgs.writeShellScriptBin "switch-prebuilt" '' set -ue export AWS_ACCESS_KEY_ID="$(${pkgs.vault}/bin/vault kv get --address=unix:///run/tokend/sock -field=cacheAccessKeyID kv/apps/nix-daemon)" export AWS_SECRET_ACCESS_KEY="$(${pkgs.vault}/bin/vault kv get --address=unix:///run/tokend/sock -field=cacheSecretAccessKey kv/apps/nix-daemon)" system="''${1}" if [[ "$system" == "latest" ]]; then tmpdir="$(mktemp -d)" trap '{ rm -rf -- "$tmpdir"; }' EXIT ${pkgs.curl}/bin/curl -so "$tmpdir/archive.zip" 'https://hg.lukegb.com/api/v4/projects/lukegb%2Fdepot/jobs/artifacts/branch%2Fdefault/download?job=nixCache' ${pkgs.unzip}/bin/unzip -d "$tmpdir" -q -o "$tmpdir/archive.zip" system="$(${pkgs.jq}/bin/jq -r ".\"$(hostname)\"" "$tmpdir/systems.json")" fi if [[ ! -e "$system" ]]; then # We should be a trusted-user. nix build -v "$system" fi diff "$system/etc/hostname" "/etc/hostname" # The next phase requires sudo, but it's harmless to run the preceding commands twice. if [[ $EUID -ne 0 ]]; then exec sudo "$0" "$system" fi nix-env -p /nix/var/nix/profiles/system --set "$system" "$system/bin/switch-to-configuration" switch ''