From 40c5a98667ba0497b392177df6c228e4b8438308 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 25 Dec 2024 23:21:11 +0100 Subject: [PATCH] feat: nixos-rebuild -> nh --- flake.nix | 1 + justfile | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 3b405d4..ff38c54 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,7 @@ packages = with pkgs; [ agenix.packages.${system}.default just + nh self'.formatter statix ]; diff --git a/justfile b/justfile index 0226131..f7fb4c4 100644 --- a/justfile +++ b/justfile @@ -6,7 +6,7 @@ check: switch *args: @sudo -v - sudo nixos-rebuild switch --flake . --keep-going {{args}} + nh os switch --ask . -- --keep-going {{args}} rollback: @sudo -v @@ -14,14 +14,16 @@ rollback: boot *args: @sudo -v - sudo nixos-rebuild boot --flake . --keep-going {{args}} + nh os boot --ask . -- --keep-going {{args}} deploy system user="leo": #!/usr/bin/env bash set -euxo pipefail flake=$(nix eval --impure --raw --expr "(builtins.getFlake \"$PWD\").outPath") nix copy "$flake" --to "ssh://{{user}}@{{system}}" - ssh -t "{{user}}@{{system}}" "sudo flock -w 60 /dev/shm/deploy-{{system}} nixos-rebuild switch --flake $flake#{{system}}" + # -R/--bypass-root-check is needed because of a Git CVE regression in Nix 2.20 + # See NixOS/nix#10202, viperML/nh#200 + ssh -t "{{user}}@{{system}}" "flock -w 60 /dev/shm/deploy-{{system}} nix run n#nh -- os switch -R -H {{system}} --ask $flake" lint *args: statix check -i flake.nix **/hardware-configuration.nix {{args}}