diff --git a/flake.nix b/flake.nix index 4640591..1deee37 100644 --- a/flake.nix +++ b/flake.nix @@ -30,7 +30,6 @@ packages = with pkgs; [ agenix.packages.${system}.default just - nh nixfmt-rfc-style statix ]; diff --git a/justfile b/justfile index dc7acaa..ea8f58f 100644 --- a/justfile +++ b/justfile @@ -5,25 +5,20 @@ check: nix flake check switch *args: - @sudo -v - nh os switch --no-nom --ask . -- --keep-going {{args}} + bash switch.sh {{ justfile_directory() }} {{args}} rollback: - @sudo -v sudo nixos-rebuild switch --rollback boot *args: - @sudo -v - nh os boot --no-nom --ask . -- --keep-going {{args}} + sudo nixos-rebuild boot --flake {{ justfile_directory() }} --keep-going {{args}} deploy system user="leo": #!/usr/bin/env bash - set -euxo pipefail + set -euo pipefail flake=$(nix eval --impure --raw --expr "(builtins.getFlake \"git+file://$PWD\").outPath") nix copy "$flake" --to "ssh://{{user}}@{{system}}" - # -R/--bypass-root-check is needed because of a Git CVE regression in Nix 2.20 - # See NixOS/nix#10202, viperML/nh#200 - ssh -t "{{user}}@{{system}}" "sudo flock -w 60 /dev/shm/deploy-{{system}} nix run n#nh -- os switch --no-nom -R -H {{system}} --ask $flake" + ssh -t "{{user}}@{{system}}" "bash $flake/switch.sh $flake" lint *args: statix check -i flake.nix **/hardware-configuration.nix {{args}} diff --git a/switch.sh b/switch.sh new file mode 100644 index 0000000..d941066 --- /dev/null +++ b/switch.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +set -euo pipefail + +bold=$(tput bold) +reset=$(tput sgr0) + +flake="$1" + +echo "${bold}Building configuration...$reset" +configuration=$(sudo nixos-rebuild dry-activate --flake "$flake" --keep-going "${@:2}") +echo "$configuration" + +nix run "$flake#nixosConfigurations.$(hostname).pkgs.nvd" -- diff /run/current-system "$configuration" + +read -n1 -rp "${bold}Activate new configuration? [y/N]$reset " answer +echo + +if [[ $answer =~ ^[Yy]$ ]]; then + sudo "$configuration/bin/switch-to-configuration" switch +else + echo "${bold}Not activating :($reset" + exit 1 +fi