From b19e3cd8603d3e0392b34f8c2f6a9fcf8a227f4b Mon Sep 17 00:00:00 2001 From: uku Date: Tue, 4 Mar 2025 09:48:06 +0100 Subject: [PATCH 1/5] feat(justfile): switch away from nh --- flake.nix | 2 +- justfile | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index ca1cc01..f1f80d6 100644 --- a/flake.nix +++ b/flake.nix @@ -30,8 +30,8 @@ packages = with pkgs; [ agenix.packages.${system}.default just - nh nixfmt-rfc-style + nvd statix ]; }; diff --git a/justfile b/justfile index dc7acaa..11e97c0 100644 --- a/justfile +++ b/justfile @@ -5,8 +5,15 @@ check: nix flake check switch *args: - @sudo -v - nh os switch --no-nom --ask . -- --keep-going {{args}} + #!/usr/bin/env bash + set -euxo pipefail + flake=$(nix build ".#nixosConfigurations.$(hostname).config.system.build.toplevel" --print-out-paths --no-link --keep-going) + nvd diff /run/current-system "$flake" + read -p "Activate new configuration? [y/N] " answer + if [[ $answer =~ ^[Yy]$ ]]; then + sudo "$flake/bin/switch-to-configuration" switch + fi + rollback: @sudo -v -- 2.49.0 From 87c2e387206b8ac26ea6acb10d57144d8c9c8872 Mon Sep 17 00:00:00 2001 From: uku Date: Tue, 4 Mar 2025 17:29:13 +0100 Subject: [PATCH 2/5] absolute cinema --- configs/common.nix | 5 +++++ justfile | 37 ++++++++++++++++++++++++------------- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/configs/common.nix b/configs/common.nix index 49fcc54..98a898b 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -196,6 +196,11 @@ in }; }; + system.activationScripts."upgrade-diff" = { + supportsDryActivation = true; + text = "${lib.getExe pkgs.nvd} --nix-bin-dir=${config.nix.package}/bin diff /run/current-system $systemConfig 1>&2"; + }; + systemd = { services.NetworkManager-wait-online.enable = lib.mkForce false; diff --git a/justfile b/justfile index 11e97c0..da5b398 100644 --- a/justfile +++ b/justfile @@ -6,31 +6,42 @@ check: switch *args: #!/usr/bin/env bash - set -euxo pipefail - flake=$(nix build ".#nixosConfigurations.$(hostname).config.system.build.toplevel" --print-out-paths --no-link --keep-going) - nvd diff /run/current-system "$flake" - read -p "Activate new configuration? [y/N] " answer + set -euo pipefail + configuration=$(sudo nixos-rebuild dry-activate --flake . --keep-going {{args}}) + echo $configuration + read -n1 -p "Activate new configuration? [y/N] " answer if [[ $answer =~ ^[Yy]$ ]]; then - sudo "$flake/bin/switch-to-configuration" switch + sudo "$configuration/bin/switch-to-configuration" switch + else + echo "Not activating :(" + exit 1 fi - rollback: - @sudo -v sudo nixos-rebuild switch --rollback boot *args: - @sudo -v - nh os boot --no-nom --ask . -- --keep-going {{args}} + sudo nixos-rebuild boot --flake . --keep-going {{args}} deploy system user="leo": #!/usr/bin/env bash - set -euxo pipefail + set -euo pipefail flake=$(nix eval --impure --raw --expr "(builtins.getFlake \"git+file://$PWD\").outPath") + sshout=$(mktemp) + nix copy "$flake" --to "ssh://{{user}}@{{system}}" - # -R/--bypass-root-check is needed because of a Git CVE regression in Nix 2.20 - # See NixOS/nix#10202, viperML/nh#200 - ssh -t "{{user}}@{{system}}" "sudo flock -w 60 /dev/shm/deploy-{{system}} nix run n#nh -- os switch --no-nom -R -H {{system}} --ask $flake" + ssh -t "{{user}}@{{system}}" "sudo nixos-rebuild dry-activate --flake $flake --keep-going" | tee "$sshout" + configuration=$(tail -n1 "$sshout" | grep -Po "/nix/store/[\w\d\.\-]+") + echo "$configuration" + rm "$sshout" + + read -n1 -p "Activate new configuration? [y/N] " answer + if [[ $answer =~ ^[Yy]$ ]]; then + ssh -t "{{user}}@{{system}}" "sudo \"$configuration/bin/switch-to-configuration\" switch" + else + echo "Not activating :(" + exit 1 + fi lint *args: statix check -i flake.nix **/hardware-configuration.nix {{args}} -- 2.49.0 From 361dd6dc67771e7098d4172ad7d78f2856e1791f Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 5 Mar 2025 09:34:03 +0100 Subject: [PATCH 3/5] who needs temporary files and tee and whatever when you can have BASH SCRIPTS :3 --- configs/common.nix | 5 ----- flake.nix | 1 - justfile | 27 ++------------------------- switch.sh | 20 ++++++++++++++++++++ 4 files changed, 22 insertions(+), 31 deletions(-) create mode 100644 switch.sh diff --git a/configs/common.nix b/configs/common.nix index 98a898b..49fcc54 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -196,11 +196,6 @@ in }; }; - system.activationScripts."upgrade-diff" = { - supportsDryActivation = true; - text = "${lib.getExe pkgs.nvd} --nix-bin-dir=${config.nix.package}/bin diff /run/current-system $systemConfig 1>&2"; - }; - systemd = { services.NetworkManager-wait-online.enable = lib.mkForce false; diff --git a/flake.nix b/flake.nix index f1f80d6..61a7cfb 100644 --- a/flake.nix +++ b/flake.nix @@ -31,7 +31,6 @@ agenix.packages.${system}.default just nixfmt-rfc-style - nvd statix ]; }; diff --git a/justfile b/justfile index da5b398..442513e 100644 --- a/justfile +++ b/justfile @@ -5,17 +5,7 @@ check: nix flake check switch *args: - #!/usr/bin/env bash - set -euo pipefail - configuration=$(sudo nixos-rebuild dry-activate --flake . --keep-going {{args}}) - echo $configuration - read -n1 -p "Activate new configuration? [y/N] " answer - if [[ $answer =~ ^[Yy]$ ]]; then - sudo "$configuration/bin/switch-to-configuration" switch - else - echo "Not activating :(" - exit 1 - fi + bash switch.sh {{args}} rollback: sudo nixos-rebuild switch --rollback @@ -27,21 +17,8 @@ deploy system user="leo": #!/usr/bin/env bash set -euo pipefail flake=$(nix eval --impure --raw --expr "(builtins.getFlake \"git+file://$PWD\").outPath") - sshout=$(mktemp) - nix copy "$flake" --to "ssh://{{user}}@{{system}}" - ssh -t "{{user}}@{{system}}" "sudo nixos-rebuild dry-activate --flake $flake --keep-going" | tee "$sshout" - configuration=$(tail -n1 "$sshout" | grep -Po "/nix/store/[\w\d\.\-]+") - echo "$configuration" - rm "$sshout" - - read -n1 -p "Activate new configuration? [y/N] " answer - if [[ $answer =~ ^[Yy]$ ]]; then - ssh -t "{{user}}@{{system}}" "sudo \"$configuration/bin/switch-to-configuration\" switch" - else - echo "Not activating :(" - exit 1 - fi + ssh -t "{{user}}@{{system}}" "bash $flake/switch.sh" lint *args: statix check -i flake.nix **/hardware-configuration.nix {{args}} diff --git a/switch.sh b/switch.sh new file mode 100644 index 0000000..9ecfb17 --- /dev/null +++ b/switch.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -euo pipefail + +script_path=$(readlink -f "${BASH_SOURCE[0]}") +flake=$(dirname "$script_path") + +configuration=$(sudo nixos-rebuild dry-activate --flake "$flake" --keep-going "$@") +echo "$configuration" + +nix run --inputs-from "$flake" nixpkgs#nvd -- diff /run/current-system "$configuration" + +read -n1 -rp "Activate new configuration? [y/N] " answer +echo + +if [[ $answer =~ ^[Yy]$ ]]; then + sudo "$configuration/bin/switch-to-configuration" switch +else + echo "Not activating :(" + exit 1 +fi -- 2.49.0 From 3ef331d57e018366f2a61e86e1638caae826bc13 Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 5 Mar 2025 09:48:12 +0100 Subject: [PATCH 4/5] colors & hermetic :) --- switch.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/switch.sh b/switch.sh index 9ecfb17..1496a57 100644 --- a/switch.sh +++ b/switch.sh @@ -1,20 +1,24 @@ #!/usr/bin/env bash set -euo pipefail +bold=$(tput bold) +reset=$(tput sgr0) + script_path=$(readlink -f "${BASH_SOURCE[0]}") flake=$(dirname "$script_path") +echo "${bold}Building configuration...$reset" configuration=$(sudo nixos-rebuild dry-activate --flake "$flake" --keep-going "$@") echo "$configuration" -nix run --inputs-from "$flake" nixpkgs#nvd -- diff /run/current-system "$configuration" +nix run "$flake#nixosConfigurations.$(hostname).pkgs.nvd" -- diff /run/current-system "$configuration" -read -n1 -rp "Activate new configuration? [y/N] " answer +read -n1 -rp "${bold}Activate new configuration? [y/N]$reset " answer echo if [[ $answer =~ ^[Yy]$ ]]; then sudo "$configuration/bin/switch-to-configuration" switch else - echo "Not activating :(" + echo "${bold}Not activating :($reset" exit 1 fi -- 2.49.0 From 686885f7841ae204f8a5169380687c0494bd5adb Mon Sep 17 00:00:00 2001 From: uku Date: Wed, 5 Mar 2025 10:19:51 +0100 Subject: [PATCH 5/5] pass flake path as first argument --- justfile | 6 +++--- switch.sh | 5 ++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/justfile b/justfile index 442513e..ea8f58f 100644 --- a/justfile +++ b/justfile @@ -5,20 +5,20 @@ check: nix flake check switch *args: - bash switch.sh {{args}} + bash switch.sh {{ justfile_directory() }} {{args}} rollback: sudo nixos-rebuild switch --rollback boot *args: - sudo nixos-rebuild boot --flake . --keep-going {{args}} + sudo nixos-rebuild boot --flake {{ justfile_directory() }} --keep-going {{args}} deploy system user="leo": #!/usr/bin/env bash set -euo pipefail flake=$(nix eval --impure --raw --expr "(builtins.getFlake \"git+file://$PWD\").outPath") nix copy "$flake" --to "ssh://{{user}}@{{system}}" - ssh -t "{{user}}@{{system}}" "bash $flake/switch.sh" + ssh -t "{{user}}@{{system}}" "bash $flake/switch.sh $flake" lint *args: statix check -i flake.nix **/hardware-configuration.nix {{args}} diff --git a/switch.sh b/switch.sh index 1496a57..d941066 100644 --- a/switch.sh +++ b/switch.sh @@ -4,11 +4,10 @@ set -euo pipefail bold=$(tput bold) reset=$(tput sgr0) -script_path=$(readlink -f "${BASH_SOURCE[0]}") -flake=$(dirname "$script_path") +flake="$1" echo "${bold}Building configuration...$reset" -configuration=$(sudo nixos-rebuild dry-activate --flake "$flake" --keep-going "$@") +configuration=$(sudo nixos-rebuild dry-activate --flake "$flake" --keep-going "${@:2}") echo "$configuration" nix run "$flake#nixosConfigurations.$(hostname).pkgs.nvd" -- diff /run/current-system "$configuration" -- 2.49.0