script it

author: Kj Tsanaktsidis <kjtsanaktsidis@groq.com> 2025-09-07 15:39:01 +1000
committer: Kj Tsanaktsidis <kjtsanaktsidis@groq.com> 2025-09-07 15:39:01 +1000
commit: 6ad580f49e7412eb428b45b4fa03039f17fb5c8e (patch)
tree: 6e49c1dab1ccf2738fba2d1084a02d8b5b04ae19 /flake.nix
parent: 7c4275017db7b31da2bd9299c83e28ead981b5ed (diff)
1 files changed, 10 insertions, 28 deletions
diff --git a/flake.nix b/flake.nix
index f898318..6d5f636 100644
--- a/flake.nix
+++ b/flake.nix
@@ -49,38 +49,20 @@
         let
           pkgs = nixpkgs-stable.legacyPackages.${system};
 
-          install-script = pkgs.writers.writeRubyBin "install" {
-            libraries = [];
-          } /* ruby */ ''
-            require 'tmpdir'
-            require 'open3'
-            require 'json'
-            require 'fileutils'
+          nixos-update = pkgs.writers.writeRubyBin "nixos-update" {
+            libraries = [ pkgs.rubyPackages.tty-command ];
+            runtimeInputs = [
+              pkgs.sops
+              pkgs.nixos-anywhere
+              pkgs.nixos-rebuild
+            ];
+          } (builtins.readFile ./nixos-update.rb);
 
-            system_flake = ARGV[0]
-            ENV['SOPS_AGE_KEY_FILE'] ||= File.expand_path("~/.config/sops/age/keys.txt")
-            sops_exe = "${pkgs.sops}/bin/sops"
-            nixos_anywhere_exe = "${pkgs.nixos-anywhere}/bin/nixos-anywhere"
-
-            secret_data_raw, status = Open3.capture2(sops_exe, "decrypt", "--output-type", "json", "#{system_flake}/secrets.yaml")
-            raise "Failed to decrypt secrets.yaml" unless status.success?
-            secret_data = JSON.parse(secret_data_raw)
-
-            Dir.mktmpdir("secrets") do |secret_dir|
-                FileUtils.mkdir_p(File.join(secret_dir, 'copy_dir/etc/ssh'))
-                File.write(File.join(secret_dir, 'copy_dir/etc/ssh/ssh_host_ed25519_key'), secret_data["ssh_host_key_ed25519"])
-                File.write(File.join(secret_dir, 'luks_passphrase'), secret_data["luks_passphrase"])
-
-                system nixos_anywhere_exe, "--disk-encryption-keys", File.join(secret_dir, 'luks_passphrase'),
-                    "--extra-files", File.join(secret_dir, 'copy_dir'), "--flake", ".##{system_flake}", *ARGV[1..-1],
-                    exception: true
-            end
-          '';
         in
         {
-          install = {
+          nixos-update = {
             type = "app";
-            program = "${install-script}/bin/install";
+            program = "${nixos-update}/bin/nixos-update";
           };
         });
     };
author	Kj Tsanaktsidis <kjtsanaktsidis@groq.com>	2025-09-07 15:39:01 +1000
committer	Kj Tsanaktsidis <kjtsanaktsidis@groq.com>	2025-09-07 15:39:01 +1000
commit	6ad580f49e7412eb428b45b4fa03039f17fb5c8e (patch)
tree	6e49c1dab1ccf2738fba2d1084a02d8b5b04ae19 /flake.nix
parent	7c4275017db7b31da2bd9299c83e28ead981b5ed (diff)