diff options
Diffstat (limited to 'flake.nix')
| -rw-r--r-- | flake.nix | 38 |
1 files changed, 10 insertions, 28 deletions
@@ -49,38 +49,20 @@ let pkgs = nixpkgs-stable.legacyPackages.${system}; - install-script = pkgs.writers.writeRubyBin "install" { - libraries = []; - } /* ruby */ '' - require 'tmpdir' - require 'open3' - require 'json' - require 'fileutils' + nixos-update = pkgs.writers.writeRubyBin "nixos-update" { + libraries = [ pkgs.rubyPackages.tty-command ]; + runtimeInputs = [ + pkgs.sops + pkgs.nixos-anywhere + pkgs.nixos-rebuild + ]; + } (builtins.readFile ./nixos-update.rb); - system_flake = ARGV[0] - ENV['SOPS_AGE_KEY_FILE'] ||= File.expand_path("~/.config/sops/age/keys.txt") - sops_exe = "${pkgs.sops}/bin/sops" - nixos_anywhere_exe = "${pkgs.nixos-anywhere}/bin/nixos-anywhere" - - secret_data_raw, status = Open3.capture2(sops_exe, "decrypt", "--output-type", "json", "#{system_flake}/secrets.yaml") - raise "Failed to decrypt secrets.yaml" unless status.success? - secret_data = JSON.parse(secret_data_raw) - - Dir.mktmpdir("secrets") do |secret_dir| - FileUtils.mkdir_p(File.join(secret_dir, 'copy_dir/etc/ssh')) - File.write(File.join(secret_dir, 'copy_dir/etc/ssh/ssh_host_ed25519_key'), secret_data["ssh_host_key_ed25519"]) - File.write(File.join(secret_dir, 'luks_passphrase'), secret_data["luks_passphrase"]) - - system nixos_anywhere_exe, "--disk-encryption-keys", File.join(secret_dir, 'luks_passphrase'), - "--extra-files", File.join(secret_dir, 'copy_dir'), "--flake", ".##{system_flake}", *ARGV[1..-1], - exception: true - end - ''; in { - install = { + nixos-update = { type = "app"; - program = "${install-script}/bin/install"; + program = "${nixos-update}/bin/nixos-update"; }; }); }; |