Make flock usage hermetic
This commit is contained in:
matthewcroughan
parent
1048460832
commit
8dca4f6f58
2 changed files with 7 additions and 5 deletions
|
|
@ -54,11 +54,11 @@
|
||||||
( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${user}@${host} )
|
( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${user}@${host} )
|
||||||
'' + (if hermetic then ''
|
'' + (if hermetic then ''
|
||||||
echo "🤞 Activating configuration hermetically on ${machine} via ssh:"
|
echo "🤞 Activating configuration hermetically on ${machine} via ssh:"
|
||||||
( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} )
|
( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} ${flock} --to ssh://${user}@${host} )
|
||||||
( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" )
|
( set -x; ${openssh} -t ${user}@${host} "sudo nix-store --realise ${nixos-rebuild} ${flock} && sudo ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" )
|
||||||
'' else ''
|
'' else ''
|
||||||
echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:"
|
echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:"
|
||||||
( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" )
|
( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" )
|
||||||
'')
|
'')
|
||||||
else ''
|
else ''
|
||||||
echo "🔨 Building system closure locally, copying it to remote store and activating it:"
|
echo "🔨 Building system closure locally, copying it to remote store and activating it:"
|
||||||
|
|
|
||||||
|
|
@ -70,7 +70,8 @@ let
|
||||||
writableStore = true;
|
writableStore = true;
|
||||||
additionalPaths = []
|
additionalPaths = []
|
||||||
++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem)
|
++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem)
|
||||||
++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild);
|
++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild.drvPath)
|
||||||
|
++ lib.optional (hermetic == true) (pkgs.flock.drvPath);
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nixinator = { ... }: {
|
nixinator = { ... }: {
|
||||||
|
|
@ -81,7 +82,8 @@ let
|
||||||
additionalPaths = [
|
additionalPaths = [
|
||||||
(allDrvOutputs exampleSystem)
|
(allDrvOutputs exampleSystem)
|
||||||
]
|
]
|
||||||
++ lib.optional (buildOn == "remote") exampleFlake;
|
++ lib.optional (buildOn == "remote") exampleFlake
|
||||||
|
++ lib.optional (hermetic == true) pkgs.flock.drvPath;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue