Make flock usage hermetic

2022-10-28 01:31:08 +01:00 · 2022-10-28 01:31:08 +01:00 · 8dca4f6f58
commit 8dca4f6f58
parent 1048460832
2 changed files with 7 additions and 5 deletions
--- a/flake.nix
+++ b/flake.nix
@ -54,11 +54,11 @@
                ( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${user}@${host} )
              '' + (if hermetic then ''
                echo "🤞 Activating configuration hermetically on ${machine} via ssh:"
-                ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} )
-                ( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" )
+                ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} ${flock} --to ssh://${user}@${host} )
+                ( set -x; ${openssh} -t ${user}@${host} "sudo nix-store --realise ${nixos-rebuild} ${flock} && sudo ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" )
              '' else ''
                echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:"
-                ( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" )
+                ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" )
              '')
              else ''
                echo "🔨 Building system closure locally, copying it to remote store and activating it:"
--- a/tests/vmTest/default.nix
+++ b/tests/vmTest/default.nix
@ -70,7 +70,8 @@ let
            writableStore = true;
            additionalPaths = []
              ++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem)
-              ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild);
+              ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild.drvPath)
+              ++ lib.optional (hermetic == true) (pkgs.flock.drvPath);
          };
        };
        nixinator = { ... }: {
@ -81,7 +82,8 @@ let
            additionalPaths = [
              (allDrvOutputs exampleSystem)
            ]
-              ++ lib.optional (buildOn == "remote") exampleFlake;
+              ++ lib.optional (buildOn == "remote") exampleFlake
+              ++ lib.optional (hermetic == true) pkgs.flock.drvPath;
          };
        };
      };