tristan/nixinate
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

Make flock usage hermetic #35

Merged
MatthewCroughan merged 1 commit from mc/fix-flock-impurity into master 2022-10-28 00:46:48 +00:00
Conversation 0 Commits 1 Files changed 2 +7 -5
2 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 8dca4f6f58 - Show all commits

6
flake.nix
View file

@ -54,11 +54,11 @@
( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${user}@${host} ) ( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${user}@${host} )
'' + (if hermetic then '' '' + (if hermetic then ''
echo "🤞 Activating configuration hermetically on ${machine} via ssh:" echo "🤞 Activating configuration hermetically on ${machine} via ssh:"
( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} ${flock} --to ssh://${user}@${host} )
( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" ) ( set -x; ${openssh} -t ${user}@${host} "sudo nix-store --realise ${nixos-rebuild} ${flock} && sudo ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" )
'' else '' '' else ''
echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:"
( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" ) ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" )
'') '')
else '' else ''
echo "🔨 Building system closure locally, copying it to remote store and activating it:" echo "🔨 Building system closure locally, copying it to remote store and activating it:"

6
tests/vmTest/default.nix
View file

@ -70,7 +70,8 @@ let
writableStore = true; writableStore = true;
additionalPaths = [] additionalPaths = []
++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem) ++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem)
++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild); ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild.drvPath)
++ lib.optional (hermetic == true) (pkgs.flock.drvPath);
}; };
}; };
nixinator = { ... }: { nixinator = { ... }: {
@ -81,7 +82,8 @@ let
additionalPaths = [ additionalPaths = [
(allDrvOutputs exampleSystem) (allDrvOutputs exampleSystem)
] ]
++ lib.optional (buildOn == "remote") exampleFlake; ++ lib.optional (buildOn == "remote") exampleFlake
++ lib.optional (hermetic == true) pkgs.flock.drvPath;
}; };
}; };
}; };