chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Use signed builds on substituter

Browse source
This commit is contained in:
Charlotte Van Petegem 2020-07-15 09:39:15 +02:00
parent bbda255f41
commit e187d3babf
3 changed files with 11 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

9
build.sh
View file

@ -2,18 +2,9 @@
set -euo pipefail set -euo pipefail
set -x set -x
if [ -z "${NO_REMOTE:-}" ]
then
remote_args="--builders ssh://charlotte@sunspear.vanpetegem.me --extra-substituters ssh://charlotte@sunspear.vanpetegem.me"
else
remote_args=""
fi
nix-build \ nix-build \
--no-out-link \ --no-out-link \
--pure \ --pure \
$remote_args \
"${@}" "${@}"
exit 0 exit 0

4
substituterbuild.sh
View file

@ -2,9 +2,9 @@
set -euo pipefail set -euo pipefail
set -x set -x
export NO_REMOTE=true BUILD_ARGS=("--secret-key-files" "/etc/nix/key.private")
for machine in machines/* for machine in machines/*
do do
output=$(./build.sh $machine) output=$(./build.sh "${BUILD_ARGS[@]}" "$machine")
nix-env --set -p /nix/var/nix/profiles/per-user/charlotte/${machine#machines/} $output nix-env --set -p /nix/var/nix/profiles/per-user/charlotte/${machine#machines/} $output
done done

10
update.sh
View file

@ -4,6 +4,14 @@ set -x
./update-imports.sh ./update-imports.sh
result="$(./build.sh "./machines/$(hostname)")" BUILD_ARGS=(
"--builders"
"ssh://charlotte@sunspear.vanpetegem.me"
"--extra-substituters"
"ssh://charlotte@sunspear.vanpetegem.me"
"--trusted-public-keys"
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= sunspear-nix-cache:4mgL4qS7EweCug1gAFiZKgQK+xuoJMBYThIUE+kPX4s="
)
result="$(./build.sh "${BUILD_ARGS[@]}" "./machines/$(hostname)")"
sudo bash -c "nix-env --set --profile /nix/var/nix/profiles/system/ ${result} && ${result}/bin/switch-to-configuration switch" sudo bash -c "nix-env --set --profile /nix/var/nix/profiles/system/ ${result} && ${result}/bin/switch-to-configuration switch"