fix doas for nixos-rebuild

2024-02-13 01:03:52 +03:00 · 2024-02-13 01:03:52 +03:00 · 78d1004300
commit 78d1004300
parent 676230778e
3 changed files with 10 additions and 25 deletions
--- a/flake.nix
+++ b/flake.nix
@ -174,18 +174,13 @@

    outputsBuilder = channels: let
      pkgs = channels.unstable;
-      # FIXME: nixos-rebuild with --flake flag doesn't work with doas
      rebuild = pkgs.writeShellScriptBin "rebuild" ''
        if [[ -z $1 ]]; then
          echo "Usage: $(basename $0) {switch|boot|test}"
        else
-          # doas nix-shell -p git --run "nixos-rebuild --flake . $@"
-          \sudo nixos-rebuild --flake . $@
+          doas nixos-rebuild --flake . $@
        fi
      '';
-      update-vscode = pkgs.writeShellScriptBin "update-vscode" ''
-        ./scripts/vscode_update_extensions.sh > ./profiles/applications/vscode/extensions.nix
-      '';
      upgrade = pkgs.writeShellScriptBin "upgrade" ''
        cp flake.lock flake.lock.bak && nix flake update
        if [[ "$1" == "zfs" ]]; then
--- a/profiles/security/vlock.nix
+++ b/profiles/security/vlock.nix
@ -3,24 +3,6 @@
  security.sudo = {
    enable = true;
    extraRules = [{
-      users = [ config.mainuser ];
-      commands = [{
-        command = "/run/current-system/sw/bin/nixos-rebuild";
-        options = [ "SETENV" "NOPASSWD" ];
-      } {
-        command = "/run/current-system/sw/bin/nix";
-        options = [ "SETENV" "NOPASSWD" ];
-      } {
-        command = "/run/current-system/sw/bin/nix-shell";
-        options = [ "SETENV" "NOPASSWD" ];
-      } {
-        command = "/run/current-system/sw/bin/extra-container";
-        options = [ "SETENV" "NOPASSWD" ];
-      } {
-        command = "/run/current-system/sw/bin/chown ${config.mainuser} /tmp/.X11-unix";
-        options = [ "SETENV" "NOPASSWD" ];
-      }];
-    } {
      users = [ "deploy" ];
      commands = [{
        command = "ALL";
@ -44,6 +26,11 @@
      noPass = true;
      keepEnv = true;
      cmd = "/run/current-system/sw/bin/tlp-stat";
+    } {
+      users = [ config.mainuser ];
+      noPass = true;
+      keepEnv = true;
+      cmd = "/run/current-system/sw/bin/nixos-rebuild";
    }];
  };
 }
--- a/profiles/workspace/git.nix
+++ b/profiles/workspace/git.nix
@ -1,4 +1,7 @@
-{ config, ... }: {
+{ config, pkgs, ... }: let
+  git-conf = config.home-manager.users.${config.mainuser}.programs.git;
+in {
+  environment.systemPackages = [ git-conf.package pkgs.git-lfs ];
  home-manager.users.${config.mainuser} = {
    programs.git = {
      enable = true;