From 78d1004300b9ac2cc17d3b4d45386fcc32a5454c Mon Sep 17 00:00:00 2001
From: Dmitriy Kholkin <ataraxiadev@ataraxiadev.com>
Date: Tue, 13 Feb 2024 01:03:52 +0300
Subject: [PATCH] fix doas for nixos-rebuild

---
 flake.nix                   |  7 +------
 profiles/security/vlock.nix | 23 +++++------------------
 profiles/workspace/git.nix  |  5 ++++-
 3 files changed, 10 insertions(+), 25 deletions(-)

diff --git a/flake.nix b/flake.nix
index f11367a..51dc0ef 100644
--- a/flake.nix
+++ b/flake.nix
@@ -174,18 +174,13 @@
 
     outputsBuilder = channels: let
       pkgs = channels.unstable;
-      # FIXME: nixos-rebuild with --flake flag doesn't work with doas
       rebuild = pkgs.writeShellScriptBin "rebuild" ''
         if [[ -z $1 ]]; then
           echo "Usage: $(basename $0) {switch|boot|test}"
         else
-          # doas nix-shell -p git --run "nixos-rebuild --flake . $@"
-          \sudo nixos-rebuild --flake . $@
+          doas nixos-rebuild --flake . $@
         fi
       '';
-      update-vscode = pkgs.writeShellScriptBin "update-vscode" ''
-        ./scripts/vscode_update_extensions.sh > ./profiles/applications/vscode/extensions.nix
-      '';
       upgrade = pkgs.writeShellScriptBin "upgrade" ''
         cp flake.lock flake.lock.bak && nix flake update
         if [[ "$1" == "zfs" ]]; then
diff --git a/profiles/security/vlock.nix b/profiles/security/vlock.nix
index fd95351..e7b2295 100644
--- a/profiles/security/vlock.nix
+++ b/profiles/security/vlock.nix
@@ -3,24 +3,6 @@
   security.sudo = {
     enable = true;
     extraRules = [{
-      users = [ config.mainuser ];
-      commands = [{
-        command = "/run/current-system/sw/bin/nixos-rebuild";
-        options = [ "SETENV" "NOPASSWD" ];
-      } {
-        command = "/run/current-system/sw/bin/nix";
-        options = [ "SETENV" "NOPASSWD" ];
-      } {
-        command = "/run/current-system/sw/bin/nix-shell";
-        options = [ "SETENV" "NOPASSWD" ];
-      } {
-        command = "/run/current-system/sw/bin/extra-container";
-        options = [ "SETENV" "NOPASSWD" ];
-      } {
-        command = "/run/current-system/sw/bin/chown ${config.mainuser} /tmp/.X11-unix";
-        options = [ "SETENV" "NOPASSWD" ];
-      }];
-    } {
       users = [ "deploy" ];
       commands = [{
         command = "ALL";
@@ -44,6 +26,11 @@
       noPass = true;
       keepEnv = true;
       cmd = "/run/current-system/sw/bin/tlp-stat";
+    } {
+      users = [ config.mainuser ];
+      noPass = true;
+      keepEnv = true;
+      cmd = "/run/current-system/sw/bin/nixos-rebuild";
     }];
   };
 }
\ No newline at end of file
diff --git a/profiles/workspace/git.nix b/profiles/workspace/git.nix
index d85f01b..3b38b40 100644
--- a/profiles/workspace/git.nix
+++ b/profiles/workspace/git.nix
@@ -1,4 +1,7 @@
-{ config, ... }: {
+{ config, pkgs, ... }: let
+  git-conf = config.home-manager.users.${config.mainuser}.programs.git;
+in {
+  environment.systemPackages = [ git-conf.package pkgs.git-lfs ];
   home-manager.users.${config.mainuser} = {
     programs.git = {
       enable = true;