From 033499c0edbcc9df74029830bcfad23e99e5f056 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Wed, 7 Dec 2016 23:06:18 +0100 Subject: [PATCH] only activate system profile with sudo --- config.nix | 13 ++++++++----- modules/services/activate-system.nix | 4 +++- modules/system/activation-scripts.nix | 4 +++- modules/system/default.nix | 4 +++- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/config.nix b/config.nix index 4cea7485..57d2764c 100644 --- a/config.nix +++ b/config.nix @@ -62,6 +62,8 @@ let environment.variables.EDITOR = "vim"; environment.variables.HOMEBREW_CASK_OPTS = "--appdir=/Applications/cask"; + environment.variables.SHELL = "${pkgs.lnl.zsh}/bin/zsh"; + environment.variables.GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; environment.variables.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -95,11 +97,11 @@ let case $cmd in 'b'|'build') nix-build --no-out-link -E "with import {}; $@" ;; 'e'|'eval') nix-instantiate --eval -E "with import {}; $@" ;; - 'i'|'instantiate') nix-instantiate -E "with import {}; $@" ;; + 'i'|'instantiate') nix-instantiate -E "with import {}; $@" ;; 'r'|'repl') nix-repl '' ;; 's'|'shell') nix-shell -E "with import {}; $@" ;; - 'x'|'exec') nix-shell '' -p "$@" --run zsh ;; - 'z'|'zsh') nix-shell '' -A "$@" --run zsh ;; + 'p'|'package') nix-shell '' -p "$@" --run ${pkgs.lnl.zsh} ;; + 'z'|'zsh') nix-shell '' -E "with import {}; $@" --run ${pkgs.lnl.zsh} ;; esac } @@ -110,8 +112,9 @@ let case $cmd in 'build') nix-build '' -A nixdarwin.toplevel "$@" ;; 'repl') nix-repl "$HOME/.nixpkgs/config.nix" "$@" ;; - 'shell') nix-shell '' -p nixdarwin.toplevel --run '${pkgs.lnl.zsh}/bin/zsh -l' "$@" ;; - 'switch') sudo nix-env --profile ${config.system.profile} --set $(nix-build --no-out-link '' -A nixdarwin.toplevel) && nix-shell '' -A nixdarwin.toplevel --run 'sudo $out/activate' && exec ${pkgs.lnl.zsh}/bin/zsh -l ;; + 'shell') nix-shell '' -p nixdarwin.toplevel --run ${pkgs.lnl.zsh}/bin/zsh "$@" ;; + 'exec') __ETC_ZSHRC_SOURCED= __ETC_ZSHENV_SOURCED= __ETC_ZPROFILE_SOURCED= exec ${pkgs.lnl.zsh}/bin/zsh -l ;; + 'switch') systemConfig=$(nix-build --no-out-link '' -A nixdarwin.toplevel) && nix-shell '' -A nixdarwin.toplevel --run 'sudo $out/activate' && sudo nix-env --profile ${config.system.profile} --set $systemConfig ;; esac } diff --git a/modules/services/activate-system.nix b/modules/services/activate-system.nix index a92576fe..106c7bab 100644 --- a/modules/services/activate-system.nix +++ b/modules/services/activate-system.nix @@ -4,10 +4,12 @@ with lib; let + inherit (pkgs) stdenv; + cfg = config.services.activate-system; activateScript = pkgs.writeScript "activate-system" '' - #! ${pkgs.stdenv.shell} + #! ${stdenv.shell} # Make this configuration the current configuration. # The readlink is there to ensure that when $systemConfig = /system diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix index fda882f0..3948fccf 100644 --- a/modules/system/activation-scripts.nix +++ b/modules/system/activation-scripts.nix @@ -4,6 +4,8 @@ with lib; let + inherit (pkgs) stdenv; + cfg = config.system; script = import ./write-text.nix { @@ -35,7 +37,7 @@ in config = { system.activationScripts.script.text = '' - #! ${pkgs.stdenv.shell} + #! ${stdenv.shell} systemConfig=@out@ diff --git a/modules/system/default.nix b/modules/system/default.nix index d1d9f721..f4b82d7f 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -4,6 +4,8 @@ with lib; let + inherit (pkgs) stdenvNoCC; + cfg = config.system; in @@ -44,7 +46,7 @@ in config = { - system.build.toplevel = pkgs.stdenvNoCC.mkDerivation { + system.build.toplevel = stdenvNoCC.mkDerivation { name = "nixdarwin-system-${cfg.nixdarwinLabel}"; preferLocalBuild = true;