only activate system profile with sudo

2024-12-14 11:57:34 +00:00 · 2016-12-07 23:06:18 +01:00 · 2016-12-07 23:06:18 +01:00 · 033499c0ed
commit 033499c0ed
parent 1ab74daf82
4 changed files with 17 additions and 8 deletions
--- a/config.nix
+++ b/config.nix
@ -62,6 +62,8 @@ let
      environment.variables.EDITOR = "vim";
      environment.variables.HOMEBREW_CASK_OPTS = "--appdir=/Applications/cask";
      environment.variables.SHELL = "${pkgs.lnl.zsh}/bin/zsh";
      environment.variables.GIT_SSL_CAINFO = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
      environment.variables.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
@ -98,8 +100,8 @@ let
            'i'|'instantiate')  nix-instantiate -E "with import <nixpkgs> {}; $@" ;;
            'r'|'repl')         nix-repl '<nixpkgs>' ;;
            's'|'shell')        nix-shell -E "with import <nixpkgs> {}; $@" ;;
-            'x'|'exec')         nix-shell '<nixpkgs>' -p "$@" --run zsh ;;
+            'p'|'package')      nix-shell '<nixpkgs>' -p "$@" --run ${pkgs.lnl.zsh} ;;
-            'z'|'zsh')          nix-shell '<nixpkgs>' -A "$@" --run zsh ;;
+            'z'|'zsh')          nix-shell '<nixpkgs>' -E "with import <nixpkgs> {}; $@" --run ${pkgs.lnl.zsh} ;;
          esac
        }
@ -110,8 +112,9 @@ let
          case $cmd in
            'build')   nix-build '<nixpkgs>' -A nixdarwin.toplevel "$@" ;;
            'repl')    nix-repl "$HOME/.nixpkgs/config.nix" "$@" ;;
-            'shell')   nix-shell '<nixpkgs>' -p nixdarwin.toplevel --run '${pkgs.lnl.zsh}/bin/zsh -l' "$@" ;;
+            'shell')   nix-shell '<nixpkgs>' -p nixdarwin.toplevel --run ${pkgs.lnl.zsh}/bin/zsh "$@" ;;
-            'switch')  sudo nix-env --profile ${config.system.profile} --set $(nix-build --no-out-link '<nixpkgs>' -A nixdarwin.toplevel) && nix-shell '<nixpkgs>' -A nixdarwin.toplevel --run 'sudo $out/activate' && exec ${pkgs.lnl.zsh}/bin/zsh -l ;;
+            'exec')    __ETC_ZSHRC_SOURCED= __ETC_ZSHENV_SOURCED= __ETC_ZPROFILE_SOURCED= exec ${pkgs.lnl.zsh}/bin/zsh -l ;;
            'switch')  systemConfig=$(nix-build --no-out-link '<nixpkgs>' -A nixdarwin.toplevel) && nix-shell '<nixpkgs>' -A nixdarwin.toplevel --run 'sudo $out/activate' && sudo nix-env --profile ${config.system.profile} --set $systemConfig ;;
          esac
        }
--- a/modules/services/activate-system.nix
+++ b/modules/services/activate-system.nix
@ -4,10 +4,12 @@ with lib;
 let
  inherit (pkgs) stdenv;
  cfg = config.services.activate-system;
  activateScript = pkgs.writeScript "activate-system" ''
-    #! ${pkgs.stdenv.shell}
+    #! ${stdenv.shell}
    # Make this configuration the current configuration.
    # The readlink is there to ensure that when $systemConfig = /system
--- a/modules/system/activation-scripts.nix
+++ b/modules/system/activation-scripts.nix
@ -4,6 +4,8 @@ with lib;
 let
  inherit (pkgs) stdenv;
  cfg = config.system;
  script = import ./write-text.nix {
@ -35,7 +37,7 @@ in
  config = {
    system.activationScripts.script.text = ''
-      #! ${pkgs.stdenv.shell}
+      #! ${stdenv.shell}
      systemConfig=@out@
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@ -4,6 +4,8 @@ with lib;
 let
  inherit (pkgs) stdenvNoCC;
  cfg = config.system;
 in
@ -44,7 +46,7 @@ in
  config = {
-    system.build.toplevel = pkgs.stdenvNoCC.mkDerivation {
+    system.build.toplevel = stdenvNoCC.mkDerivation {
      name = "nixdarwin-system-${cfg.nixdarwinLabel}";
      preferLocalBuild = true;