fix build

2020-10-01 07:38:26 +02:00 · 2020-10-01 07:38:26 +02:00 · 8ba9163b39
parent d4fddef96b
commit 8ba9163b39
3 changed files with 26 additions and 24 deletions
--- a/lib/update-system.nix
+++ b/lib/update-system.nix
@ -3,7 +3,7 @@ let configPath = "/etc/nixos";
 in {
  update-system = pkgs.writeHaskellScript {
    name = "update-system";
-    bins = [ nixos-rebuild pkgs.git ];
+    bins = [ nixos-rebuild ];
  } ''
    privatePath = "${configPath}/private"
    canaryPath = privatePath <> "/submodule-is-checked-out"
@ -11,8 +11,8 @@ in {
    main = do
        paths <- myNixPath "${configPath}"
        args <- getArgs
-        bracket (rm canaryPath) (\() -> git "-C" privatePath "restore" canaryPath) $ \() ->
-           nixos_rebuild (paths ++ ["build"] ++ remoteBuildParams ++ fmap toString args)
+        bracket (rm canaryPath) (\() -> exe "/run/wrappers/bin/sudo" "-u" "maralorn" "git" "-C" privatePath "restore" canaryPath) $ \() ->
+           nixos_rebuild (paths ++ ["build", "--no-out-link"] ++ remoteBuildParams ++ fmap toString args)
        nixos_rebuild (paths ++ ["switch"] ++ fmap toString args)
  '';
 }
--- a/nixos/machines/hera/web.nix
+++ b/nixos/machines/hera/web.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 let
  locations = {
    "/" = {
@ -16,27 +16,29 @@ in {
  security.acme.certs."hera.m-0.eu".keyType = "rsa4096";
  services = {
    nginx = {
-      enable = true;
-      virtualHosts."tasks.maralorn.de" = {
-        basicAuthFile = pkgs.privatePath "basic-auth/kassandra";
-        forceSSL = true;
-        enableACME = true;
-        locations = {
-          "/" = {
-            proxyPass = "http://[::1]:8000";
-            proxyWebsockets = true;
+      enable = lib.mkForce pkgs.withSecrets;
+      virtualHosts = {
+        "tasks.maralorn.de" = {
+          basicAuthFile = pkgs.privatePath "basic-auth/kassandra";
+          forceSSL = true;
+          enableACME = true;
+          locations = {
+            "/" = {
+              proxyPass = "http://[::1]:8000";
+              proxyWebsockets = true;
+            };
          };
        };
-      };
-      virtualHosts."hera.m-0.eu" = {
-        enableACME = true;
-        forceSSL = true;
-        inherit locations;
-      };
-      virtualHosts."maralorn.de" = {
-        enableACME = true;
-        forceSSL = true;
-        inherit locations;
+        "hera.m-0.eu" = {
+          enableACME = true;
+          forceSSL = true;
+          inherit locations;
+        };
+        "maralorn.de" = {
+          enableACME = true;
+          forceSSL = true;
+          inherit locations;
+        };
      };
    };
  };
--- a/nixos/roles/server/init_ssh.nix
+++ b/nixos/roles/server/init_ssh.nix
@ -7,7 +7,7 @@ with lib; {
      network = {
        enable = true;
        ssh = {
-          enable = true;
+          enable = pkgs.withSecrets;
          authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
          hostKeys = [ config.m-0.server.initSSHKey ];
        };