mirror of
https://github.com/youwen5/nixos.git
synced 2025-02-07 21:11:11 -08:00
feat: use forked nh with support for doas instead of fish wrapper
Some checks are pending
Check flake / check (push) Waiting to run
Some checks are pending
Check flake / check (push) Waiting to run
This commit is contained in:
parent
4930320599
commit
c6235fe00c
GPG key ID:
865658ED1FE61EC3
4 changed files with 31 additions and 17 deletions
21
flake.lock
21
flake.lock
|
|
@ -646,6 +646,26 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nh-doas": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1738564910,
|
||||||
|
"narHash": "sha256-rd1pnAiRYolXH1R1Zbs6UQFjW1b5DdEJeyq2udUnjCo=",
|
||||||
|
"owner": "youwen5",
|
||||||
|
"repo": "nh",
|
||||||
|
"rev": "f4d93dfda62f034bbc08dc3bfea78213ec99b3be",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "youwen5",
|
||||||
|
"repo": "nh",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nix-darwin": {
|
"nix-darwin": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
|
@ -909,6 +929,7 @@
|
||||||
"homebrew-core": "homebrew-core",
|
"homebrew-core": "homebrew-core",
|
||||||
"lanzaboote": "lanzaboote",
|
"lanzaboote": "lanzaboote",
|
||||||
"musnix": "musnix",
|
"musnix": "musnix",
|
||||||
|
"nh-doas": "nh-doas",
|
||||||
"nix-darwin": "nix-darwin",
|
"nix-darwin": "nix-darwin",
|
||||||
"nix-flatpak": "nix-flatpak",
|
"nix-flatpak": "nix-flatpak",
|
||||||
"nix-homebrew": "nix-homebrew",
|
"nix-homebrew": "nix-homebrew",
|
||||||
|
|
|
||||||
|
|
@ -107,6 +107,11 @@
|
||||||
url = "github:musnix/musnix";
|
url = "github:musnix/musnix";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nh-doas = {
|
||||||
|
url = "github:youwen5/nh";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
|
|
|
||||||
|
|
@ -22,23 +22,6 @@
|
||||||
# nix flake update --commit-lock-file
|
# nix flake update --commit-lock-file
|
||||||
# doas nixos-rebuild --flake ~/.config/liminalOS\#${osConfig.networking.hostName} switch &| nom
|
# doas nixos-rebuild --flake ~/.config/liminalOS\#${osConfig.networking.hostName} switch &| nom
|
||||||
# '';
|
# '';
|
||||||
nh = {
|
|
||||||
# wrapper for nh as it doesn't work with `doas`
|
|
||||||
body = ''
|
|
||||||
if count $argv > /dev/null
|
|
||||||
set subcommand (string join " " $argv)
|
|
||||||
if contains -- $subcommand "os switch" "os test" "os boot"
|
|
||||||
doas ${pkgs.nh}/bin/nh $argv -R
|
|
||||||
else if contains -- $subcommand "clean all"
|
|
||||||
doas ${pkgs.nh}/bin/nh $argv
|
|
||||||
else
|
|
||||||
${pkgs.nh}/bin/nh $argv
|
|
||||||
end
|
|
||||||
else
|
|
||||||
${pkgs.nh}/bin/nh
|
|
||||||
end
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
spt = "${pkgs.spotify-player}/bin/spotify_player";
|
spt = "${pkgs.spotify-player}/bin/spotify_player";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -129,6 +129,11 @@ in
|
||||||
extraArgs = "--keep-since 4d --keep 3";
|
extraArgs = "--keep-since 4d --keep 3";
|
||||||
};
|
};
|
||||||
flake = config.liminalOS.flakeLocation;
|
flake = config.liminalOS.flakeLocation;
|
||||||
|
package = lib.mkIf config.security.doas.enable inputs.nh-doas.packages.${pkgs.system}.default;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.variables = lib.mkIf (cfg.useNh && config.security.doas.enable) {
|
||||||
|
NH_FLAKE = config.programs.nh.flake;
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.nix-ld = {
|
programs.nix-ld = {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue