byteio/nixos-config
1
0
Fork 0
mirror of https://github.com/librephoenix/nixos-config synced 2025-01-18 22:55:52 +05:30
Code Issues Packages Projects Releases Wiki Activity

Testing update system from git repo script

Browse source
This commit is contained in:
Emmet 2024-04-06 13:58:01 -05:00
parent df76ef046a
commit 5b80e2c497
4 changed files with 56 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
harden.sh
View file

@ -27,5 +27,8 @@ chown 0:0 flake.lock;
chown 0:0 flake.nix
chown 0:0 profiles/*/configuration.nix;
chown 0:0 harden.sh;
chown 0:0 soften.sh;
chown 0:0 install.sh;
chown 0:0 update.sh;
chown 1000:users **/README.org;
popd &> /dev/null;

5
install.sh
View file

@ -28,11 +28,12 @@ if [ -z "$EDITOR" ]; then
fi
$EDITOR ~/.dotfiles/flake.nix;
# Permissions for files that should be owned by root
sudo ~/.dotfiles/harden.sh ~/.dotfiles;
# Rebuild system
sudo nixos-rebuild switch --flake ~/.dotfiles#system;
# Install and build home-manager configuration
nix run home-manager/master --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user;
# Permissions for files that should be owned by root
sudo ~/.dotfiles/harden.sh ~/.dotfiles;

27
soften.sh Executable file
View file

@ -0,0 +1,27 @@
#!/bin/sh
# This will soften the security of these dotfiles, allowing
# the default unpriveleged user with UID/GID of 1000 to edit ALL FILES
# in the dotfiles directory
# This mainly is just here to be used by some scripts
# Run this inside of ~/.dotfiles (or whatever directory you installed
# the dotfiles to)
# Run this as root!
# BTW, this assumes your user account has a UID/GID of 1000
# After running this, YOUR UNPRIVELEGED USER CAN MAKE EDITS TO
# IMPORTANT SYSTEM FILES WHICH MAY COMPROMISE THE SYSTEM AFTER
# RUNNING nixos-rebuild switch!
if [ "$#" = 1 ]; then
dotfilesDir=$1;
else
dotfilesDir=$(pwd);
fi
pushd $dotfilesDir &> /dev/null;
chown -R 1000:users .;
popd &> /dev/null;

23
update.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/sh
# Automated script to update my non-primary systems
# to be in sync with upstream git repo while
# preserving local edits to dotfiles via git stash
# Relax permissions temporarily so git can work
sudo ~/.dotfiles/soften.sh ~/.dotfiles;
# Stash local edits, pull changes, and re-apply local edits
git stash
git pull
git stash apply
# Permissions for files that should be owned by root
sudo ~/.dotfiles/harden.sh ~/.dotfiles;
# Rebuild system
sudo nixos-rebuild switch --flake ~/.dotfiles#system;
# Install and build home-manager configuration
home-manager --extra-experimental-features nix-command --extra-experimental-features flakes -- switch --flake ~/.dotfiles#user;