From b34a43ed4c922fac3ea6bb2b8980502adc4529e3 Mon Sep 17 00:00:00 2001
From: Andre <andre@8bitbuddhism.com>
Date: Sun, 29 Sep 2024 16:06:16 -0400
Subject: [PATCH] General: cleanup NixOS helper script

---
 bin/nixos-upgrade-script.sh |  37 ++++------
 modules/system/nix.nix      | 141 +++++++++++++++++++-----------------
 2 files changed, 86 insertions(+), 92 deletions(-)

diff --git a/bin/nixos-upgrade-script.sh b/bin/nixos-upgrade-script.sh
index c7ae665..9e9f9dc 100755
--- a/bin/nixos-upgrade-script.sh
+++ b/bin/nixos-upgrade-script.sh
@@ -7,46 +7,26 @@ hostname=$(hostname)	# The name of the host to build
 flakeDir="."			# Path to the flake file (and optionally the hostname)
 remainingArgs=""		# All remaining arguments that haven't been processed
 commit=true				# Whether to update git (true by default)
-buildHost=""			# Which host to build the system on.
 
 function usage() {
 	echo "Usage: nixos-upgrade-script.sh [-o|--operation operation] [-f|--flake path-to-flake-file] [extra nixos-rebuild parameters]"
 	echo "Options:"
 	echo "	-h | --help	Show this help screen."
 	echo "	-o | --operation	The nixos-rebuild operation to perform."
-	echo "	-H | --host	The host to build."
-	echo "  -f | --flake <path>	The path to the flake file (and optionally the hostname)."
+	echo "  -f | --flake <path>	The path to the flake file."
 	echo "  -n | --no-commit Don't update and commit the lock file."
-	echo "  --build-host <hostname> The SSH name of the host to build the system on."
 	exit 2
 }
 
 function run_operation {
-	echo "Full operation: nixos-rebuild $1 --flake $flakeDir#$hostname $( [ "$buildHost" != "" ] && echo "--build-host $buildHost" ) $remainingArgs --use-remote-sudo"
-	nixos-rebuild $operation --flake .#$hostname $remainingArgs --use-remote-sudo --log-format multiline-with-logs
-
-	# Only request super-user permission if we're switching
-	#if [[ "$1" =~ ^(switch|boot|test)$ ]]; then
-	#	nixos-rebuild $operation --flake .#$hostname $remainingArgs --use-remote-sudo
-	#else
-	#	nixos-rebuild $operation --flake .#$hostname $remainingArgs
-	#fi
+	echo "Running this operation: nixos-rebuild $1 --flake $flakeDir $remainingArgs --use-remote-sudo"
+	nixos-rebuild $operation --flake $flakeDir $remainingArgs --use-remote-sudo --log-format multiline-with-logs
 } 
 
 # Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
 POSITIONAL_ARGS=()
 while [[ $# -gt 0 ]]; do
   case "$1" in
-	--build-host|-b)
-		buildHost="$2"
-		shift
-		shift
-		;;
-	--host|--hostname|-H)
-		hostname="$2"
-		shift
-		shift
-		;;
 	--flake|-f)
 		flakeDir="$2"
 		shift
@@ -75,11 +55,20 @@ done
 remainingArgs=${POSITIONAL_ARGS[@]}
 set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
 
+if [ -z "${FLAKE_DIR}" ]; then
+	echo "Flake directory not specified. Use '--flake [directory]' or set the $FLAKE_DIR environment variable."
+	exit 1
+else
+	flakeDir=$FLAKE_DIR 
+fi
+
 cd $flakeDir
+
+echo "Pulling the latest version of the repository..."
 git pull
 
 if [ $commit = true ]; then
-	echo "Update and push lock file"
+	echo "Checking for updates..."
 	nix flake update --commit-lock-file
 	git push
 fi
diff --git a/modules/system/nix.nix b/modules/system/nix.nix
index 4203a5c..cfb0d73 100644
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@@ -26,76 +26,81 @@ in
       nixos-upgrade-script.enable = lib.mkEnableOption "Installs the nos (nixos-upgrade-script) helper script.";
     };
   };
-  config = {
-    nixpkgs.config.allowUnfree = cfg.allowUnfree;
-    nix = {
-      settings = {
-        # Enable Flakes
-        experimental-features = [
-          "nix-command"
-          "flakes"
+  config = lib.mkMerge [
+    {
+      nixpkgs.config.allowUnfree = cfg.allowUnfree;
+      nix = {
+        settings = {
+          # Enable Flakes
+          experimental-features = [
+            "nix-command"
+            "flakes"
+          ];
+
+          # Use Lix instead of Nix
+          substituters = [ "https://cache.lix.systems" ];
+          trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
+
+          # Only allow these users to use Nix
+          allowed-users = with config.users.users; [
+            root.name
+            (lib.mkIf config.aux.system.users.aires.enable aires.name)
+          ];
+
+          # Avoid signature verification messages when doing remote builds
+          trusted-users = with config.users.users; [
+            root.name
+            (lib.mkIf config.aux.system.users.aires.enable aires.name)
+          ];
+        };
+
+        # Optimize the Nix store on each build
+        settings.auto-optimise-store = true;
+        # Enable garbage collection
+        gc = {
+          automatic = true;
+          dates = "weekly";
+          options = "--delete-older-than ${cfg.retentionPeriod}";
+          persistent = true;
+          randomizedDelaySec = "1hour";
+        };
+
+        # Configure NixOS to use the same software channel as Flakes
+        registry.nixpkgs.flake = inputs.nixpkgs;
+        nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
+
+        # Configure remote build machines
+        # To enable a system to use remote build machines, add `nix.distributedBuilds = true;` to its config
+        buildMachines = [
+          {
+            hostName = "hevana";
+            systems = [
+              "x86_64-linux"
+              "aarch64-linux"
+            ];
+            protocol = "ssh-ng";
+            supportedFeatures = [
+              "nixos-test"
+              "kvm"
+              "benchmark"
+              "big-parallel"
+            ];
+          }
         ];
 
-        # Use Lix instead of Nix
-        substituters = [ "https://cache.lix.systems" ];
-        trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
-
-        # Only allow these users to use Nix
-        allowed-users = with config.users.users; [
-          root.name
-          (lib.mkIf config.aux.system.users.aires.enable aires.name)
-        ];
-
-        # Avoid signature verification messages when doing remote builds
-        trusted-users = with config.users.users; [
-          root.name
-          (lib.mkIf config.aux.system.users.aires.enable aires.name)
-        ];
+        # When using a builder, use its package store
+        extraOptions = ''
+          builders-use-substitutes = true
+        '';
       };
 
-      # Optimize the Nix store on each build
-      settings.auto-optimise-store = true;
-      # Enable garbage collection
-      gc = {
-        automatic = true;
-        dates = "weekly";
-        options = "--delete-older-than ${cfg.retentionPeriod}";
-        persistent = true;
-        randomizedDelaySec = "1hour";
-      };
-
-      # Configure NixOS to use the same software channel as Flakes
-      registry.nixpkgs.flake = inputs.nixpkgs;
-      nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
-
-      # Configure remote build machines
-      # To enable a system to use remote build machines, add `nix.distributedBuilds = true;` to its config
-      buildMachines = [
-        {
-          hostName = "hevana";
-          systems = [
-            "x86_64-linux"
-            "aarch64-linux"
-          ];
-          protocol = "ssh-ng";
-          supportedFeatures = [
-            "nixos-test"
-            "kvm"
-            "benchmark"
-            "big-parallel"
-          ];
-        }
-      ];
-
-      # When using a builder, use its package store
-      extraOptions = ''
-        builders-use-substitutes = true
-      '';
-    };
-
-    # Support for standard, dynamically-linked executables
-    programs.nix-ld.enable = true;
-
-    aux.system.packages = [ (lib.mkIf cfg.nixos-upgrade-script.enable nixos-upgrade-script) ];
-  };
+      # Support for standard, dynamically-linked executables
+      programs.nix-ld.enable = true;
+    }
+    (lib.mkIf cfg.nixos-upgrade-script.enable {
+      # Enable and configure NOS
+      aux.system.packages = [ nixos-upgrade-script ];
+      environment.variables."FLAKE_DIR" = config.secrets.nixConfigFolder;
+    })
+  ];
 }