blob: 336819321dd29bcdbd83d038484f71d3474ffc2b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
# Recipes for the remote-dev VM. Run from ~/.local/share/dotfiles/nix.
# Show available recipes (default)
default:
@just --list
# Pull latest dotfiles, rebuild Home-Manager profile, and apply dotfiles
update: pull switch apply
# Pull latest dotfiles only
pull:
git -C {{ justfile_directory() }}/.. pull --ff-only
# Rebuild Home-Manager profile from the current checkout (no pull)
switch:
home-manager switch --impure --flake '{{ justfile_directory() }}#vm' -b backup
# Apply VM dotfiles with chezmoi
apply: _ensure-vm-chezmoi-config
#!/usr/bin/env sh
set -eu
src=$(cd "{{ justfile_directory() }}/.." && pwd -P)
chezmoi apply -S "$src" -v
_ensure-vm-chezmoi-config:
#!/usr/bin/env sh
set -eu
src=$(cd "{{ justfile_directory() }}/.." && pwd -P)
CHEZMOI_MACHINE_ROLE=vm chezmoi init -S "$src" --promptDefaults
config="${XDG_CONFIG_HOME:-$HOME/.config}/chezmoi/chezmoi.toml"
if ! grep -Eq '^[[:space:]]*machineRole[[:space:]]*=[[:space:]]*"vm"[[:space:]]*$' "$config"; then
echo "error: $config does not set machineRole = \"vm\"" >&2
exit 1
fi
# Restart GnuPG through the Nix profile, avoiding Ubuntu's older user agent
fix-gpg-agent:
#!/usr/bin/env sh
set -eu
gpgconf_bin="$HOME/.nix-profile/bin/gpgconf"
gpg_connect_agent_bin="$HOME/.nix-profile/bin/gpg-connect-agent"
[ -x "$gpgconf_bin" ] || gpgconf_bin=$(command -v gpgconf)
[ -x "$gpg_connect_agent_bin" ] || gpg_connect_agent_bin=$(command -v gpg-connect-agent)
if command -v systemctl >/dev/null 2>&1; then
systemctl --user stop \
gpg-agent.service \
gpg-agent.socket \
gpg-agent-ssh.socket \
gpg-agent-extra.socket \
gpg-agent-browser.socket >/dev/null 2>&1 || true
systemctl --user mask \
gpg-agent.socket \
gpg-agent-ssh.socket \
gpg-agent-extra.socket \
gpg-agent-browser.socket >/dev/null 2>&1 || true
fi
"$gpgconf_bin" --kill all >/dev/null 2>&1 || true
"$gpgconf_bin" --launch gpg-agent
"$gpg_connect_agent_bin" 'getinfo version' /bye
# One-time migration from the old VM Home-Manager symlink deployment to chezmoi
migrate-chezmoi: pull switch fix-gpg-agent _cleanup-home-manager-dotfiles apply
_cleanup-home-manager-dotfiles: _ensure-vm-chezmoi-config
#!/usr/bin/env bash
set -euo pipefail
src=$(cd "{{ justfile_directory() }}/.." && pwd -P)
remove_old_symlink() {
path=$1
[ -L "$path" ] || return 0
raw=$(readlink "$path")
resolved=$(readlink -f "$path" 2>/dev/null || true)
case "$raw" in
"$src"/*|/nix/store/*) rm -f "$path"; return 0 ;;
esac
case "$resolved" in
"$src"/*|/nix/store/*) rm -f "$path"; return 0 ;;
esac
printf 'refusing to remove unexpected symlink: %s -> %s\n' "$path" "$raw" >&2
exit 1
}
while IFS= read -r path; do
remove_old_symlink "$path"
done < <(chezmoi managed -S "$src" --include=files,symlinks --path-style=absolute)
# The old VM profile materialized ~/.ssh/config as a real 0600 file because
# OpenSSH rejects group-writable symlink targets. Chezmoi now owns it; only
# remove the old file when it still exactly matches the repo source.
ssh_config="$HOME/.ssh/config"
if [ -f "$ssh_config" ] && [ ! -L "$ssh_config" ]; then
if cmp -s "$ssh_config" "$src/private_dot_ssh/config"; then
rm -f "$ssh_config"
else
printf 'refusing to overwrite modified %s; merge it before migrating\n' "$ssh_config" >&2
exit 1
fi
fi
# Garbage-collect old home-manager generations and nix store
gc:
home-manager expire-generations '-7 days'
nix-collect-garbage -d
|
