From 5bd3deeb618d008259cd8560b3531b053abfcf65 Mon Sep 17 00:00:00 2001
From: obadz <obadz-git@obadz.com>
Date: Thu, 18 Aug 2016 13:23:42 +0100
Subject: [PATCH] Use NIXOS_LUSTRATE

See https://github.com/NixOS/nixpkgs/pull/17784
---
 nixos-infect | 76 +++++++++++++++++++++++++---------------------------
 1 file changed, 37 insertions(+), 39 deletions(-)

diff --git a/nixos-infect b/nixos-infect
index be69a45..4dffe52 100755
--- a/nixos-infect
+++ b/nixos-infect
@@ -21,6 +21,14 @@
 #  - Deploy the droplet indicated at the top of the file, enable ipv6, add your ssh key
 #  - cat customConfig.optional nixos-infect | ssh root@targethost
 #
+# Alternatively, use the user data mechamism by supplying the following lines (without >)
+# in the Digital Ocean Web UI (or HTTP API):
+#
+# > #cloud-config
+# >
+# > runcmd:
+# >   - curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | bash 2>&1 | tee /tmp/infect.log
+#
 # Potential tweaks:
 #  /etc/nixos/{,hardware-}configuration.nix : rudimentary mostly static config
 #  /etc/nixos/networking.nix, networking settings determined at runtime
@@ -37,7 +45,8 @@
 
 set -ex
 
-nixos_channel=nixos-unstable
+# nixpkgs="https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz"
+nixpkgs="https://github.com/NixOS/nixpkgs/archive/ba50fd7.tar.gz"
 
 makeConf() {
   # NB <<"EOF" quotes / $ ` in heredocs, <<EOF does not
@@ -64,7 +73,7 @@ EOF
 { ... }:
 {
   imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
-  boot.loader.grub.device = "nodev";
+  boot.loader.grub.device = "/dev/vda";
   fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
 }
 EOF
@@ -133,54 +142,43 @@ makeSwap() {
 makeConf
 makeSwap # smallest (512MB) droplet needs extra memory!
 
-dnf install -y perl-Digest-SHA || true # Fedora 24
+which dnf && dnf install -y perl-Digest-SHA # Fedora 24
 
-groupadd -r nixbld
+# DigitalOcean doesn't seem to set USER while running user data
+export USER="root"
+export HOME="/root"
+
+groupadd -r nixbld -g 30000
 seq 1 10 | xargs -I{} useradd -c "Nix build user {}" -d /var/empty -g nixbld -G nixbld -M -N -r -s `which nologin` nixbld{}
 
 curl https://nixos.org/nix/install | sh
 
 source ~/.nix-profile/etc/profile.d/nix.sh
 
-nix-channel --add https://nixos.org/channels/${nixos_channel} nixos
-nix-channel --update
-
-newRootImg=`mktemp`
-newRootMount=`mktemp -d`
-oldRootMount=`mktemp -d`
-
+nix-channel --remove \*
+export NIX_PATH="nixpkgs=$nixpkgs"
 export NIXOS_CONFIG=/etc/nixos/configuration.nix
-nix-env -i                                                      \
-  -f /nix/var/nix/profiles/per-user/root/channels/nixpkgs/nixos \
-  -A config.system.build.nixos-install
 
-# XXX GOTCHA NB bindmount causes /bin/bash permission BUG on many
-# versions (nix 1.10-1.11, nixpkgs 15-16), so we must use loopback image instead.
-# See: https://github.com/NixOS/nixpkgs/issues/10230
-dd if=/dev/zero of=$newRootImg bs=1M count=2047 # XXX 2048+ will cause mkfs.ext4 to fail on x86
-mkfs.ext4 -F $newRootImg
-mount $newRootImg $newRootMount
+nix-env --set \
+  -f '<nixpkgs/nixos>' \
+  -p /nix/var/nix/profiles/system \
+  -A system
 
-rsync -Ra /./etc/nixos $newRootMount
-nixos-install --root $newRootMount
+# Remove nix installed with curl | bash
+rm -fv /nix/var/nix/profiles/default*
+/nix/var/nix/profiles/system/sw/bin/nix-collect-garbage
 
-mount -B / $oldRootMount
+# Follow the symlinks
+[ -L /etc/resolv.conf ] && mv -v /etc/resolv.conf /etc/resolv.conf.lnk && cat /etc/resolv.conf.lnk > /etc/resolv.conf
 
-# Everything up to this point is revertible; this is the truly destructive step.
-# GOTCHAs when running manually: very easy to forget slash at end of source, or use / as dest instead of bindmounted root, both of which are catastrophic...
-rsync -a --delete --exclude=$(dirname $newRootMount) $newRootMount/ $oldRootMount || true
+# Staging for the Nix coup d'état
+touch /etc/NIXOS
+cat > /etc/NIXOS_LUSTRATE << EOF
+etc/nixos
+etc/resolv.conf
+EOF
 
-# Restore access to commands
-/nix/var/nix/profiles/system/activate # (this destroys resolv.conf)
-for ns in ${nameservers[@]}; do echo "nameserver $ns" >> /etc/resolv.conf; done
-source /nix/var/nix/profiles/system/etc/profile
+mv -v /boot /boot.bak &&
+  /nix/var/nix/profiles/system/bin/switch-to-configuration boot
 
-# grub/initrd was skipped with "nodev", because installing from inside install-root would result in wrong fs UUID, so we need a final rebuild
-sed -i 's,nodev,/dev/vda,' /etc/nixos/hardware-configuration.nix
-# TODO see aszlig's comment in issue about not even having to call rebuild, just nix-build system or something; without ever having to use nixos-install either? and separate ext4fs?
-#   man nixos-rebuild mentions this!!: nixos-rebuid build == nix-build /path/to/nixpkgs/nixos -A system
-nixos-rebuild boot --install-grub || echo "WARNING: could not install grub, but we'll hope for the best: that the old installation of grub will manage to boot the new installation."
-
-sync
-echo "You may now Ctrl-C or otherwise terminate this process."
-reboot -f
+reboot