nix: move secrets to private

[julm/julm-nix.git] / install

diff --git a/install b/install
index 53c427f271ffb6e361dd909f8548a51b214350b6..b211adf4bff6d06aff7e6a58424f281459596e07 100755 (executable)
--- a/install
+++ b/install
@@ -1,2 +1,11 @@
 #!/bin/sh -eux
-sudo nixos-rebuild switch --flake .
+if test "$(id -u)" != 0
+then sudo "$0" "$@"
+else
+  cd "${0%/*}"
+  ln -sfn "$PWD/private/root" /root/private
+  trap 'git reset private/root' EXIT
+  git rm -rf --cached --ignore-unmatch private/root # prevent copying to /nix/store
+  nixos-rebuild switch --flake . "$@"
+  nix-env --delete-generations +2 --profile /nix/var/nix/profiles/system
+fi