flake: fix "deploy" commands to bypass substituters, and address deprecated nix path signing
This commit is contained in:
parent
d0d7994c2f
commit
dd6e1c5e38
|
@ -283,9 +283,11 @@
|
|||
# - sandbox friendliness (especially: `git` doesn't have to be run as root)
|
||||
|
||||
if [ -n "$addr" ]; then
|
||||
sudo nix sign-paths -r -k /run/secrets/nix_serve_privkey "$storePath"
|
||||
sudo nix store sign -r -k /run/secrets/nix_serve_privkey "$storePath"
|
||||
# add more `-v` for more verbosity (up to 5).
|
||||
nix-copy-closure -v --gzip --to "$addr" "$storePath"
|
||||
# builders-use-substitutes false: optimizes so that the remote machine doesn't try to get paths from its substituters.
|
||||
# we already have all paths here, and the remote substitution is slow to check and SERIOUSLY flaky on moby in particular.
|
||||
nix copy -vv --option builders-use-substitutes false --to "ssh-ng://$addr" "$storePath"
|
||||
fi
|
||||
|
||||
if [ -n "$action" ]; then
|
||||
|
|
|
@ -4,7 +4,9 @@
|
|||
nix.settings = {
|
||||
# see: `man nix.conf`
|
||||
|
||||
# useful when a remote builder has a faster internet connection than me
|
||||
# useful when a remote builder has a faster internet connection than me.
|
||||
# note that this also applies to `nix copy --to`, though.
|
||||
# i think any time a remote machine wants a path, this means we ask them to try getting it themselves before we supply it.
|
||||
builders-use-substitutes = true; # default: false
|
||||
|
||||
# maximum seconds to wait when connecting to binary substituter
|
||||
|
|
Loading…
Reference in New Issue