kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-14 13:05:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d0a2c3fada236bb25e17112fa49901aeba899895
computer-playbook/roles/dev-nix/defaults/main.yml
Kevin Veen-Birkenbach f143ce258c dev-nix: migrate to official installer with dynamic SHA256 verification, 
split non-Arch logic, add template-based nix.conf, and integrate into pkgmgr

- Replace local installer mechanism with official upstream URLs:
  https://releases.nixos.org/nix/nix-<version>/install
  and dynamically fetch associated SHA256 checksum
- Add version-based URL construction via new defaults variables
- Implement clean OS-branching:
  * Arch-based systems: install Nix via pacman
  * Non-Arch systems: download installer + verify SHA256 + run in daemon mode
- Extract non-Arch installation logic into dedicated task file
  (02_non_arch_installer.yml)
- Introduce template-based /etc/nix/nix.conf with build-users-group
  and optional experimental-features block
- Remove obsolete install.yml
- Update pkgmgr dev stack to include dev-nix and adjust update command
- Add TODO.md for future security improvements

https://chatgpt.com/share/6939bbfe-5cb0-800f-8ea8-95628dc911f5
https://chatgpt.com/share/6939bbd9-4840-800f-b9d2-b2510ea0f105
2025-12-10 19:29:04 +01:00

35 lines
1.1 KiB
YAML
Raw Blame History

---
# Nix version to install via official installer
dev_nix_installer_version: "2.32.4"
# Base URL for Nix releases
dev_nix_installer_base_url: "https://releases.nixos.org/nix"
# Full URL to the installer script (can be overridden if needed)
dev_nix_installer_url: >-
{{ dev_nix_installer_base_url }}/nix-{{ dev_nix_installer_version }}/install
# Full URL to the SHA256 checksum file
dev_nix_installer_sha256_url: "{{ dev_nix_installer_url }}.sha256"
# Path where the installer will be downloaded on the target host
dev_nix_installer_dest: "/usr/local/share/nix-install.sh"
# Will be filled at runtime from dev_nix_installer_sha256_url
dev_nix_installer_sha256: ""
# Whether to drop a small shell snippet into /etc/profile.d to ensure
# Nix environment is available for login shells.
dev_nix_enable_shell_snippet: false
# Path of the profile.d snippet
dev_nix_shell_snippet_path: "/etc/profile.d/nix.sh"
# Enable experimental features such as nix-command and flakes
dev_nix_enable_experimental_features: true
# List of experimental features to enable when dev_nix_enable_experimental_features is true
dev_nix_experimental_features:
- nix-command
- flakes
Reference in New Issue View Git Blame Copy Permalink