From a69b105b925622abfb52c67237ab79651f1275e6 Mon Sep 17 00:00:00 2001 From: UGA Innovation Factory Date: Fri, 19 Dec 2025 10:51:35 -0500 Subject: [PATCH] updater to not require sudo prefix for flags --- sw/updater.nix | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/sw/updater.nix b/sw/updater.nix index 445d766..b8a3cbe 100644 --- a/sw/updater.nix +++ b/sw/updater.nix @@ -43,6 +43,14 @@ with lib; # Service path for unprivileged (no flags) UNIT="update-system.service" + # Figure out the "real" invoking user, even under sudo. + INVOKER_USER="''${SUDO_USER:-$(id -un)}" + INVOKER_HOME="$(getent passwd "$INVOKER_USER" | cut -d: -f6)" + if [ -z "$INVOKER_HOME" ]; then + # fallback if getent is weird in some containers + INVOKER_HOME="''${HOME:-/home/$INVOKER_USER}" + fi + # Defaults for flagged mode DEFAULT_REMOTE_URL="https://git.factory.uga.edu/UGA-Innovation-Factory/athenix" REPO_MODE="default" # default | local | remote @@ -91,7 +99,7 @@ with lib; case "$1" in --local-repo) REPO_MODE="local" - LOCAL_PATH="''${HOME}/athenix" + LOCAL_PATH="$INVOKER_HOME/athenix" shift ;; --local-repo=*) @@ -134,7 +142,7 @@ with lib; # Build flake ref if [ "$REPO_MODE" = "local" ]; then - [ -n "$LOCAL_PATH" ] || LOCAL_PATH="''${HOME}/athenix" + [ -n "$LOCAL_PATH" ] || LOCAL_PATH="$INVOKER_HOME/athenix" # Clone default repo if missing if [ ! -d "$LOCAL_PATH" ]; then @@ -177,7 +185,14 @@ with lib; impureFlag="--impure" fi - exec nixos-rebuild switch --refresh --print-build-logs $impureFlag --flake "''${flakeRef}" + # If not root, re-exec via sudo to do the actual switch. + # Preserve our computed invoker context so sudo doesn't "helpfully" change it. + if ! is_root; then + exec sudo --preserve-env=HOME,USER,LOGNAME \ + nixos-rebuild switch --refresh --print-build-logs $impureFlag --flake "$flakeRef" + else + exec nixos-rebuild switch --refresh --print-build-logs $impureFlag --flake "$flakeRef" + fi '') ];