From a124f314d9e5bc3991802d770af9f523a87eec9a Mon Sep 17 00:00:00 2001 From: ediblerope Date: Sun, 26 Apr 2026 19:35:32 +0100 Subject: [PATCH] common: bake --impure into update alias CrowdSec reads the ntfy topic URL from /var/secrets/ntfy-url at eval time via builtins.readFile. Pure flake mode forbids reading paths outside the source tree, so without --impure the read silently falls through to the placeholder URL on every rebuild. Adding --impure to both build and switch keeps the secret-file pattern working. Co-Authored-By: Claude Opus 4.7 --- common.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.nix b/common.nix index be889a0..6b98670 100644 --- a/common.nix +++ b/common.nix @@ -75,7 +75,7 @@ # Shell aliases (work in both bash and fish) environment.shellAliases = { - update = "bash -c 'OLD_SYSTEM=$(readlink /run/current-system) && sudo nixos-rebuild build $@ --flake github:ediblerope/nixos-config && sudo nixos-rebuild switch $@ --flake github:ediblerope/nixos-config && nvd diff $OLD_SYSTEM /run/current-system && (command -v record-update &>/dev/null && record-update $OLD_SYSTEM /run/current-system || true) && command -v matugen &>/dev/null && matugen image ~/.local/share/backgrounds/wallpaper.png --source-color-index 0 -m dark || true' --"; + update = "bash -c 'OLD_SYSTEM=$(readlink /run/current-system) && sudo nixos-rebuild build $@ --impure --flake github:ediblerope/nixos-config && sudo nixos-rebuild switch $@ --impure --flake github:ediblerope/nixos-config && nvd diff $OLD_SYSTEM /run/current-system && (command -v record-update &>/dev/null && record-update $OLD_SYSTEM /run/current-system || true) && command -v matugen &>/dev/null && matugen image ~/.local/share/backgrounds/wallpaper.png --source-color-index 0 -m dark || true' --"; clean = "sudo nix-collect-garbage -d"; ll = "ls -alh"; clear = "command clear";