Switch from 'nix eval' to 'nix-instantiate --eval'

[auto-upgrade-with-pinch] / modules / auto-upgrade.nix

diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix
index fbc8b938a16f6fd434eea1ba11b53797d441a972..4a5aa83582e1c06fd5d1e81d89a65e0dc34cd74e 100644 (file)
--- a/modules/auto-upgrade.nix
+++ b/modules/auto-upgrade.nix
@@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
+  local-pkgs = import ../. { inherit pkgs; };
   cfg = config.system.autoUpgradeWithPinch;
   pull-repo-script = pkgs.writeShellScript "pull-repo" ''
     set -eo pipefail
@@ -50,7 +51,7 @@ let
 
     if [[ "$(prop requireSignature)" == true ]]; then
       ${pkgs.polite-merge}/bin/polite-merge \
-        -c gpg.program=${escapeShellArg (pkgs.keyedgpg cfg.signingKeys)} \
+        -c gpg.program=${escapeShellArg (local-pkgs.keyed-gpg cfg.signingKeys)} \
         merge --ff-only --verify-signatures
     else
       ${pkgs.polite-merge}/bin/polite-merge merge --ff-only
@@ -143,12 +144,12 @@ let
           + concatMapStringsSep "\n" (f: "verify_ownership ${escapeShellArg f}")
           cfg.upgradeConfig)}
 
-        config=$(${pkgs.nix}/bin/nix eval --json -f ${../upgrade-config.nix} \
+        config=$(${pkgs.nix}/bin/nix-instantiate --eval --strict --json -A config \
           --arg upgradeConfig ${
             escapeShellArg ("["
               + lib.concatMapStringsSep " " lib.strings.escapeNixString
               cfg.upgradeConfig + "]")
-          } config)
+          } ${../upgrade-config.nix})
 
         config_query() {
           ${pkgs.jq}/bin/jq -r "$@" <<< "$config"
@@ -269,7 +270,6 @@ in {
     '';
 
     nixpkgs.overlays = [
-      (import ../overlays/keyedgpg.nix)
       (import ../overlays/pinch.nix)
       (import ../overlays/polite-merge.nix)
       (self: super: {