Fix push.sh, act as $USER instead of root

At some point I guess the activation script changed to no longer include the
domain, so I have to get it form the 'domainname' systemd service.

Also I switched to sshing as $USER instead of root, which just seems like better
security practice. I originally used root because I thought you had to be root
to do nix system stuff, but it turns out that's not the case.

2 files changed, 8 insertions, 6 deletions

diff --git a/Biz/Ide/push.sh b/Biz/Ide/push.sh
index 6729c2f..43dff28 100755
--- a/Biz/Ide/push.sh
+++ b/Biz/Ide/push.sh
@@ -10,10 +10,11 @@ else
   target="$prefix.$1"
 fi
 what=$(realpath "${CODEROOT:?}/_/nix/$target")
-# hack: get the domain from the activation script. there does not seem
-# to be a way to get it from nix-instantiate
-where=$(rg -r '$2' -e '(domainname ")(.*)(")' "$what/activate")
-nix copy --to ssh://root@"$where" "$what"
-ssh root@"$where" "$what"/bin/switch-to-configuration switch
-ssh root@"$where" nix-env --profile /nix/var/nix/profiles/system --set "$what"
+# hack: get the domain from the systemd service. there does not seem to be a way
+# to get it from nix-instantiate. (or, maybe i should put this in bild --plan?)
+where=$(rg --only-matching --replace '$2' --regexp '(domainname ")(.*)(")' \
+  "$what/etc/systemd/system/domainname.service")
+nix copy --to ssh://"$USER"@"$where" "$what"
+ssh "$USER"@"$where" sudo "$what"/bin/switch-to-configuration switch
+ssh "$USER"@"$where" sudo nix-env --profile /nix/var/nix/profiles/system --set "$what"
 echo "${GRN}good:  push:  $target${NC}"
diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix
index a9407ab..d9c6be9 100644
--- a/Biz/OsBase.nix
+++ b/Biz/OsBase.nix
@@ -20,6 +20,7 @@ in {
   nix.optimise.automatic = true;
   nix.optimise.dates = [ "Sunday 02:30" ];
   nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
+  nix.settings.trusted-users = [ "ben" ];
   programs.ccache.enable = true;
   programs.mosh.enable = true;
   programs.mosh.withUtempter = true;