From 9c7a380565b769deb8aa2ae970de82bcfd2cc755 Mon Sep 17 00:00:00 2001
From: Nico Jensch <root@dr460nf1r3.org>
Date: Sun, 19 Jan 2025 17:55:41 +0100
Subject: [PATCH] feat(chaotic-v4): add back restart script

---
 flake.nix                  |  1 -
 nixos/hosts/chaotic-v4.nix | 13 +++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index 7adaa2b..8ed73af 100644
--- a/flake.nix
+++ b/flake.nix
@@ -35,7 +35,6 @@
     pre-commit-hooks.url = "github:cachix/git-hooks.nix";
     pre-commit-hooks.inputs.flake-compat.follows = "flake-compat";
     pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
-    pre-commit-hooks.inputs.nixpkgs-stable.follows = "nixpkgs-stable";
 
     # SSH keys of maintainers
     keys_nico.url = "https://github.com/dr460nf1r3.keys";
diff --git a/nixos/hosts/chaotic-v4.nix b/nixos/hosts/chaotic-v4.nix
index 603653d..d9e9df5 100644
--- a/nixos/hosts/chaotic-v4.nix
+++ b/nixos/hosts/chaotic-v4.nix
@@ -4,6 +4,13 @@
 , pkgs
 , ...
 }:
+let
+  wrapperScript = pkgs.writeScriptBin "chaotic-restart" ''
+    echo "Restarting Chaotic-AUR containers..."
+    systemctl restart docker-compose-runner-chaotic-v4.service
+    echo "Done."
+  '';
+in
 {
   imports = sources.defaultModules ++ [ ../modules "${sources.chaotic-portable-builder}/nix/nixos.nix" ];
 
@@ -24,6 +31,12 @@
     source = ../../docker-compose/chaotic-v4;
   };
 
+  # Allow controlling infra 4.0's containers without root
+  environment.systemPackages = [ wrapperScript ];
+  security.sudo.extraRules = [
+    { users = [ "xiota" ]; commands = [{ command = "${wrapperScript}/bin/chaotic-restart"; options = [ "NOPASSWD" ]; }]; }
+  ];
+
   # Lock down chaotic-op group to SCP in landing zone
   services.openssh.extraConfig = ''
     Match Group chaotic-op