From 3730ae7cf7446d47b22e82bf36a5d7f33dac9e73 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Mon, 17 Apr 2023 17:04:47 +0200
Subject: [PATCH] chore: automatically get (impure) current system for
 rekeying.

---
 hosts/common/core/default.nix | 4 +++-
 nix/extra-builtins.nix        | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix
index 57c32c4..4ed8ff7 100644
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@@ -27,7 +27,9 @@
       extraEncryptionPubkeys
       ;
 
-    forceRekeyOnSystem = "x86_64-linux";
+    # This is technically impure, but intended. We need to rekey on the
+    # current system due to yubikey availability.
+    forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
     hostPubkey = let
       pubkeyPath = ../.. + "/${nodeName}/secrets/host.pub";
     in
diff --git a/nix/extra-builtins.nix b/nix/extra-builtins.nix
index 8952f54..b13d451 100644
--- a/nix/extra-builtins.nix
+++ b/nix/extra-builtins.nix
@@ -29,4 +29,6 @@ in {
     assert assertMsg (builtins.isPath nixFile) "The file to decrypt must be given as a path to prevent impurity.";
     assert assertMsg (hasSuffix ".nix.age" nixFile) "The content of the decrypted file must be a nix expression and should therefore end in .nix.age";
       exec ([./rage-decrypt-and-cache.sh nixFile] ++ identities);
+  # currentSystem
+  unsafeCurrentSystem = exec ["nix" "eval" "--impure" "--expr" "builtins.currentSystem"];
 }