From a77483da50515dfdaf4175190522be04bae69c69 Mon Sep 17 00:00:00 2001
From: Kenichi Kamiya <kachick1@gmail.com>
Date: Sat, 9 Mar 2024 03:20:21 +0900
Subject: [PATCH] clean up by root

---
 .github/workflows/container.yml | 1 +
 containers/Containerfile        | 1 +
 containers/cleanup.bash         | 8 ++++++++
 containers/needs_systemd.bash   | 3 ---
 4 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100755 containers/cleanup.bash

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 17a79780..e9823edc 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -80,6 +80,7 @@ jobs:
           container_name="$(podman ps --sort=created --format {{.Names}} | tail -1)"
           [ -n "$container_name" ] # May be fail with bg timing
           podman exec --user=user -it "$container_name" /provisioner/needs_systemd.bash
+          podman exec --user=root -it "$container_name" rm -rf /provisioner/cleanup.bash
           podman commit "$container_name" ran-nix-commands-by-user
           podman kill "$container_name"
       - name: Finalize the image
diff --git a/containers/Containerfile b/containers/Containerfile
index f6afbce3..bb37f954 100644
--- a/containers/Containerfile
+++ b/containers/Containerfile
@@ -15,6 +15,7 @@ RUN mkdir -p ~/.local/state/nix/profiles
 # Don't use /tmp, it removes in first run
 COPY ./ /provisioner/dotfiles/
 COPY ./containers/needs_systemd.bash /provisioner/needs_systemd.bash
+COPY ./containers/cleanup.bash /provisioner/cleanup.bash
 
 # Should back to original of kachick/ubuntu-nix-systemd, we need to run systemd fist
 USER root
diff --git a/containers/cleanup.bash b/containers/cleanup.bash
new file mode 100755
index 00000000..1597f254
--- /dev/null
+++ b/containers/cleanup.bash
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+# Focus to root privilege operations
+
+rm -rf /provisioner/dotfiles
+nix store gc
diff --git a/containers/needs_systemd.bash b/containers/needs_systemd.bash
index 0303a3f4..97c431af 100755
--- a/containers/needs_systemd.bash
+++ b/containers/needs_systemd.bash
@@ -4,6 +4,3 @@ set -euxo pipefail
 
 nix-shell --packages git --command 'git config --global --add safe.directory /provisioner/dotfiles'
 nix run '/provisioner/dotfiles#home-manager' -- switch -b backup --flake '/provisioner/dotfiles/#user'
-
-rm -rf /provisioner/dotfiles
-nix store gc