1
0
Fork 0

Make sure git diff doesn't result in a failed upgrade service

This commit is contained in:
Aires 2024-05-31 12:45:42 -04:00
parent be463aee17
commit 0234b928ff

View file

@ -13,14 +13,14 @@ let
pathPkgs = with pkgs; [ pathPkgs = with pkgs; [
# Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363
coreutils coreutils
gnutar
xz.bin
gzip
git git
gnutar
gzip
config.nix.package.out config.nix.package.out
nh nh
openssh config.programs.ssh.package
sudo sudo
xz.bin
]; ];
in in
{ {
@ -40,7 +40,7 @@ in
config = lib.mkMerge [ config = lib.mkMerge [
(lib.mkIf cfg.enable { (lib.mkIf cfg.enable {
# Pull and apply updates. # Pull and apply updates.
systemd.services."nixos-update" = { systemd.services."nixos-upgrade" = {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "root"; User = "root";
@ -49,30 +49,33 @@ in
script = '' script = ''
cd ${config.secrets.nixConfigFolder} cd ${config.secrets.nixConfigFolder}
# Check if there are changes from Git. # Check if there are changes from Git.
# Since we're running this as root, we need to su into the user who owns the config folder. echo "Pulling latest version..."
sudo -u aires git fetch sudo -u aires git fetch
sudo -u aires git diff --exit-code main origin/main sudo -u aires git diff --quiet --exit-code main origin/main || true
# If we have changes (git diff returns 1), pull changes and run the update # If we have changes (git diff returns 1), pull changes and run the update
if [ $? -eq 1 ]; then if [ $? -eq 1 ]; then
echo "Updates found, running nixos-rebuild..."
sudo -u aires git pull --recurse-submodules sudo -u aires git pull --recurse-submodules
nh os switch nh os switch
else
echo "No updates found. Exiting."
fi fi
''; '';
}; };
systemd.timers."nixos-update-timer" = { systemd.timers."nixos-upgrade-timer" = {
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = "daily";
Persistent = "true"; Persistent = "true";
Unit = "nixos-update.service"; Unit = "nixos-upgrade.service";
}; };
}; };
}) })
(lib.mkIf cfg.pushUpdates { (lib.mkIf cfg.pushUpdates {
# Automatically update Flake configuration for other hosts to use # Automatically update Flake configuration for other hosts to use
systemd.services."nixos-update-flake" = { systemd.services."nixos-upgrade-flake" = {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = config.users.users.aires.name; User = config.users.users.aires.name;
@ -83,20 +86,21 @@ in
set -eu set -eu
cd ${config.secrets.nixConfigFolder} cd ${config.secrets.nixConfigFolder}
# Make sure we're up-to-date # Make sure we're up-to-date
echo "Pulling the latest version..."
git pull --recurse-submodules git pull --recurse-submodules
nix flake update --commit-lock-file nix flake update --commit-lock-file
git push git push
''; '';
}; };
systemd.timers."nixos-update-flake-timer" = { systemd.timers."nixos-upgrade-flake-timer" = {
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = "daily";
Persistent = "true"; Persistent = "true";
Unit = "nixos-update-flake.service"; Unit = "nixos-upgrade-flake.service";
}; };
}; };
}) })