aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Break automatic updates out into their own module

Browse source
This commit is contained in:
Aires 2024-05-30 14:08:19 -04:00
parent ec3699ffc4
commit 253d06e319
7 changed files with 119 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
flake.lock
View file

@ -250,17 +250,17 @@
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1716929428,
"narHash": "sha256-MRMQqR0lXM8ZA92QACu0VjFIcWtxZ0nvEU94VFFuKTo=",
"lastModified": 1717092160,
"narHash": "sha256-dype0zRMyP94Uo8YC1vWQ6lkvXLYMep6+Xo7AW4K9cs=",
"ref": "refs/heads/main",
"rev": "4db84b723bb2eb21a2c58de565ed89ddb34e6166",
"revCount": 41,
"rev": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9",
"revCount": 42,
"type": "git",
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
"url": "file:./nix-secrets"
},
"original": {
"type": "git",
"url": "file:///home/aires/Development/nix-configuration/nix-secrets"
"url": "file:./nix-secrets"
}
},
"nixos-hardware": {

2
flake.nix
View file

@ -36,7 +36,7 @@
# "Secrets management"
nix-secrets = {
url = "git+file:///home/aires/Development/nix-configuration/nix-secrets";
url = "git+file:./nix-secrets";
flake = false;
};

6
hosts/Haven/default.nix
View file

@ -50,6 +50,7 @@ in
enable = true;
home = "/storage/services/airsonic-advanced";
};
autoUpgrade.pushUpdates = true;
boinc.enable = true;
cache = {
enable = false; # Disable for now
@ -120,7 +121,8 @@ in
Type = "oneshot";
User = config.users.users.aires.name;
};
path = with pkgs; [ # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363
path = with pkgs; [
# Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363
coreutils
gnutar
xz.bin
@ -131,7 +133,7 @@ in
];
script = ''
set -eu
cd ${config.users.users.aires.home}/Development/nix-configuration
cd ${config.secrets.nixConfigFolder}
git pull --recurse-submodules
nix flake update
git add flake.lock

2
modules/base/programs.nix
View file

@ -17,7 +17,7 @@
nh = {
enable = true;
flake = "${config.users.users.aires.home}/Development/nix-configuration";
flake = "${config.secrets.nixConfigFolder}";
# Alternative garbage collection system to nix.gc.automatic
clean = {

39
modules/base/system.nix
View file

@ -26,45 +26,6 @@
};
};
# Configure automatic updates. Replaces system.autoUpgrade.
systemd.services."nixos-update" = {
serviceConfig = {
Type = "oneshot";
User = "root";
};
path = with pkgs; [
coreutils
gnutar
xz.bin
gzip
git
config.nix.package.out
nh
openssh
sudo
];
script = ''
cd ${config.users.users.aires.home}/Development/nix-configuration
# Check if there are changes from Git
sudo -u aires git fetch
sudo -u aires git diff --exit-code main origin/main
if [ $? -eq 1 ]; then
sudo -u aires git pull --recurse-submodules
nh os switch
fi
'';
};
systemd.timers."nixos-update-timer" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
Unit = "nixos-update.service";
};
};
services = {
# Enable fwupd (firmware updater)
fwupd.enable = true;

106
modules/services/autoupgrade.nix Normal file
View file

@ -0,0 +1,106 @@
# Run automatic updates. Replaces system.autoUpgrade.
{
config,
lib,
pkgs,
...
}:
let
cfg = config.host.services.autoUpgrade;
in
{
options = {
host.services.autoUpgrade = {
enable = lib.mkOption {
default = true;
type = lib.types.bool;
description = "Enables automatic system updates.";
};
pushUpdates = lib.mkEnableOption (
lib.mdDoc "Updates the flake.lock file and pushes it back to the repo."
);
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
# Pull and apply updates.
systemd.services."nixos-update" = {
serviceConfig = {
Type = "oneshot";
User = "root";
};
path = with pkgs; [
coreutils
gnutar
xz.bin
gzip
git
config.nix.package.out
nh
openssh
sudo
];
script = ''
cd ${config.users.users.aires.home}/Development/nix-configuration
# Check if there are changes from Git
sudo -u aires git fetch
sudo -u aires git diff --exit-code main origin/main
if [ $? -eq 1 ]; then
sudo -u aires git pull --recurse-submodules
nh os switch
fi
'';
};
systemd.timers."nixos-update-timer" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
Unit = "nixos-update.service";
};
};
})
(lib.mkIf cfg.pushUpdates {
# Automatically update Flake configuration for other hosts to use
systemd.services."nixos-update-flake" = {
serviceConfig = {
Type = "oneshot";
User = config.users.users.aires.name;
};
path = with pkgs; [
# Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363
coreutils
gnutar
xz.bin
gzip
git
config.nix.package.out
openssh
];
script = ''
set -eu
cd ${config.secrets.nixConfigFolder}
git pull --recurse-submodules
nix flake update
git add flake.lock
git diff --quiet && git diff --staged --quiet || git commit -am "Update flake.lock" && git push # Courtesy of https://stackoverflow.com/a/40255467
'';
};
systemd.timers."nixos-update-flake-timer" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
Unit = "nixos-update-flake.service";
};
};
})
];
}

2
nix-secrets

@ -1 +1 @@
Subproject commit 4db84b723bb2eb21a2c58de565ed89ddb34e6166
Subproject commit 42ddf14d36d9fab1eb070f51fdf1991d1a21dde9