From 253d06e319376f9b91fc2e88659932b7cedf396f Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 14:08:19 -0400 Subject: [PATCH] Break automatic updates out into their own module --- flake.lock | 12 ++-- flake.nix | 2 +- hosts/Haven/default.nix | 6 +- modules/base/programs.nix | 2 +- modules/base/system.nix | 39 ------------ modules/services/autoupgrade.nix | 106 +++++++++++++++++++++++++++++++ nix-secrets | 2 +- 7 files changed, 119 insertions(+), 50 deletions(-) create mode 100644 modules/services/autoupgrade.nix diff --git a/flake.lock b/flake.lock index e48347f..ab3f108 100644 --- a/flake.lock +++ b/flake.lock @@ -250,17 +250,17 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716929428, - "narHash": "sha256-MRMQqR0lXM8ZA92QACu0VjFIcWtxZ0nvEU94VFFuKTo=", + "lastModified": 1717092160, + "narHash": "sha256-dype0zRMyP94Uo8YC1vWQ6lkvXLYMep6+Xo7AW4K9cs=", "ref": "refs/heads/main", - "rev": "4db84b723bb2eb21a2c58de565ed89ddb34e6166", - "revCount": 41, + "rev": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", + "revCount": 42, "type": "git", - "url": "file:///home/aires/Development/nix-configuration/nix-secrets" + "url": "file:./nix-secrets" }, "original": { "type": "git", - "url": "file:///home/aires/Development/nix-configuration/nix-secrets" + "url": "file:./nix-secrets" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 4b9eb0e..7a7c438 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ # "Secrets management" nix-secrets = { - url = "git+file:///home/aires/Development/nix-configuration/nix-secrets"; + url = "git+file:./nix-secrets"; flake = false; }; diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index 7926ff3..ca57a20 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -50,6 +50,7 @@ in enable = true; home = "/storage/services/airsonic-advanced"; }; + autoUpgrade.pushUpdates = true; boinc.enable = true; cache = { enable = false; # Disable for now @@ -120,7 +121,8 @@ in Type = "oneshot"; User = config.users.users.aires.name; }; - path = with pkgs; [ # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 + path = with pkgs; [ + # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 coreutils gnutar xz.bin @@ -131,7 +133,7 @@ in ]; script = '' set -eu - cd ${config.users.users.aires.home}/Development/nix-configuration + cd ${config.secrets.nixConfigFolder} git pull --recurse-submodules nix flake update git add flake.lock diff --git a/modules/base/programs.nix b/modules/base/programs.nix index ddd29d8..fbd58fa 100644 --- a/modules/base/programs.nix +++ b/modules/base/programs.nix @@ -17,7 +17,7 @@ nh = { enable = true; - flake = "${config.users.users.aires.home}/Development/nix-configuration"; + flake = "${config.secrets.nixConfigFolder}"; # Alternative garbage collection system to nix.gc.automatic clean = { diff --git a/modules/base/system.nix b/modules/base/system.nix index e00170e..f19e31b 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -26,45 +26,6 @@ }; }; - # Configure automatic updates. Replaces system.autoUpgrade. - systemd.services."nixos-update" = { - serviceConfig = { - Type = "oneshot"; - User = "root"; - }; - path = with pkgs; [ - coreutils - gnutar - xz.bin - gzip - git - config.nix.package.out - nh - openssh - sudo - ]; - script = '' - cd ${config.users.users.aires.home}/Development/nix-configuration - # Check if there are changes from Git - sudo -u aires git fetch - sudo -u aires git diff --exit-code main origin/main - if [ $? -eq 1 ]; then - sudo -u aires git pull --recurse-submodules - nh os switch - fi - ''; - }; - systemd.timers."nixos-update-timer" = { - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = "true"; - Unit = "nixos-update.service"; - }; - }; - services = { # Enable fwupd (firmware updater) fwupd.enable = true; diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix new file mode 100644 index 0000000..4f10f84 --- /dev/null +++ b/modules/services/autoupgrade.nix @@ -0,0 +1,106 @@ +# Run automatic updates. Replaces system.autoUpgrade. +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.host.services.autoUpgrade; +in +{ + options = { + host.services.autoUpgrade = { + enable = lib.mkOption { + default = true; + type = lib.types.bool; + description = "Enables automatic system updates."; + }; + pushUpdates = lib.mkEnableOption ( + lib.mdDoc "Updates the flake.lock file and pushes it back to the repo." + ); + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + # Pull and apply updates. + systemd.services."nixos-update" = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + path = with pkgs; [ + coreutils + gnutar + xz.bin + gzip + git + config.nix.package.out + nh + openssh + sudo + ]; + script = '' + cd ${config.users.users.aires.home}/Development/nix-configuration + # Check if there are changes from Git + sudo -u aires git fetch + sudo -u aires git diff --exit-code main origin/main + if [ $? -eq 1 ]; then + sudo -u aires git pull --recurse-submodules + nh os switch + fi + ''; + }; + systemd.timers."nixos-update-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-update.service"; + }; + }; + }) + (lib.mkIf cfg.pushUpdates { + # Automatically update Flake configuration for other hosts to use + systemd.services."nixos-update-flake" = { + serviceConfig = { + Type = "oneshot"; + User = config.users.users.aires.name; + }; + path = with pkgs; [ + # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 + coreutils + gnutar + xz.bin + gzip + git + config.nix.package.out + openssh + ]; + script = '' + set -eu + cd ${config.secrets.nixConfigFolder} + git pull --recurse-submodules + nix flake update + git add flake.lock + git diff --quiet && git diff --staged --quiet || git commit -am "Update flake.lock" && git push # Courtesy of https://stackoverflow.com/a/40255467 + ''; + }; + + systemd.timers."nixos-update-flake-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-update-flake.service"; + }; + }; + }) + ]; +} diff --git a/nix-secrets b/nix-secrets index 4db84b7..42ddf14 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit 4db84b723bb2eb21a2c58de565ed89ddb34e6166 +Subproject commit 42ddf14d36d9fab1eb070f51fdf1991d1a21dde9