From c85cd1a0c82c0bfafb7146801eccc56269b545ed Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 11:34:36 -0400 Subject: [PATCH 01/30] Switch nixos-hardware back to upstream --- flake.lock | 26 +++++++++++++------------- flake.nix | 5 ++++- modules/services/forgejo.nix | 1 + 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 48c7dac..2e67468 100644 --- a/flake.lock +++ b/flake.lock @@ -218,11 +218,11 @@ ] }, "locked": { - "lastModified": 1716506851, - "narHash": "sha256-fzY708SyfHwLOFrg5ZU0fXW9mNdvRvqz64jg97vvpJM=", + "lastModified": 1716856858, + "narHash": "sha256-dfNGs2AW/V31nMVeEBSUJCMfT6bZAKJ5qsWgFHWhvUc=", "ref": "refs/heads/main", - "rev": "18fa4a89e208cb8e881f5f71c75bbd4c1c2fd37d", - "revCount": 83, + "rev": "38f31ee7c1a60adae58833789dd855c128b056c6", + "revCount": 85, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -265,18 +265,18 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1716588418, - "narHash": "sha256-3EpFUFlZjE+UkBlSXp2lC65ysgUmpAHl13kjh45+et0=", + "lastModified": 1716881121, + "narHash": "sha256-oTf3enbe/lbiNzsyZ8ria+422hx4e/FB3xQcY2LPnJw=", "ref": "master", - "rev": "80736f76ded618a54dce2db319247aeb902ce795", - "revCount": 1683, + "rev": "806e9d4a933dd1e75592e88894d4bd2f296f5bbf", + "revCount": 1694, "type": "git", - "url": "https://code.8bitbuddhism.com/aires/nixos-hardware" + "url": "https://github.com/NixOS/nixos-hardware" }, "original": { "ref": "master", "type": "git", - "url": "https://code.8bitbuddhism.com/aires/nixos-hardware" + "url": "https://github.com/NixOS/nixos-hardware" } }, "nixpkgs": { @@ -313,11 +313,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716542732, - "narHash": "sha256-0Y9fRr0CUqWT4KgBITmaGwlnNIGMYuydu2L8iLTfHU4=", + "lastModified": 1716793392, + "narHash": "sha256-ex3nO87EEQhshXd19QSVW5UIXL0pbPuew4q8TdEJQBY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d12251ef6e8e6a46e05689eeccd595bdbd3c9e60", + "rev": "67a8b308bae9c26be660ccceff3e53a65e01afe1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 86b248b..f534246 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,8 @@ nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1"; # Hardware configurations - nixos-hardware.url = "git+https://code.8bitbuddhism.com/aires/nixos-hardware?ref=master"; + #nixos-hardware.url = "git+https://code.8bitbuddhism.com/aires/nixos-hardware?ref=master"; + nixos-hardware.url = "git+https://github.com/NixOS/nixos-hardware?ref=master"; # Home-manager home-manager = { @@ -98,6 +99,7 @@ system = "x86_64-linux"; modules = defaultModules ++ [ nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-gpu-intel ./hosts/Dimaga ]; }; @@ -106,6 +108,7 @@ system = "x86_64-linux"; modules = defaultModules ++ [ nixos-hardware.nixosModules.common-cpu-amd-pstate + nixos-hardware.nixosModules.common-gpu-amd ./hosts/Haven ]; }; diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 6e43a35..e0a8ec8 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -72,6 +72,7 @@ in labels = [ "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/ "debian:docker://node:20-bullseye" + "ubuntu-latest:docker://ubuntu:latest" ]; settings = { # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix From e88b04d5445bdfd2ef19378f5dfc21e92268170d Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 12:14:40 -0400 Subject: [PATCH 02/30] Fighting with automatic updates and some other stuff --- flake.nix | 4 ++-- hosts/Haven/default.nix | 1 - modules/base/system.nix | 1 + modules/services/forgejo.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index f534246..9b7b06a 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ # Hardware configurations #nixos-hardware.url = "git+https://code.8bitbuddhism.com/aires/nixos-hardware?ref=master"; - nixos-hardware.url = "git+https://github.com/NixOS/nixos-hardware?ref=master"; + nixos-hardware.url = "git+https://github.com/NixOS/nixos-hardware?ref=master"; # Home-manager home-manager = { @@ -99,7 +99,7 @@ system = "x86_64-linux"; modules = defaultModules ++ [ nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-gpu-intel + nixos-hardware.nixosModules.common-gpu-intel ./hosts/Dimaga ]; }; diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index 1b9e004..70faef8 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -19,7 +19,6 @@ in imports = [ ./hardware-configuration.nix ]; system.stateVersion = "24.05"; - system.autoUpgrade.enable = lib.mkForce false; host = { role = "server"; diff --git a/modules/base/system.nix b/modules/base/system.nix index 35df0b1..c54461c 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -33,6 +33,7 @@ dates = "daily"; allowReboot = false; operation = "switch"; + flags = [ "--commit-lock-file" ]; }; services = { diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index e0a8ec8..74cdf75 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -72,7 +72,7 @@ in labels = [ "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/ "debian:docker://node:20-bullseye" - "ubuntu-latest:docker://ubuntu:latest" + "ubuntu-latest:docker://ubuntu:latest" ]; settings = { # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix From 2c583c15a57e013d5a1c43d771af0794bb1247ec Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 13:48:44 -0400 Subject: [PATCH 03/30] Forgejo Actions test #4 --- modules/services/forgejo.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 74cdf75..1572bca 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -77,7 +77,8 @@ in settings = { # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml - container.validVolumes = "**"; + container.options = "--v /nix:/nix"; + container.validVolumes = [ "/nix" ]; }; }; }; From 8922e6c24b4bed1c3596f9fdf98e31b92c05f522 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 13:50:15 -0400 Subject: [PATCH 04/30] Trigger build From 3efe773952e464f88beff993176b99d9916e4254 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 13:50:42 -0400 Subject: [PATCH 05/30] Actually include the f---ing workflow changes --- .forgejo/workflows/update.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index c6da891..1836b00 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -1,12 +1,14 @@ on: [push] jobs: - format: - runs-on: nix - steps: - - run: nix --experimental-features 'nix-command flakes' fmt +# format: +# runs-on: nix +# steps: +# - uses: actions/checkout@v4 +# - run: nix --experimental-features 'nix-command flakes' fmt build: runs-on: nix + uses: https://github.com/actions/checkout@v4 steps: - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven - - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda \ No newline at end of file + - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda From 4f4db49ab17d00ed7cb2a280765a6816215f3dc0 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 13:52:04 -0400 Subject: [PATCH 06/30] Forgejo Actions test #4a --- .forgejo/workflows/update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index 1836b00..063eb53 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -7,7 +7,7 @@ jobs: # - run: nix --experimental-features 'nix-command flakes' fmt build: runs-on: nix - uses: https://github.com/actions/checkout@v4 + uses: actions/checkout@v4 steps: - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven From 27b59eca9de749d8e1c8a0728d611e10a901a88e Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 13:53:27 -0400 Subject: [PATCH 07/30] Wtf --- .forgejo/workflows/update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index 063eb53..5382bb7 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -7,8 +7,8 @@ jobs: # - run: nix --experimental-features 'nix-command flakes' fmt build: runs-on: nix - uses: actions/checkout@v4 steps: + - uses: actions/checkout@v4 - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda From 29fbf9b768eca047828decd6c6dbd0a7e3fd32d5 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 14:00:05 -0400 Subject: [PATCH 08/30] Forgejo Actions test #5 --- .forgejo/workflows/update.yaml | 1 + modules/services/forgejo.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index 5382bb7..5b65112 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -9,6 +9,7 @@ jobs: runs-on: nix steps: - uses: actions/checkout@v4 + - uses: actions/setup-node@v3 - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 1572bca..98a4911 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -77,7 +77,7 @@ in settings = { # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml - container.options = "--v /nix:/nix"; + container.options = "-v /nix:/nix"; container.validVolumes = [ "/nix" ]; }; }; From beb12569970e69a01915db2910c520822a417010 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 14:02:01 -0400 Subject: [PATCH 09/30] Forgejo Actions test #6 --- .forgejo/workflows/update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index 5b65112..56b0ce5 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -8,8 +8,8 @@ jobs: build: runs-on: nix steps: - - uses: actions/checkout@v4 - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda From b224a3e3a5fb4b666698427b044a3b57359f2745 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 14:03:54 -0400 Subject: [PATCH 10/30] Forgejo Actions test #7 --- .forgejo/workflows/update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index 56b0ce5..9900f59 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -8,7 +8,7 @@ jobs: build: runs-on: nix steps: - - uses: actions/setup-node@v3 + - run nix-env -iA nixos.nodejs_22 - uses: actions/checkout@v4 - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven From 77b69dff9600b6d72b9f9fd68f8ce3eb083ede04 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 14:05:24 -0400 Subject: [PATCH 11/30] Forgejo Actions test #7a --- .forgejo/workflows/update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index 9900f59..6b9af7a 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -8,7 +8,7 @@ jobs: build: runs-on: nix steps: - - run nix-env -iA nixos.nodejs_22 + - run: nix-env -iA nixos.nodejs_22 - uses: actions/checkout@v4 - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven From b321d81a845b989113ff77043942601d9fa85887 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 14:06:34 -0400 Subject: [PATCH 12/30] Forgejo Actions test #8 --- .forgejo/workflows/update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index 6b9af7a..d281192 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -8,7 +8,7 @@ jobs: build: runs-on: nix steps: - - run: nix-env -iA nixos.nodejs_22 + - run: nix-env -iA nixpkgs.nodejs_22 - uses: actions/checkout@v4 - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven From 8140ea69246ba5dc92709b0e838141685efe563d Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 14:07:55 -0400 Subject: [PATCH 13/30] Forgejo Actions test #9 --- .forgejo/workflows/update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index d281192..36ca244 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -8,7 +8,7 @@ jobs: build: runs-on: nix steps: - - run: nix-env -iA nixpkgs.nodejs_22 + - run: nix-env -iA nixpkgs.nodejs_20 - uses: actions/checkout@v4 - run: nix --experimental-features 'nix-command flakes' flake update - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven From 53eb2e0a49a84aac34545e26d50400537d1db071 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 28 May 2024 14:17:53 -0400 Subject: [PATCH 14/30] Give Forgejo runners DNS access --- modules/services/forgejo.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 98a4911..bab4501 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -98,6 +98,12 @@ in }; }; + # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/) + networking.firewall.interfaces.podman4 = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + systemd.services = { nginx.wants = [ config.systemd.services.forgejo.name ]; } // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; }; From 228f05437130d861f4493cc2df1617a72d98f426 Mon Sep 17 00:00:00 2001 From: Andre Date: Wed, 29 May 2024 19:50:11 -0400 Subject: [PATCH 15/30] Add Bluetooth profile for Vitrix Pro Controller --- flake.lock | 20 +++++----- flake.nix | 4 +- hosts/Shura/bluetooth/vitrix-pdp-pro-params | 42 +++++++++++++++++++++ hosts/Shura/default.nix | 4 ++ 4 files changed, 58 insertions(+), 12 deletions(-) create mode 100644 hosts/Shura/bluetooth/vitrix-pdp-pro-params diff --git a/flake.lock b/flake.lock index 2e67468..1b91de5 100644 --- a/flake.lock +++ b/flake.lock @@ -252,7 +252,7 @@ "locked": { "lastModified": 1716827240, "narHash": "sha256-0LHXNvx7KEsn3j9w/4VtQiEWKrqJmmWn1k/169x/N04=", - "ref": "refs/heads/main", + "ref": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", "rev": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", "revCount": 40, "type": "git", @@ -265,18 +265,18 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1716881121, - "narHash": "sha256-oTf3enbe/lbiNzsyZ8ria+422hx4e/FB3xQcY2LPnJw=", + "lastModified": 1717000136, + "narHash": "sha256-MyFE1416Wsb9UxTNiHTGoOvtUl5JuCftj4EBfz9oPHU=", "ref": "master", - "rev": "806e9d4a933dd1e75592e88894d4bd2f296f5bbf", - "revCount": 1694, + "rev": "2575b7552f52b34dadb08f140326fbbd19056355", + "revCount": 1685, "type": "git", - "url": "https://github.com/NixOS/nixos-hardware" + "url": "https://code.8bitbuddhism.com/aires/nixos-hardware" }, "original": { "ref": "master", "type": "git", - "url": "https://github.com/NixOS/nixos-hardware" + "url": "https://code.8bitbuddhism.com/aires/nixos-hardware" } }, "nixpkgs": { @@ -313,11 +313,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716793392, - "narHash": "sha256-ex3nO87EEQhshXd19QSVW5UIXL0pbPuew4q8TdEJQBY=", + "lastModified": 1716966868, + "narHash": "sha256-I5dlFm936SkuUu9haYabEBCUPeX6EuXLT1uFkEM/lbY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "67a8b308bae9c26be660ccceff3e53a65e01afe1", + "rev": "fafeae3d248c41c6c8a2ab5e09f9e2d3de706ef8", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9b7b06a..4b9eb0e 100644 --- a/flake.nix +++ b/flake.nix @@ -25,8 +25,8 @@ nix-flatpak.url = "github:gmodena/nix-flatpak/v0.4.1"; # Hardware configurations - #nixos-hardware.url = "git+https://code.8bitbuddhism.com/aires/nixos-hardware?ref=master"; - nixos-hardware.url = "git+https://github.com/NixOS/nixos-hardware?ref=master"; + nixos-hardware.url = "git+https://code.8bitbuddhism.com/aires/nixos-hardware?ref=master"; + #nixos-hardware.url = "git+https://github.com/NixOS/nixos-hardware?ref=master"; # Home-manager home-manager = { diff --git a/hosts/Shura/bluetooth/vitrix-pdp-pro-params b/hosts/Shura/bluetooth/vitrix-pdp-pro-params new file mode 100644 index 0000000..25a32b9 --- /dev/null +++ b/hosts/Shura/bluetooth/vitrix-pdp-pro-params @@ -0,0 +1,42 @@ +[General] +Name=Victrix Pro BFG +Appearance=0x03c4 +AddressType=public +SupportedTechnologies=LE; +Trusted=true +Blocked=false +WakeAllowed=true +Services=00001800-0000-1000-8000-00805f9b34fb;00001801-0000-1000-8000-00805f9b34fb;0000180a-0000-1000-8000-00805f9b34fb;0000180f-0000-1000-8000-00805f9b34fb;00001812-0000-1000-8000-00805f9b34fb;00001813-0000-1000-8000-00805f9b34fb;f95a48e6-a721-11e9-a2a3-022ae2dbcce4; + +[LongTermKey] +Key=F12268049C72EA0561E2E77DEA02AC12 +Authenticated=0 +EncSize=16 +EDiv=29996 +Rand=5139827239406697411 + +[PeripheralLongTermKey] +Key=CC60B7A9080383302B61EC2127E0D5CD +Authenticated=0 +EncSize=16 +EDiv=59630 +Rand=6653202288716901387 + +[SlaveLongTermKey] +Key=CC60B7A9080383302B61EC2127E0D5CD +Authenticated=0 +EncSize=16 +EDiv=59630 +Rand=6653202288716901387 + +[DeviceID] +Source=2 +Vendor=3695 +Product=587 +Version=768 + +[ConnectionParameters] +MinInterval=6 +MaxInterval=6 +Latency=0 +Timeout=300 \ No newline at end of file diff --git a/hosts/Shura/default.nix b/hosts/Shura/default.nix index a7b20a3..546befb 100644 --- a/hosts/Shura/default.nix +++ b/hosts/Shura/default.nix @@ -15,6 +15,9 @@ let mano-touchpad-bluetooth = pkgs.writeText "info" ( builtins.readFile ./bluetooth/mano-touchpad-bluetooth-params ); + vitrix-pdp-pro-bluetooth = pkgs.writeText "info" ( + builtins.readFile ./bluetooth/vitrix-pdp-pro-params + ); # Use gremlin user's monitor configuration for GDM (desktop monitor primary). See https://discourse.nixos.org/t/gdm-monitor-configuration/6356/4 monitorsXmlContent = builtins.readFile ./monitors.xml; @@ -75,6 +78,7 @@ in "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:0E:DD:72:2F:0C/info - - - - ${shure-aonic-bluetooth}" "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F4:6A:D7:3A:16:75/info - - - - ${xbox-elite-bluetooth}" "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/F8:5D:3C:7D:9A:00/info - - - - ${mano-touchpad-bluetooth}" + "L+ /var/lib/bluetooth/AC:50:DE:9F:AB:88/00:34:30:47:37:AB/info - - - - ${vitrix-pdp-pro-bluetooth}" ]; # Configure the virtual machine created by nixos-rebuild build-vm From a99103dcaaa1651774a6e92820baa1e11347b402 Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 10:04:14 -0400 Subject: [PATCH 16/30] Reconfigure automatic updates (idea from https://forum.aux.computer/t/how-are-you-handling-automatic-updates/752/4) --- hosts/Haven/default.nix | 28 ++++++++++++++++++++++++++++ modules/base/system.nix | 5 +++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index 70faef8..c52c498 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -113,4 +113,32 @@ in # Allow Haven to be a build target for other architectures (mainly ARM64) boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + # Automatically update Flake configuration for other hosts to use + systemd.services."nixos-update-flake" = { + serviceConfig = { + Type = "oneshot"; + User = config.users.users.aires.name; + }; + script = '' + set -eu + cd ${config.users.users.aires.home}/Development/nix-configuration + git pull + nix flake update + git add flake.lock + git commit -m "Update flake.lock" + git push + ''; + }; + + systemd.timers."nixos-update-flake-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-update-flake.service"; + }; + }; } diff --git a/modules/base/system.nix b/modules/base/system.nix index c54461c..6927220 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -29,11 +29,12 @@ # Configure automatic updates system.autoUpgrade = { enable = true; - flake = "${config.users.users.aires.home}/Development/nix-configuration"; + flake = "git+https://${config.secrets.services.forgejo.url}/aires/nix-configuration"; dates = "daily"; + randomizedDelaySec = "30m"; allowReboot = false; operation = "switch"; - flags = [ "--commit-lock-file" ]; + persistent = true; }; services = { From b72d698071c9a1d77bd6de97f3bb0154598f684d Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 10:09:21 -0400 Subject: [PATCH 17/30] Point nix-secrets to Forgejo --- .gitmodules | 4 ---- flake.lock | 22 +++++++++++----------- flake.nix | 2 +- nix-secrets | 1 - 4 files changed, 12 insertions(+), 17 deletions(-) delete mode 160000 nix-secrets diff --git a/.gitmodules b/.gitmodules index a7c947c..e69de29 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +0,0 @@ -[submodule "nix-secrets"] - path = nix-secrets - url = ssh://code.8bitbuddhism.com/aires/nix-secrets.git - branch = main diff --git a/flake.lock b/flake.lock index 1b91de5..8564f75 100644 --- a/flake.lock +++ b/flake.lock @@ -218,11 +218,11 @@ ] }, "locked": { - "lastModified": 1716856858, - "narHash": "sha256-dfNGs2AW/V31nMVeEBSUJCMfT6bZAKJ5qsWgFHWhvUc=", + "lastModified": 1717036776, + "narHash": "sha256-joKTxvywYlKspGGKOIXho6oRbggOPyayEqAyuZCavO0=", "ref": "refs/heads/main", - "rev": "38f31ee7c1a60adae58833789dd855c128b056c6", - "revCount": 85, + "rev": "b4b38e6b5fe18da9464f291ae5fbf2ea9acb9ccb", + "revCount": 86, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -250,17 +250,17 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716827240, - "narHash": "sha256-0LHXNvx7KEsn3j9w/4VtQiEWKrqJmmWn1k/169x/N04=", - "ref": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", - "rev": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", - "revCount": 40, + "lastModified": 1716929428, + "narHash": "sha256-MRMQqR0lXM8ZA92QACu0VjFIcWtxZ0nvEU94VFFuKTo=", + "ref": "refs/heads/main", + "rev": "4db84b723bb2eb21a2c58de565ed89ddb34e6166", + "revCount": 41, "type": "git", - "url": "file:///home/aires/Development/nix-configuration/nix-secrets" + "url": "ssh://forgejo@code.8bitbuddhism.com/aires/nix-secrets" }, "original": { "type": "git", - "url": "file:///home/aires/Development/nix-configuration/nix-secrets" + "url": "ssh://forgejo@code.8bitbuddhism.com/aires/nix-secrets" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 4b9eb0e..8c941c3 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ # "Secrets management" nix-secrets = { - url = "git+file:///home/aires/Development/nix-configuration/nix-secrets"; + url = "git+ssh://forgejo@code.8bitbuddhism.com/aires/nix-secrets"; flake = false; }; diff --git a/nix-secrets b/nix-secrets deleted file mode 160000 index f8a243d..0000000 --- a/nix-secrets +++ /dev/null @@ -1 +0,0 @@ -Subproject commit f8a243d7e9db4689bcfc7726df75d5725daf4b60 From 9b4cd1d0a08fe45db6e1380ba6da4ec2c0c36058 Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 10:14:42 -0400 Subject: [PATCH 18/30] Revert "Point nix-secrets to Forgejo" Actually it might make more sense to keep it, especially for setting up new hosts. --- .gitmodules | 4 ++++ flake.lock | 22 +++++++++++----------- flake.nix | 2 +- nix-secrets | 1 + 4 files changed, 17 insertions(+), 12 deletions(-) create mode 160000 nix-secrets diff --git a/.gitmodules b/.gitmodules index e69de29..a7c947c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "nix-secrets"] + path = nix-secrets + url = ssh://code.8bitbuddhism.com/aires/nix-secrets.git + branch = main diff --git a/flake.lock b/flake.lock index 8564f75..1b91de5 100644 --- a/flake.lock +++ b/flake.lock @@ -218,11 +218,11 @@ ] }, "locked": { - "lastModified": 1717036776, - "narHash": "sha256-joKTxvywYlKspGGKOIXho6oRbggOPyayEqAyuZCavO0=", + "lastModified": 1716856858, + "narHash": "sha256-dfNGs2AW/V31nMVeEBSUJCMfT6bZAKJ5qsWgFHWhvUc=", "ref": "refs/heads/main", - "rev": "b4b38e6b5fe18da9464f291ae5fbf2ea9acb9ccb", - "revCount": 86, + "rev": "38f31ee7c1a60adae58833789dd855c128b056c6", + "revCount": 85, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -250,17 +250,17 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716929428, - "narHash": "sha256-MRMQqR0lXM8ZA92QACu0VjFIcWtxZ0nvEU94VFFuKTo=", - "ref": "refs/heads/main", - "rev": "4db84b723bb2eb21a2c58de565ed89ddb34e6166", - "revCount": 41, + "lastModified": 1716827240, + "narHash": "sha256-0LHXNvx7KEsn3j9w/4VtQiEWKrqJmmWn1k/169x/N04=", + "ref": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", + "rev": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", + "revCount": 40, "type": "git", - "url": "ssh://forgejo@code.8bitbuddhism.com/aires/nix-secrets" + "url": "file:///home/aires/Development/nix-configuration/nix-secrets" }, "original": { "type": "git", - "url": "ssh://forgejo@code.8bitbuddhism.com/aires/nix-secrets" + "url": "file:///home/aires/Development/nix-configuration/nix-secrets" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 8c941c3..4b9eb0e 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ # "Secrets management" nix-secrets = { - url = "git+ssh://forgejo@code.8bitbuddhism.com/aires/nix-secrets"; + url = "git+file:///home/aires/Development/nix-configuration/nix-secrets"; flake = false; }; diff --git a/nix-secrets b/nix-secrets new file mode 160000 index 0000000..f8a243d --- /dev/null +++ b/nix-secrets @@ -0,0 +1 @@ +Subproject commit f8a243d7e9db4689bcfc7726df75d5725daf4b60 From 1580586883bde145d9b7c8ab761f1af06c7e2a7a Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 10:31:11 -0400 Subject: [PATCH 19/30] Think I figured out an automatic update process that also supports fresh installs --- .forgejo/workflows/update.yaml | 37 +++++++++++++++++++++++++--------- flake.lock | 18 ++++++++--------- hosts/Haven/default.nix | 2 +- modules/base/system.nix | 31 +++++++++++++++++++--------- nix-secrets | 2 +- 5 files changed, 60 insertions(+), 30 deletions(-) diff --git a/.forgejo/workflows/update.yaml b/.forgejo/workflows/update.yaml index 36ca244..b30ab13 100644 --- a/.forgejo/workflows/update.yaml +++ b/.forgejo/workflows/update.yaml @@ -1,15 +1,32 @@ on: [push] + jobs: -# format: + # Source: https://github.com/isabelroses/dotfiles/tree/main/.github/workflows + update-lockfile: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + with: + logger: pretty + +# - name: Update Lockfile +# uses: DeterminateSystems/update-flake-lock@main +# id: update +# with: +# pr-title: "chore(deps): flake inputs" +# commit-msg: "chore(deps): flake inputs" +# token: ${{ secrets.GITHUB_TOKEN }} + +# build: # runs-on: nix # steps: +# - run: nix-env -iA nixpkgs.nodejs_20 # - uses: actions/checkout@v4 -# - run: nix --experimental-features 'nix-command flakes' fmt - build: - runs-on: nix - steps: - - run: nix-env -iA nixpkgs.nodejs_20 - - uses: actions/checkout@v4 - - run: nix --experimental-features 'nix-command flakes' flake update - - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven - - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda +# - run: nix --experimental-features 'nix-command flakes' flake update +# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Haven +# - run: nixos-rebuild --experimental-features 'nix-command flakes' build --flake .#Khanda diff --git a/flake.lock b/flake.lock index 1b91de5..e48347f 100644 --- a/flake.lock +++ b/flake.lock @@ -218,11 +218,11 @@ ] }, "locked": { - "lastModified": 1716856858, - "narHash": "sha256-dfNGs2AW/V31nMVeEBSUJCMfT6bZAKJ5qsWgFHWhvUc=", + "lastModified": 1717036776, + "narHash": "sha256-joKTxvywYlKspGGKOIXho6oRbggOPyayEqAyuZCavO0=", "ref": "refs/heads/main", - "rev": "38f31ee7c1a60adae58833789dd855c128b056c6", - "revCount": 85, + "rev": "b4b38e6b5fe18da9464f291ae5fbf2ea9acb9ccb", + "revCount": 86, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -250,11 +250,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716827240, - "narHash": "sha256-0LHXNvx7KEsn3j9w/4VtQiEWKrqJmmWn1k/169x/N04=", - "ref": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", - "rev": "f8a243d7e9db4689bcfc7726df75d5725daf4b60", - "revCount": 40, + "lastModified": 1716929428, + "narHash": "sha256-MRMQqR0lXM8ZA92QACu0VjFIcWtxZ0nvEU94VFFuKTo=", + "ref": "refs/heads/main", + "rev": "4db84b723bb2eb21a2c58de565ed89ddb34e6166", + "revCount": 41, "type": "git", "url": "file:///home/aires/Development/nix-configuration/nix-secrets" }, diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index c52c498..750a0cc 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -123,7 +123,7 @@ in script = '' set -eu cd ${config.users.users.aires.home}/Development/nix-configuration - git pull + git pull --recurse-submodules nix flake update git add flake.lock git commit -m "Update flake.lock" diff --git a/modules/base/system.nix b/modules/base/system.nix index 6927220..e9df776 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -26,15 +26,28 @@ }; }; - # Configure automatic updates - system.autoUpgrade = { - enable = true; - flake = "git+https://${config.secrets.services.forgejo.url}/aires/nix-configuration"; - dates = "daily"; - randomizedDelaySec = "30m"; - allowReboot = false; - operation = "switch"; - persistent = true; + # Configure automatic updates. Replaces system.autoUpgrade. + systemd.services."nixos-update" = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + script = '' + set -eu + cd ${config.users.users.aires.home}/Development/nix-configuration + sudo -u aires git pull --recurse-submodules + nh os switch + ''; + }; + systemd.timers."nixos-update-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-update.service"; + }; }; services = { diff --git a/nix-secrets b/nix-secrets index f8a243d..4db84b7 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit f8a243d7e9db4689bcfc7726df75d5725daf4b60 +Subproject commit 4db84b723bb2eb21a2c58de565ed89ddb34e6166 From 9342ab263a90ce90ec5d6ba60dc21aeeac0115b7 Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 12:19:07 -0400 Subject: [PATCH 20/30] Fix auto-update scripts --- hosts/Haven/default.nix | 9 +++++++++ modules/base/system.nix | 18 ++++++++++++++---- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index 750a0cc..e9864ac 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -120,6 +120,15 @@ in Type = "oneshot"; User = config.users.users.aires.name; }; + path = with pkgs; [ + coreutils + gnutar + xz.bin + gzip + git + config.nix.package.out + openssh + ]; script = '' set -eu cd ${config.users.users.aires.home}/Development/nix-configuration diff --git a/modules/base/system.nix b/modules/base/system.nix index e9df776..7ebc514 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -32,11 +32,21 @@ Type = "oneshot"; User = "root"; }; + path = with pkgs; [ + coreutils + gnutar + xz.bin + gzip + git + config.nix.package.out + nh + openssh + ]; script = '' - set -eu - cd ${config.users.users.aires.home}/Development/nix-configuration - sudo -u aires git pull --recurse-submodules - nh os switch + set -eu + cd ${config.users.users.aires.home}/Development/nix-configuration + sudo -u aires git pull --recurse-submodules + nh os switch ''; }; systemd.timers."nixos-update-timer" = { From 3a044e901a66062dc6109065d7583b1461e22c5e Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 12:46:43 -0400 Subject: [PATCH 21/30] Update flake.lock --- hosts/Haven/default.nix | 5 ++--- modules/base/system.nix | 10 +++++++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index e9864ac..7926ff3 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -120,7 +120,7 @@ in Type = "oneshot"; User = config.users.users.aires.name; }; - path = with pkgs; [ + path = with pkgs; [ # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 coreutils gnutar xz.bin @@ -135,8 +135,7 @@ in git pull --recurse-submodules nix flake update git add flake.lock - git commit -m "Update flake.lock" - git push + git diff --quiet && git diff --staged --quiet || git commit -am "Update flake.lock" && git push # Courtesy of https://stackoverflow.com/a/40255467 ''; }; diff --git a/modules/base/system.nix b/modules/base/system.nix index 7ebc514..1cd21f0 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -43,10 +43,14 @@ openssh ]; script = '' - set -eu cd ${config.users.users.aires.home}/Development/nix-configuration - sudo -u aires git pull --recurse-submodules - nh os switch + # Check if there are changes from Git + sudo -u aires git fetch + sudo -u aires git diff --exit-code main origin/main + if [ $? -eq 1]; then + sudo -u aires git pull --recurse-submodules + nh os search + fi ''; }; systemd.timers."nixos-update-timer" = { From ec3699ffc4f054624ff17b8392f0fa4bdb492b8a Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 12:52:40 -0400 Subject: [PATCH 22/30] Fix auto-update scripts (again, hopefully) --- modules/base/system.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/base/system.nix b/modules/base/system.nix index 1cd21f0..e00170e 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -41,15 +41,16 @@ config.nix.package.out nh openssh + sudo ]; script = '' cd ${config.users.users.aires.home}/Development/nix-configuration # Check if there are changes from Git sudo -u aires git fetch sudo -u aires git diff --exit-code main origin/main - if [ $? -eq 1]; then + if [ $? -eq 1 ]; then sudo -u aires git pull --recurse-submodules - nh os search + nh os switch fi ''; }; From 253d06e319376f9b91fc2e88659932b7cedf396f Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 14:08:19 -0400 Subject: [PATCH 23/30] Break automatic updates out into their own module --- flake.lock | 12 ++-- flake.nix | 2 +- hosts/Haven/default.nix | 6 +- modules/base/programs.nix | 2 +- modules/base/system.nix | 39 ------------ modules/services/autoupgrade.nix | 106 +++++++++++++++++++++++++++++++ nix-secrets | 2 +- 7 files changed, 119 insertions(+), 50 deletions(-) create mode 100644 modules/services/autoupgrade.nix diff --git a/flake.lock b/flake.lock index e48347f..ab3f108 100644 --- a/flake.lock +++ b/flake.lock @@ -250,17 +250,17 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716929428, - "narHash": "sha256-MRMQqR0lXM8ZA92QACu0VjFIcWtxZ0nvEU94VFFuKTo=", + "lastModified": 1717092160, + "narHash": "sha256-dype0zRMyP94Uo8YC1vWQ6lkvXLYMep6+Xo7AW4K9cs=", "ref": "refs/heads/main", - "rev": "4db84b723bb2eb21a2c58de565ed89ddb34e6166", - "revCount": 41, + "rev": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", + "revCount": 42, "type": "git", - "url": "file:///home/aires/Development/nix-configuration/nix-secrets" + "url": "file:./nix-secrets" }, "original": { "type": "git", - "url": "file:///home/aires/Development/nix-configuration/nix-secrets" + "url": "file:./nix-secrets" } }, "nixos-hardware": { diff --git a/flake.nix b/flake.nix index 4b9eb0e..7a7c438 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ # "Secrets management" nix-secrets = { - url = "git+file:///home/aires/Development/nix-configuration/nix-secrets"; + url = "git+file:./nix-secrets"; flake = false; }; diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index 7926ff3..ca57a20 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -50,6 +50,7 @@ in enable = true; home = "/storage/services/airsonic-advanced"; }; + autoUpgrade.pushUpdates = true; boinc.enable = true; cache = { enable = false; # Disable for now @@ -120,7 +121,8 @@ in Type = "oneshot"; User = config.users.users.aires.name; }; - path = with pkgs; [ # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 + path = with pkgs; [ + # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 coreutils gnutar xz.bin @@ -131,7 +133,7 @@ in ]; script = '' set -eu - cd ${config.users.users.aires.home}/Development/nix-configuration + cd ${config.secrets.nixConfigFolder} git pull --recurse-submodules nix flake update git add flake.lock diff --git a/modules/base/programs.nix b/modules/base/programs.nix index ddd29d8..fbd58fa 100644 --- a/modules/base/programs.nix +++ b/modules/base/programs.nix @@ -17,7 +17,7 @@ nh = { enable = true; - flake = "${config.users.users.aires.home}/Development/nix-configuration"; + flake = "${config.secrets.nixConfigFolder}"; # Alternative garbage collection system to nix.gc.automatic clean = { diff --git a/modules/base/system.nix b/modules/base/system.nix index e00170e..f19e31b 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -26,45 +26,6 @@ }; }; - # Configure automatic updates. Replaces system.autoUpgrade. - systemd.services."nixos-update" = { - serviceConfig = { - Type = "oneshot"; - User = "root"; - }; - path = with pkgs; [ - coreutils - gnutar - xz.bin - gzip - git - config.nix.package.out - nh - openssh - sudo - ]; - script = '' - cd ${config.users.users.aires.home}/Development/nix-configuration - # Check if there are changes from Git - sudo -u aires git fetch - sudo -u aires git diff --exit-code main origin/main - if [ $? -eq 1 ]; then - sudo -u aires git pull --recurse-submodules - nh os switch - fi - ''; - }; - systemd.timers."nixos-update-timer" = { - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = "true"; - Unit = "nixos-update.service"; - }; - }; - services = { # Enable fwupd (firmware updater) fwupd.enable = true; diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix new file mode 100644 index 0000000..4f10f84 --- /dev/null +++ b/modules/services/autoupgrade.nix @@ -0,0 +1,106 @@ +# Run automatic updates. Replaces system.autoUpgrade. +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.host.services.autoUpgrade; +in +{ + options = { + host.services.autoUpgrade = { + enable = lib.mkOption { + default = true; + type = lib.types.bool; + description = "Enables automatic system updates."; + }; + pushUpdates = lib.mkEnableOption ( + lib.mdDoc "Updates the flake.lock file and pushes it back to the repo." + ); + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + # Pull and apply updates. + systemd.services."nixos-update" = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + path = with pkgs; [ + coreutils + gnutar + xz.bin + gzip + git + config.nix.package.out + nh + openssh + sudo + ]; + script = '' + cd ${config.users.users.aires.home}/Development/nix-configuration + # Check if there are changes from Git + sudo -u aires git fetch + sudo -u aires git diff --exit-code main origin/main + if [ $? -eq 1 ]; then + sudo -u aires git pull --recurse-submodules + nh os switch + fi + ''; + }; + systemd.timers."nixos-update-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-update.service"; + }; + }; + }) + (lib.mkIf cfg.pushUpdates { + # Automatically update Flake configuration for other hosts to use + systemd.services."nixos-update-flake" = { + serviceConfig = { + Type = "oneshot"; + User = config.users.users.aires.name; + }; + path = with pkgs; [ + # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 + coreutils + gnutar + xz.bin + gzip + git + config.nix.package.out + openssh + ]; + script = '' + set -eu + cd ${config.secrets.nixConfigFolder} + git pull --recurse-submodules + nix flake update + git add flake.lock + git diff --quiet && git diff --staged --quiet || git commit -am "Update flake.lock" && git push # Courtesy of https://stackoverflow.com/a/40255467 + ''; + }; + + systemd.timers."nixos-update-flake-timer" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = "true"; + Unit = "nixos-update-flake.service"; + }; + }; + }) + ]; +} diff --git a/nix-secrets b/nix-secrets index 4db84b7..42ddf14 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit 4db84b723bb2eb21a2c58de565ed89ddb34e6166 +Subproject commit 42ddf14d36d9fab1eb070f51fdf1991d1a21dde9 From f47d85b5a6702b62cb131b29e39fe20c0a355427 Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 14:10:42 -0400 Subject: [PATCH 24/30] Commit lock file, ya goof --- flake.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index ab3f108..9b117bc 100644 --- a/flake.lock +++ b/flake.lock @@ -252,7 +252,7 @@ "locked": { "lastModified": 1717092160, "narHash": "sha256-dype0zRMyP94Uo8YC1vWQ6lkvXLYMep6+Xo7AW4K9cs=", - "ref": "refs/heads/main", + "ref": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", "rev": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", "revCount": 42, "type": "git", From 3f55ebdbe3c25a01b1d4139a39b4faf11f0106f9 Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 15:38:48 -0400 Subject: [PATCH 25/30] Minor tweak --- modules/services/autoupgrade.nix | 48 ++++++++++++++++---------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix index 4f10f84..51a4e41 100644 --- a/modules/services/autoupgrade.nix +++ b/modules/services/autoupgrade.nix @@ -8,6 +8,20 @@ let cfg = config.host.services.autoUpgrade; + + # List of packages to include in each service's $PATH + pathPks = with pkgs; [ + # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 + coreutils + gnutar + xz.bin + gzip + git + config.nix.package.out + nh + openssh + sudo + ]; in { options = { @@ -31,22 +45,14 @@ in Type = "oneshot"; User = "root"; }; - path = with pkgs; [ - coreutils - gnutar - xz.bin - gzip - git - config.nix.package.out - nh - openssh - sudo - ]; + path = pathPkgs; script = '' - cd ${config.users.users.aires.home}/Development/nix-configuration - # Check if there are changes from Git + cd ${config.secret.nixConfigFolder} + # Check if there are changes from Git. + # Since we're running this as root, we need to su into the user who owns the config folder. sudo -u aires git fetch sudo -u aires git diff --exit-code main origin/main + # If we have changes (git diff returns 1), pull changes and run the update if [ $? -eq 1 ]; then sudo -u aires git pull --recurse-submodules nh os switch @@ -71,23 +77,17 @@ in Type = "oneshot"; User = config.users.users.aires.name; }; - path = with pkgs; [ - # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 - coreutils - gnutar - xz.bin - gzip - git - config.nix.package.out - openssh - ]; + path = pathPkgs; + # Git diffing strategy courtesy of https://stackoverflow.com/a/40255467 script = '' set -eu cd ${config.secrets.nixConfigFolder} + # Make sure we're up-to-date git pull --recurse-submodules nix flake update git add flake.lock - git diff --quiet && git diff --staged --quiet || git commit -am "Update flake.lock" && git push # Courtesy of https://stackoverflow.com/a/40255467 + # Only commit and push if the lock file has changed, otherwise quietly exit + git diff --quiet && git diff --staged --quiet || git commit -am "Update flake.lock" && git push ''; }; From 28b14a9ce39450ad56400bd02035e5b92f86d482 Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 18:02:54 -0400 Subject: [PATCH 26/30] Typos --- flake.lock | 2 +- modules/services/autoupgrade.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 9b117bc..ab3f108 100644 --- a/flake.lock +++ b/flake.lock @@ -252,7 +252,7 @@ "locked": { "lastModified": 1717092160, "narHash": "sha256-dype0zRMyP94Uo8YC1vWQ6lkvXLYMep6+Xo7AW4K9cs=", - "ref": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", + "ref": "refs/heads/main", "rev": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", "revCount": 42, "type": "git", diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix index 51a4e41..fca180f 100644 --- a/modules/services/autoupgrade.nix +++ b/modules/services/autoupgrade.nix @@ -10,7 +10,7 @@ let cfg = config.host.services.autoUpgrade; # List of packages to include in each service's $PATH - pathPks = with pkgs; [ + pathPkgs = with pkgs; [ # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 coreutils gnutar @@ -47,7 +47,7 @@ in }; path = pathPkgs; script = '' - cd ${config.secret.nixConfigFolder} + cd ${config.secrets.nixConfigFolder} # Check if there are changes from Git. # Since we're running this as root, we need to su into the user who owns the config folder. sudo -u aires git fetch From 7faea4abd5b7ea1f3eee1f5198297dad20ed52f1 Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 30 May 2024 23:22:49 -0400 Subject: [PATCH 27/30] Use nix flake update --commit-lock-file --- modules/services/autoupgrade.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix index 4f10f84..ed5e450 100644 --- a/modules/services/autoupgrade.nix +++ b/modules/services/autoupgrade.nix @@ -85,9 +85,8 @@ in set -eu cd ${config.secrets.nixConfigFolder} git pull --recurse-submodules - nix flake update - git add flake.lock - git diff --quiet && git diff --staged --quiet || git commit -am "Update flake.lock" && git push # Courtesy of https://stackoverflow.com/a/40255467 + nix flake update --commit-lock-file + git push ''; }; From be463aee1742e68e98ba022cd44d9ec8076958e7 Mon Sep 17 00:00:00 2001 From: Andre Date: Fri, 31 May 2024 00:00:43 -0400 Subject: [PATCH 28/30] Update flake.lock --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index ab3f108..cd4a53c 100644 --- a/flake.lock +++ b/flake.lock @@ -252,7 +252,7 @@ "locked": { "lastModified": 1717092160, "narHash": "sha256-dype0zRMyP94Uo8YC1vWQ6lkvXLYMep6+Xo7AW4K9cs=", - "ref": "refs/heads/main", + "ref": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", "rev": "42ddf14d36d9fab1eb070f51fdf1991d1a21dde9", "revCount": 42, "type": "git", @@ -313,11 +313,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1716966868, - "narHash": "sha256-I5dlFm936SkuUu9haYabEBCUPeX6EuXLT1uFkEM/lbY=", + "lastModified": 1717090882, + "narHash": "sha256-Up5tvtY9YlVEyVn9hfZcxFQi5qVhQ5hdVNGPQOUchNw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fafeae3d248c41c6c8a2ab5e09f9e2d3de706ef8", + "rev": "d24e7fdcfaecdca496ddd426cae98c9e2d12dfe8", "type": "github" }, "original": { From 0234b928ffd37285d29e1583a7efc760e8e8ea67 Mon Sep 17 00:00:00 2001 From: Andre Date: Fri, 31 May 2024 12:45:42 -0400 Subject: [PATCH 29/30] Make sure git diff doesn't result in a failed upgrade service --- modules/services/autoupgrade.nix | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix index 1d31a8c..d62fc99 100644 --- a/modules/services/autoupgrade.nix +++ b/modules/services/autoupgrade.nix @@ -13,14 +13,14 @@ let pathPkgs = with pkgs; [ # Courtesy of https://discourse.nixos.org/t/how-to-use-other-packages-binary-in-systemd-service-configuration/14363 coreutils - gnutar - xz.bin - gzip git + gnutar + gzip config.nix.package.out nh - openssh + config.programs.ssh.package sudo + xz.bin ]; in { @@ -40,7 +40,7 @@ in config = lib.mkMerge [ (lib.mkIf cfg.enable { # Pull and apply updates. - systemd.services."nixos-update" = { + systemd.services."nixos-upgrade" = { serviceConfig = { Type = "oneshot"; User = "root"; @@ -49,30 +49,33 @@ in script = '' cd ${config.secrets.nixConfigFolder} # Check if there are changes from Git. - # Since we're running this as root, we need to su into the user who owns the config folder. + echo "Pulling latest version..." sudo -u aires git fetch - sudo -u aires git diff --exit-code main origin/main + sudo -u aires git diff --quiet --exit-code main origin/main || true # If we have changes (git diff returns 1), pull changes and run the update if [ $? -eq 1 ]; then + echo "Updates found, running nixos-rebuild..." sudo -u aires git pull --recurse-submodules nh os switch + else + echo "No updates found. Exiting." fi ''; }; - systemd.timers."nixos-update-timer" = { + systemd.timers."nixos-upgrade-timer" = { wants = [ "network-online.target" ]; after = [ "network-online.target" ]; wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "daily"; Persistent = "true"; - Unit = "nixos-update.service"; + Unit = "nixos-upgrade.service"; }; }; }) (lib.mkIf cfg.pushUpdates { # Automatically update Flake configuration for other hosts to use - systemd.services."nixos-update-flake" = { + systemd.services."nixos-upgrade-flake" = { serviceConfig = { Type = "oneshot"; User = config.users.users.aires.name; @@ -83,20 +86,21 @@ in set -eu cd ${config.secrets.nixConfigFolder} # Make sure we're up-to-date + echo "Pulling the latest version..." git pull --recurse-submodules nix flake update --commit-lock-file git push ''; }; - systemd.timers."nixos-update-flake-timer" = { + systemd.timers."nixos-upgrade-flake-timer" = { wants = [ "network-online.target" ]; after = [ "network-online.target" ]; wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "daily"; Persistent = "true"; - Unit = "nixos-update-flake.service"; + Unit = "nixos-upgrade-flake.service"; }; }; }) From 020d802e4df3f94c010888d07dbe6c8521514ece Mon Sep 17 00:00:00 2001 From: Andre Date: Sat, 1 Jun 2024 00:00:40 -0400 Subject: [PATCH 30/30] Update flake.lock --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index cd4a53c..afe9f93 100644 --- a/flake.lock +++ b/flake.lock @@ -313,11 +313,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1717090882, - "narHash": "sha256-Up5tvtY9YlVEyVn9hfZcxFQi5qVhQ5hdVNGPQOUchNw=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d24e7fdcfaecdca496ddd426cae98c9e2d12dfe8", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": {