diff --git a/bin/nixos-upgrade-script.sh b/bin/nixos-upgrade-script.sh new file mode 100755 index 0000000..a21f615 --- /dev/null +++ b/bin/nixos-upgrade-script.sh @@ -0,0 +1,95 @@ +#!/usr/bin/env bash +# Wrapper script for nixos-rebuild + +#set -e + +# Configuration parameters +operation="switch" # The nixos-rebuild operation to use +hostname=$(hostname) # The name of the host to build +flakeDir="." # Path to the flake file (and optionally the hostname) +remainingArgs="" # All remaining arguments that haven't been processed +commit=true # Whether to update git (true by default) +buildHost="" # Which host to build the system on. + +function usage() { + echo "Usage: nixos-upgrade-script.sh [-o|--operation operation] [-f|--flake path-to-flake-file] [extra nixos-rebuild parameters]" + echo "Options:" + echo " -h | --help Show this help screen." + echo " -o | --operation The nixos-rebuild operation to perform." + echo " -H | --host The host to build." + echo " -f | --flake The path to the flake file (and optionally the hostname)." + echo " -n | --no-commit Don't update and commit the lock file." + echo " --build-host The SSH name of the host to build the system on." + exit 2 +} + +function run_operation { + echo "Full operation: nixos-rebuild $1 --flake $flakeDir#$hostname $( [ "$buildHost" != "" ] && echo "--build-host $buildHost" ) $remainingArgs" + + # Only request super-user permission if we're switching + if [[ "$1" =~ ^(switch|boot|test)$ ]]; then + sudo nixos-rebuild $operation --flake .#$hostname $remainingArgs + else + nixos-rebuild $operation --flake .#$hostname $remainingArgs + fi +} + +# Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash +POSITIONAL_ARGS=() +while [[ $# -gt 0 ]]; do + case "$1" in + --build-host|-b) + buildHost="$2" + shift + shift + ;; + --host|--hostname|-H) + hostname="$2" + shift + shift + ;; + --flake|-f) + flakeDir="$2" + shift + shift + ;; + --no-commit|-n) + commit=false + shift + shift + ;; + --operation|-o) + operation="$2" + shift + shift + ;; + --help|-h) + usage + shift + ;; + *) + POSITIONAL_ARGS+=("$1") # save positional arg + shift # past argument + ;; + esac +done +remainingArgs=${POSITIONAL_ARGS[@]} +set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters + +cd $flakeDir +git pull + +if [ $commit = true ]; then + echo "Update and push lock file" + nix flake update --commit-lock-file + git push +fi + +# If this is a remote build, run the build as non-sudo first +if [[ "$buildHost" != "" ]]; then + run_operation "build" +fi + +run_operation $operation + +exit 0 diff --git a/hosts/Shura/default.nix b/hosts/Shura/default.nix index 702c57d..1a841e3 100644 --- a/hosts/Shura/default.nix +++ b/hosts/Shura/default.nix @@ -52,6 +52,12 @@ in # Enable GPU support. gpu.amd.enable = true; + nixos-upgrade-script = { + enable = true; + configDir = config.secrets.nixConfigFolder; + user = config.users.users.aires.name; + }; + packages = with pkgs; [ boinc # Boinc client keepassxc # Use native instead of Flatpak due to weird performance issues diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix index a0cf952..9e2913b 100644 --- a/modules/services/autoupgrade.nix +++ b/modules/services/autoupgrade.nix @@ -82,6 +82,7 @@ in OnCalendar = cfg.onCalendar; Persistent = cfg.persistent; Unit = "nixos-upgrade.service"; + RandomizedDelaySec = "30m"; }; }; }) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index c79142c..5cf4d6b 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -1,13 +1,18 @@ # Core Nix configuration { config, - lib, inputs, + lib, + pkgs, ... }: let cfg = config.aux.system; + + nixos-upgrade-script = pkgs.writeShellScriptBin "nixos-upgrade-script" ( + builtins.readFile ../../bin/nixos-upgrade-script.sh + ); in { options = { @@ -18,6 +23,17 @@ in type = lib.types.str; default = "monthly"; }; + nixos-upgrade-script = { + enable = lib.mkEnableOption "Installs the nos (nixos-upgrade-script) helper script."; + configDir = lib.mkOption { + type = lib.types.str; + description = "Path to your NixOS configuration files."; + }; + user = lib.mkOption { + type = lib.types.str; + description = "The user to run the upgrade script as."; + }; + }; }; }; config = { @@ -37,13 +53,14 @@ in # Only allow these users to use Nix allowed-users = with config.users.users; [ root.name - aires.name + (lib.mkIf config.aux.system.users.aires.enable aires.name) ]; # Avoid signature verification messages when doing remote builds - trusted-users = - with config.users.users; - [ aires.name ] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ gremlin.name ]; + trusted-users = with config.users.users; [ + root.name + (lib.mkIf config.aux.system.users.aires.enable aires.name) + ]; }; # Optimize the Nix store on each build @@ -88,5 +105,7 @@ in # Support for standard, dynamically-linked executables programs.nix-ld.enable = true; + + aux.system.packages = [ (lib.mkIf cfg.nixos-upgrade-script.enable nixos-upgrade-script) ]; }; } diff --git a/modules/ui/desktops/gnome.nix b/modules/ui/desktops/gnome.nix index 29ef179..e5b54f3 100644 --- a/modules/ui/desktops/gnome.nix +++ b/modules/ui/desktops/gnome.nix @@ -48,7 +48,9 @@ in ] } ''; - extraGSettingsOverridePackages = lib.mkIf (cfg.experimental.fractionalScaling.enable || cfg.experimental.vrr.enable) [ pkgs.gnome.mutter ]; + extraGSettingsOverridePackages = lib.mkIf ( + cfg.experimental.fractionalScaling.enable || cfg.experimental.vrr.enable + ) [ pkgs.gnome.mutter ]; }; displayManager.gdm.enable = true; };