General: custom NixOS upgrade helper script

2024-09-28 00:47:38 -04:00 · 2024-09-28 00:47:38 -04:00 · 8dbd4b4b69
parent 7f2c5c5bff
commit 8dbd4b4b69
5 changed files with 129 additions and 6 deletions
--- a/bin/nixos-upgrade-script.sh
+++ b/bin/nixos-upgrade-script.sh
@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+# Wrapper script for nixos-rebuild
+
+#set -e
+
+# Configuration parameters
+operation="switch"		# The nixos-rebuild operation to use
+hostname=$(hostname)	# The name of the host to build
+flakeDir="."					# Path to the flake file (and optionally the hostname)
+remainingArgs=""			# All remaining arguments that haven't been processed
+commit=true						# Whether to update git (true by default)
+buildHost=""					# Which host to build the system on.
+
+function usage() {
+	echo "Usage: nixos-upgrade-script.sh [-o|--operation operation] [-f|--flake path-to-flake-file] [extra nixos-rebuild parameters]"
+	echo "Options:"
+	echo "	-h | --help	Show this help screen."
+	echo "	-o | --operation	The nixos-rebuild operation to perform."
+	echo "	-H | --host	The host to build."
+	echo "  -f | --flake <path>	The path to the flake file (and optionally the hostname)."
+	echo "  -n | --no-commit Don't update and commit the lock file."
+	echo "  --build-host <hostname> The SSH name of the host to build the system on."
+	exit 2
+}
+
+function run_operation {
+	echo "Full operation: nixos-rebuild $1 --flake $flakeDir#$hostname $( [ "$buildHost" != "" ] && echo "--build-host $buildHost" ) $remainingArgs"
+
+	# Only request super-user permission if we're switching
+	if [[ "$1" =~ ^(switch|boot|test)$ ]]; then
+		sudo nixos-rebuild $operation --flake .#$hostname $remainingArgs
+	else
+		nixos-rebuild $operation --flake .#$hostname $remainingArgs
+	fi
+} 
+
+# Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
+POSITIONAL_ARGS=()
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+	--build-host|-b)
+		buildHost="$2"
+		shift
+		shift
+		;;
+	--host|--hostname|-H)
+		hostname="$2"
+		shift
+		shift
+		;;
+	--flake|-f)
+		flakeDir="$2"
+		shift
+		shift
+		;;
+	--no-commit|-n)
+		commit=false
+		shift
+		shift
+		;;
+	--operation|-o)
+		operation="$2"
+		shift
+		shift
+		;;
+	--help|-h)
+		usage
+		shift
+		;;
+	*)
+		POSITIONAL_ARGS+=("$1") # save positional arg
+      	shift # past argument
+		;;
+	esac
+done
+remainingArgs=${POSITIONAL_ARGS[@]}
+set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
+
+cd $flakeDir
+git pull
+
+if [ $commit = true ]; then
+	echo "Update and push lock file"
+	nix flake update --commit-lock-file
+	git push
+fi
+
+# If this is a remote build, run the build as non-sudo first
+if [[ "$buildHost" != "" ]]; then
+	run_operation "build"
+fi
+
+run_operation $operation
+
+exit 0
--- a/hosts/Shura/default.nix
+++ b/hosts/Shura/default.nix
@ -52,6 +52,12 @@ in
    # Enable GPU support.
    gpu.amd.enable = true;

+    nixos-upgrade-script = {
+      enable = true;
+      configDir = config.secrets.nixConfigFolder;
+      user = config.users.users.aires.name;
+    };
+
    packages = with pkgs; [
      boinc # Boinc client
      keepassxc # Use native instead of Flatpak due to weird performance issues
--- a/modules/services/autoupgrade.nix
+++ b/modules/services/autoupgrade.nix
@ -82,6 +82,7 @@ in
          OnCalendar = cfg.onCalendar;
          Persistent = cfg.persistent;
          Unit = "nixos-upgrade.service";
+          RandomizedDelaySec = "30m";
        };
      };
    })
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@ -1,13 +1,18 @@
 # Core Nix configuration
 {
  config,
-  lib,
  inputs,
+  lib,
+  pkgs,
  ...
 }:

 let
  cfg = config.aux.system;
+
+  nixos-upgrade-script = pkgs.writeShellScriptBin "nixos-upgrade-script" (
+    builtins.readFile ../../bin/nixos-upgrade-script.sh
+  );
 in
 {
  options = {
@ -18,6 +23,17 @@ in
        type = lib.types.str;
        default = "monthly";
      };
+      nixos-upgrade-script = {
+        enable = lib.mkEnableOption "Installs the nos (nixos-upgrade-script) helper script.";
+        configDir = lib.mkOption {
+          type = lib.types.str;
+          description = "Path to your NixOS configuration files.";
+        };
+        user = lib.mkOption {
+          type = lib.types.str;
+          description = "The user to run the upgrade script as.";
+        };
+      };
    };
  };
  config = {
@ -37,13 +53,14 @@ in
        # Only allow these users to use Nix
        allowed-users = with config.users.users; [
          root.name
-          aires.name
+          (lib.mkIf config.aux.system.users.aires.enable aires.name)
        ];

        # Avoid signature verification messages when doing remote builds
-        trusted-users =
-          with config.users.users;
-          [ aires.name ] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ gremlin.name ];
+        trusted-users = with config.users.users; [
+          root.name
+          (lib.mkIf config.aux.system.users.aires.enable aires.name)
+        ];
      };

      # Optimize the Nix store on each build
@ -88,5 +105,7 @@ in

    # Support for standard, dynamically-linked executables
    programs.nix-ld.enable = true;
+
+    aux.system.packages = [ (lib.mkIf cfg.nixos-upgrade-script.enable nixos-upgrade-script) ];
  };
 }
--- a/modules/ui/desktops/gnome.nix
+++ b/modules/ui/desktops/gnome.nix
@ -48,7 +48,9 @@ in
              ]
            }
          '';
-          extraGSettingsOverridePackages = lib.mkIf (cfg.experimental.fractionalScaling.enable || cfg.experimental.vrr.enable) [ pkgs.gnome.mutter ];
+          extraGSettingsOverridePackages = lib.mkIf (
+            cfg.experimental.fractionalScaling.enable || cfg.experimental.vrr.enable
+          ) [ pkgs.gnome.mutter ];
        };
        displayManager.gdm.enable = true;
      };