Services: update autoupgrade

hosts/Shura/default.nix

@@ -52,8 +52,6 @@ in
     # Enable GPU support.
     gpu.amd.enable = true;
 
-    nixos-upgrade-script.enable = true;
-
     packages = with pkgs; [
       boinc # Boinc client
       keepassxc # Use native instead of Flatpak due to weird performance issues

modules/services/autoupgrade.nix

@@ -8,15 +8,6 @@ in
   options = {
     aux.system.services.autoUpgrade = {
       enable = lib.mkEnableOption "Enables automatic system updates.";
-      branches = lib.mkOption {
-        type = lib.types.attrs;
-        description = "Which local and remote branches to compare.";
-        default = {
-          local = "main";
-          remote = "main";
-          remoteName = "origin";
-        };
-      };
       configDir = lib.mkOption {
         type = lib.types.str;
         description = "Path where your NixOS configuration files are stored.";
@@ -39,42 +30,35 @@ in
     };
   };
 
-  config = lib.mkMerge [
+  config = lib.mkIf cfg.enable {
-    (lib.mkIf cfg.enable {
+    # Assert that system.autoUpgrade is not also enabled
-      # Assert that system.autoUpgrade is not also enabled
+    assertions = [
-      assertions = [
+      {
-        {
+        assertion = !config.system.autoUpgrade.enable;
-          assertion = !config.system.autoUpgrade.enable;
+        message = "The system.autoUpgrade option conflicts with this module.";
-          message = "The system.autoUpgrade option conflicts with this module.";
+      }
-        }
+    ];
-      ];
 
-      # Pull and apply updates.
+    # Deploy update script
-      systemd.services."nixos-upgrade" = {
+    aux.system.nixos-upgrade-script.enable = true;
+
+    # Pull and apply updates.
+    systemd = {
+      services."nixos-upgrade" = {
         serviceConfig = {
           Type = "oneshot";
           User = "root";
         };
         path = config.aux.system.corePackages;
         unitConfig.RequiresMountsFor = cfg.configDir;
-        # Git diffing strategy courtesy of https://stackoverflow.com/a/40255467
+        script = lib.strings.concatStrings [
-        script = ''
+          "/run/current-system/sw/bin/nixos-upgrade-script --operation switch "
-          cd ${cfg.configDir}
+          (lib.mkIf (cfg.configDir != "") "--flake ${cfg.configDir} ").content
-          # Check if there are changes from Git.
+          (lib.mkIf (cfg.user != "") "--user ${cfg.user} ").content
-          echo "Pulling latest version..."
+          (lib.mkIf (!cfg.pushUpdates) "--no-update").content
-          /run/wrappers/bin/sudo -u ${cfg.user} git fetch
+        ];
-          /run/wrappers/bin/sudo -u ${cfg.user} git diff --quiet --exit-code ${cfg.branches.local} ${cfg.branches.remoteName}/${cfg.branches.remote} || true
-          # If we have changes (git diff returns 1), pull changes and run the update
-          if [ $? -eq 1 ]; then
-            echo "Updates found, running nixos-rebuild..."
-            /run/wrappers/bin/sudo -u ${cfg.user} git pull
-            nixos-rebuild switch --flake .
-          else
-            echo "No updates found. Exiting."
-          fi
-        '';
       };
-      systemd.timers."nixos-upgrade" = {
+      timers."nixos-upgrade" = {
         wants = [ "network-online.target" ];
         after = [ "network-online.target" ];
         wantedBy = [ "timers.target" ];
@@ -85,39 +69,6 @@ in
           RandomizedDelaySec = "30m";
         };
       };
-    })
+    };
-    (lib.mkIf cfg.pushUpdates {
+  };
-      # Automatically update Flake configuration for other hosts to use
-      systemd.services."nixos-upgrade-flake" = {
-        serviceConfig = {
-          Type = "oneshot";
-          User = cfg.user;
-        };
-        path = config.aux.system.corePackages;
-        unitConfig.RequiresMountsFor = cfg.configDir;
-        script = ''
-          set -eu
-          cd ${cfg.configDir}
-          # Make sure we're up-to-date
-          echo "Pulling the latest version..."
-          /run/wrappers/bin/sudo -u ${cfg.user} git pull
-          echo "Checking for updates..."
-          /run/wrappers/bin/sudo -u ${cfg.user} nix flake update --commit-lock-file
-          echo "Pushing any changes..."
-          /run/wrappers/bin/sudo -u ${cfg.user} git push
-        '';
-      };
-
-      systemd.timers."nixos-upgrade-flake" = {
-        wants = [ "network-online.target" ];
-        after = [ "network-online.target" ];
-        wantedBy = [ "timers.target" ];
-        timerConfig = {
-          OnCalendar = cfg.onCalendar;
-          Persistent = cfg.persistent;
-          Unit = "nixos-upgrade-flake.service";
-        };
-      };
-    })
-  ];
 }

modules/system/nix.nix

@@ -45,6 +45,7 @@ in
           allowed-users = with config.users.users; [
             root.name
             (lib.mkIf config.aux.system.users.aires.enable aires.name)
+            (lib.mkIf config.aux.system.users.gremlin.enable gremlin.name)
           ];
 
           # Avoid signature verification messages when doing remote builds