1
0
Fork 0

General: cleanup NixOS helper script

This commit is contained in:
Aires 2024-09-29 16:06:16 -04:00
parent 0996a02659
commit b34a43ed4c
2 changed files with 86 additions and 92 deletions

View file

@ -7,46 +7,26 @@ hostname=$(hostname) # The name of the host to build
flakeDir="." # Path to the flake file (and optionally the hostname) flakeDir="." # Path to the flake file (and optionally the hostname)
remainingArgs="" # All remaining arguments that haven't been processed remainingArgs="" # All remaining arguments that haven't been processed
commit=true # Whether to update git (true by default) commit=true # Whether to update git (true by default)
buildHost="" # Which host to build the system on.
function usage() { function usage() {
echo "Usage: nixos-upgrade-script.sh [-o|--operation operation] [-f|--flake path-to-flake-file] [extra nixos-rebuild parameters]" echo "Usage: nixos-upgrade-script.sh [-o|--operation operation] [-f|--flake path-to-flake-file] [extra nixos-rebuild parameters]"
echo "Options:" echo "Options:"
echo " -h | --help Show this help screen." echo " -h | --help Show this help screen."
echo " -o | --operation The nixos-rebuild operation to perform." echo " -o | --operation The nixos-rebuild operation to perform."
echo " -H | --host The host to build." echo " -f | --flake <path> The path to the flake file."
echo " -f | --flake <path> The path to the flake file (and optionally the hostname)."
echo " -n | --no-commit Don't update and commit the lock file." echo " -n | --no-commit Don't update and commit the lock file."
echo " --build-host <hostname> The SSH name of the host to build the system on."
exit 2 exit 2
} }
function run_operation { function run_operation {
echo "Full operation: nixos-rebuild $1 --flake $flakeDir#$hostname $( [ "$buildHost" != "" ] && echo "--build-host $buildHost" ) $remainingArgs --use-remote-sudo" echo "Running this operation: nixos-rebuild $1 --flake $flakeDir $remainingArgs --use-remote-sudo"
nixos-rebuild $operation --flake .#$hostname $remainingArgs --use-remote-sudo --log-format multiline-with-logs nixos-rebuild $operation --flake $flakeDir $remainingArgs --use-remote-sudo --log-format multiline-with-logs
# Only request super-user permission if we're switching
#if [[ "$1" =~ ^(switch|boot|test)$ ]]; then
# nixos-rebuild $operation --flake .#$hostname $remainingArgs --use-remote-sudo
#else
# nixos-rebuild $operation --flake .#$hostname $remainingArgs
#fi
} }
# Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash # Argument processing logic shamelessly stolen from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash
POSITIONAL_ARGS=() POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
--build-host|-b)
buildHost="$2"
shift
shift
;;
--host|--hostname|-H)
hostname="$2"
shift
shift
;;
--flake|-f) --flake|-f)
flakeDir="$2" flakeDir="$2"
shift shift
@ -75,11 +55,20 @@ done
remainingArgs=${POSITIONAL_ARGS[@]} remainingArgs=${POSITIONAL_ARGS[@]}
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
if [ -z "${FLAKE_DIR}" ]; then
echo "Flake directory not specified. Use '--flake [directory]' or set the $FLAKE_DIR environment variable."
exit 1
else
flakeDir=$FLAKE_DIR
fi
cd $flakeDir cd $flakeDir
echo "Pulling the latest version of the repository..."
git pull git pull
if [ $commit = true ]; then if [ $commit = true ]; then
echo "Update and push lock file" echo "Checking for updates..."
nix flake update --commit-lock-file nix flake update --commit-lock-file
git push git push
fi fi

View file

@ -26,76 +26,81 @@ in
nixos-upgrade-script.enable = lib.mkEnableOption "Installs the nos (nixos-upgrade-script) helper script."; nixos-upgrade-script.enable = lib.mkEnableOption "Installs the nos (nixos-upgrade-script) helper script.";
}; };
}; };
config = { config = lib.mkMerge [
nixpkgs.config.allowUnfree = cfg.allowUnfree; {
nix = { nixpkgs.config.allowUnfree = cfg.allowUnfree;
settings = { nix = {
# Enable Flakes settings = {
experimental-features = [ # Enable Flakes
"nix-command" experimental-features = [
"flakes" "nix-command"
"flakes"
];
# Use Lix instead of Nix
substituters = [ "https://cache.lix.systems" ];
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
# Only allow these users to use Nix
allowed-users = with config.users.users; [
root.name
(lib.mkIf config.aux.system.users.aires.enable aires.name)
];
# Avoid signature verification messages when doing remote builds
trusted-users = with config.users.users; [
root.name
(lib.mkIf config.aux.system.users.aires.enable aires.name)
];
};
# Optimize the Nix store on each build
settings.auto-optimise-store = true;
# Enable garbage collection
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than ${cfg.retentionPeriod}";
persistent = true;
randomizedDelaySec = "1hour";
};
# Configure NixOS to use the same software channel as Flakes
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
# Configure remote build machines
# To enable a system to use remote build machines, add `nix.distributedBuilds = true;` to its config
buildMachines = [
{
hostName = "hevana";
systems = [
"x86_64-linux"
"aarch64-linux"
];
protocol = "ssh-ng";
supportedFeatures = [
"nixos-test"
"kvm"
"benchmark"
"big-parallel"
];
}
]; ];
# Use Lix instead of Nix # When using a builder, use its package store
substituters = [ "https://cache.lix.systems" ]; extraOptions = ''
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; builders-use-substitutes = true
'';
# Only allow these users to use Nix
allowed-users = with config.users.users; [
root.name
(lib.mkIf config.aux.system.users.aires.enable aires.name)
];
# Avoid signature verification messages when doing remote builds
trusted-users = with config.users.users; [
root.name
(lib.mkIf config.aux.system.users.aires.enable aires.name)
];
}; };
# Optimize the Nix store on each build # Support for standard, dynamically-linked executables
settings.auto-optimise-store = true; programs.nix-ld.enable = true;
# Enable garbage collection }
gc = { (lib.mkIf cfg.nixos-upgrade-script.enable {
automatic = true; # Enable and configure NOS
dates = "weekly"; aux.system.packages = [ nixos-upgrade-script ];
options = "--delete-older-than ${cfg.retentionPeriod}"; environment.variables."FLAKE_DIR" = config.secrets.nixConfigFolder;
persistent = true; })
randomizedDelaySec = "1hour"; ];
};
# Configure NixOS to use the same software channel as Flakes
registry.nixpkgs.flake = inputs.nixpkgs;
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
# Configure remote build machines
# To enable a system to use remote build machines, add `nix.distributedBuilds = true;` to its config
buildMachines = [
{
hostName = "hevana";
systems = [
"x86_64-linux"
"aarch64-linux"
];
protocol = "ssh-ng";
supportedFeatures = [
"nixos-test"
"kvm"
"benchmark"
"big-parallel"
];
}
];
# When using a builder, use its package store
extraOptions = ''
builders-use-substitutes = true
'';
};
# Support for standard, dynamically-linked executables
programs.nix-ld.enable = true;
aux.system.packages = [ (lib.mkIf cfg.nixos-upgrade-script.enable nixos-upgrade-script) ];
};
} }