emily/nixfiles
emily/nixfiles
1
0
Fork 1
Code Issues Pull requests Activity

added upgrade systemd service

Browse source
This commit is contained in:
emily 2024-05-14 03:08:06 +02:00
parent 063e13b13f
commit d9138d415d
Signed by: emily
GPG key ID: F6F4C66207FCF995
5 changed files with 81 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/common/default.nix
View file

@ -28,7 +28,10 @@ with lib; {
fish.enable = true; fish.enable = true;
}; };
kyouma.deployment.tags = [ "all" ]; kyouma.deployment = {
tags = [ "all" ];
upgradeSystem.enable = true;
};
security.dhparams.defaultBitSize = 4096; security.dhparams.defaultBitSize = 4096;

7
flake.nix
View file

@ -104,6 +104,9 @@
overlays = { overlays = {
kyouma = import ./pkgs/overlay.nix; kyouma = import ./pkgs/overlay.nix;
otherPkgs = final: prev: {
nixos-needsreboot = (inputs.nixos-needsreboot.packages.${final.system}.default);
};
default = self.overlays.kyouma; default = self.overlays.kyouma;
}; };
hydraJobs = { hydraJobs = {
@ -115,9 +118,7 @@
inherit system; inherit system;
overlays = [ overlays = [
self.overlays.kyouma self.overlays.kyouma
(_: _: { self.overlays.otherPkgs
nixos-needsreboot = (inputs.nixos-needsreboot.packages.${system}.default);
})
]; ];
}; };
in { in {

2
lib/shinyflakes/default.nix
View file

@ -31,7 +31,7 @@
../../config/hosts/${hostname}/configuration.nix ../../config/hosts/${hostname}/configuration.nix
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
({ ... }: { ({ ... }: {
nixpkgs.overlays = [ self.overlays.kyouma ]; nixpkgs.overlays = [ self.overlays.kyouma self.overlays.otherPkgs ];
nixpkgs.hostPlatform.system = system; nixpkgs.hostPlatform.system = system;
}) })
]; ];

59
modules/deployment/default.nix
View file

@ -1,14 +1,65 @@
{ lib, ... }: with lib; { { config, lib, pkgs, ... }:
with lib;
let cfg = config.kyouma.deployment.upgradeSystem;
in {
options.kyouma.deployment = { options.kyouma.deployment = {
tags = mkOption { tags = mkOption {
type = types.listOf types.str; type = with types; listOf str;
default = []; default = [ ];
description = "colmena deployment tags"; description = "colmena deployment tags";
}; };
targetHost = mkOption { targetHost = mkOption {
type = types.nullOr types.str; type = with types; nullOr str;
default = null; default = null;
description = "colmena target host override"; description = "colmena target host override";
}; };
upgradeSystem = {
enable = mkEnableOption "automatically apply hydra builds";
allowReboot = mkOption {
type = types.bool;
default = true;
description = "automatically reboot if needed";
};
branch = mkOption {
type = types.str;
default = "main";
description = "branch to use for updates";
};
noDelay = mkOption {
type = types.bool;
default = false;
description = "dont use delays";
};
runFreq = mkOption {
type = types.str;
default = "*-*-* *:04:20";
description = "How often Updates should be fetched. See {manpage}`systemd.timer(5)`";
};
};
};
config = mkIf cfg.enable {
systemd.services.upgrade-system = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.upgrade-system}/bin/upgrade-system${optionalString cfg.allowReboot " --allow-reboot"} --branch ${cfg.branch}${
optionalString cfg.noDelay " --no-delay"
}";
};
};
systemd.timers.upgrade-system = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = if cfg.noDelay then "*-*-* *:*:00" else cfg.runFreq;
RandomizedDelaySec = if cfg.noDelay then "1s" else "1h";
};
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
};
environment.systemPackages = [ pkgs.upgrade-system ];
}; };
} }

19
pkgs/upgrade-system/upgrade-system.sh
View file

@ -3,6 +3,8 @@
set -euo pipefail set -euo pipefail
ALLOW_REBOOT= ALLOW_REBOOT=
BRANCH="main"
NO_DELAY=
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case $1 in case $1 in
@ -10,6 +12,14 @@ while [[ $# -gt 0 ]]; do
ALLOW_REBOOT=1 ALLOW_REBOOT=1
shift shift
;; ;;
--branch)
BRANCH=$2
shift
;;
--no-delay)
NO_DELAY=1
shift
;;
*) *)
echo "Unknown option $1" echo "Unknown option $1"
exit 1 exit 1
@ -17,7 +27,7 @@ while [[ $# -gt 0 ]]; do
esac esac
done done
HYDRA_URL="https://hydra.kyouma.net/job/infra/nixfiles/nixosConfigurations.${HOSTNAME}/latest-finished" HYDRA_URL="https://hydra.kyouma.net/job/nixfiles/${BRANCH}/nixosConfigurations.${HOSTNAME}/latest-finished"
NEW_STORE_PATH="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}" | jq -r ".buildoutputs.out.path")" NEW_STORE_PATH="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}" | jq -r ".buildoutputs.out.path")"
@ -58,9 +68,14 @@ echo "Set new profile as boot target"
nixos-needsreboot nixos-needsreboot
if [[ -n "$NO_DELAY" ]]; then
delay="1"
else
delay="$(echo -n $RANDOM | tail -c 2)"
fi
if [[ -f "/var/run/reboot-required" ]]; then if [[ -f "/var/run/reboot-required" ]]; then
if [[ -n "$ALLOW_REBOOT" ]]; then if [[ -n "$ALLOW_REBOOT" ]]; then
delay=$(echo -n $RANDOM | tail -c 2)
echo "Rebooting system in ${delay} Minutes" echo "Rebooting system in ${delay} Minutes"
shutdown -r +"${delay}" shutdown -r +"${delay}"
else else