diff --git a/config/common/default.nix b/config/common/default.nix index b0185d8..f4a2ce5 100644 --- a/config/common/default.nix +++ b/config/common/default.nix @@ -28,7 +28,10 @@ with lib; { fish.enable = true; }; - kyouma.deployment.tags = [ "all" ]; + kyouma.deployment = { + tags = [ "all" ]; + upgradeSystem.enable = true; + }; security.dhparams.defaultBitSize = 4096; diff --git a/flake.nix b/flake.nix index 8b413f4..7209c25 100644 --- a/flake.nix +++ b/flake.nix @@ -104,6 +104,9 @@ overlays = { kyouma = import ./pkgs/overlay.nix; + otherPkgs = final: prev: { + nixos-needsreboot = (inputs.nixos-needsreboot.packages.${final.system}.default); + }; default = self.overlays.kyouma; }; hydraJobs = { @@ -115,9 +118,7 @@ inherit system; overlays = [ self.overlays.kyouma - (_: _: { - nixos-needsreboot = (inputs.nixos-needsreboot.packages.${system}.default); - }) + self.overlays.otherPkgs ]; }; in { diff --git a/lib/shinyflakes/default.nix b/lib/shinyflakes/default.nix index 320bd74..6d5e2eb 100644 --- a/lib/shinyflakes/default.nix +++ b/lib/shinyflakes/default.nix @@ -31,7 +31,7 @@ ../../config/hosts/${hostname}/configuration.nix inputs.sops-nix.nixosModules.sops ({ ... }: { - nixpkgs.overlays = [ self.overlays.kyouma ]; + nixpkgs.overlays = [ self.overlays.kyouma self.overlays.otherPkgs ]; nixpkgs.hostPlatform.system = system; }) ]; diff --git a/modules/deployment/default.nix b/modules/deployment/default.nix index eef4b82..161bc5d 100644 --- a/modules/deployment/default.nix +++ b/modules/deployment/default.nix @@ -1,14 +1,65 @@ -{ lib, ... }: with lib; { +{ config, lib, pkgs, ... }: +with lib; +let cfg = config.kyouma.deployment.upgradeSystem; +in { options.kyouma.deployment = { tags = mkOption { - type = types.listOf types.str; - default = []; + type = with types; listOf str; + default = [ ]; description = "colmena deployment tags"; }; targetHost = mkOption { - type = types.nullOr types.str; + type = with types; nullOr str; default = null; description = "colmena target host override"; }; + upgradeSystem = { + enable = mkEnableOption "automatically apply hydra builds"; + allowReboot = mkOption { + type = types.bool; + default = true; + description = "automatically reboot if needed"; + }; + branch = mkOption { + type = types.str; + default = "main"; + description = "branch to use for updates"; + }; + noDelay = mkOption { + type = types.bool; + default = false; + description = "dont use delays"; + }; + runFreq = mkOption { + type = types.str; + default = "*-*-* *:04:20"; + description = "How often Updates should be fetched. See {manpage}`systemd.timer(5)`"; + }; + }; + }; + config = mkIf cfg.enable { + systemd.services.upgrade-system = { + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + restartIfChanged = false; + unitConfig.X-StopOnRemoval = false; + + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.upgrade-system}/bin/upgrade-system${optionalString cfg.allowReboot " --allow-reboot"} --branch ${cfg.branch}${ + optionalString cfg.noDelay " --no-delay" + }"; + }; + }; + systemd.timers.upgrade-system = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = if cfg.noDelay then "*-*-* *:*:00" else cfg.runFreq; + RandomizedDelaySec = if cfg.noDelay then "1s" else "1h"; + }; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + }; + environment.systemPackages = [ pkgs.upgrade-system ]; }; } diff --git a/pkgs/upgrade-system/upgrade-system.sh b/pkgs/upgrade-system/upgrade-system.sh index 086bc1b..8c721a6 100644 --- a/pkgs/upgrade-system/upgrade-system.sh +++ b/pkgs/upgrade-system/upgrade-system.sh @@ -3,6 +3,8 @@ set -euo pipefail ALLOW_REBOOT= +BRANCH="main" +NO_DELAY= while [[ $# -gt 0 ]]; do case $1 in @@ -10,6 +12,14 @@ while [[ $# -gt 0 ]]; do ALLOW_REBOOT=1 shift ;; + --branch) + BRANCH=$2 + shift + ;; + --no-delay) + NO_DELAY=1 + shift + ;; *) echo "Unknown option $1" exit 1 @@ -17,7 +27,7 @@ while [[ $# -gt 0 ]]; do esac done -HYDRA_URL="https://hydra.kyouma.net/job/infra/nixfiles/nixosConfigurations.${HOSTNAME}/latest-finished" +HYDRA_URL="https://hydra.kyouma.net/job/nixfiles/${BRANCH}/nixosConfigurations.${HOSTNAME}/latest-finished" NEW_STORE_PATH="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}" | jq -r ".buildoutputs.out.path")" @@ -58,9 +68,14 @@ echo "Set new profile as boot target" nixos-needsreboot +if [[ -n "$NO_DELAY" ]]; then + delay="1" +else + delay="$(echo -n $RANDOM | tail -c 2)" +fi + if [[ -f "/var/run/reboot-required" ]]; then if [[ -n "$ALLOW_REBOOT" ]]; then - delay=$(echo -n $RANDOM | tail -c 2) echo "Rebooting system in ${delay} Minutes" shutdown -r +"${delay}" else