pederbs/config
2
1
Fork 0
Code Issues Pull Requests Releases Activity
Files
210a51136e459ccc50693efb4065e598cdcf8e4e
config/profiles/auto-upgrade.nix

100 lines
4.1 KiB
Nix
Raw Blame History

{ config, pkgs, lib, inputs, ... }:
let
inherit (config.virtualisation) isVmVariant;
inputUrls = lib.mapAttrs (input: value: value.url) (import (inputs.self + "/flake.nix")).inputs;
in
# TODO: make /etc/nixos a symlink to the in-store flake? - bad idea, horrible error recovery
# TODO: make /etc/nixos a writeable checkout of repo?
{
system.autoUpgrade.enable = true;
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
environment.etc."current-system-flake".enable = !isVmVariant; # makes the outPath depend on flake src
environment.etc."current-system-flake".source = inputs.self;
# workaround for https://github.com/NixOS/nix/issues/6895
environment.etc."current-system-flake-inputs.json".enable = !isVmVariant; # makes the outPath depend on flake src
environment.etc."current-system-flake-inputs.json".source
= pkgs.writers.writeJSON "flake-inputs.json" (
lib.flip lib.mapAttrs inputs (name: input:
# inputs.*.sourceInfo sans outPath, since writeJSON will otherwise serialize sourceInfo like derivation
lib.filterAttrs (key: val: !builtins.elem key ["outPath"]) (input.sourceInfo or {})
// { store-path = builtins.unsafeDiscardStringContext input.outPath; } # use this line instead if you want to retain a store reference to the flake inputs, but don't make it a part of the closure
# // { store-path = input.outPath; } # use this line instead if you want to retain a store reference to the flake inputs
)
);
environment.etc."current-system-flake-inputs-overrides.sh".enable = !isVmVariant;
environment.etc."current-system-flake-inputs-overrides.sh".source = pkgs.writeShellScript "with-input-overrides.sh" ''
if [[ $# -eq 0 ]]; then
echo >&2 "Example usage: $0 nix flake update --output-lock-file flake.lock"
exit 1
fi
set -euo pipefail
declare -a cmd_args=()
readarray -td $'\0' cmd_args < <(
${lib.getExe pkgs.jq} --raw-output0 \
</etc/current-system-flake-inputs.json \
--argjson inputUrls "$(
nix eval --file /etc/current-system-flake/flake.nix \
--apply 'x: builtins.mapAttrs (input: value: value.url) x.inputs' --json
)" '
to_entries[] |
select(.key == "self" | not) |
select(.value.rev) |
select($inputUrls[.key]) |
[
"--override-input",
.key,
(
if .value.rev
then (if $inputUrls[.key] | startswith("github:")
then ($inputUrls[.key] | split("/") | .[:2] | join("/")) + "/\(.value.rev)"
else $inputUrls[.key] + "?rev=\(.value.rev | @uri)"
end)
else .value["store-path"]
end
)
][]
'
)
exec "$@" "''${cmd_args[@]}"
'';
#system.autoUpgrade.flake = inputs.self.outPath; # a nix store path
#system.autoUpgrade.flake = "github:pbsds/nix-config"; # TODO: use this instead?
#system.autoUpgrade.flake = "git+https://gitea.noximilien.pbsds.net/pbsds/config.git";
system.autoUpgrade.flake = "git+https://git.pvv.ntnu.no/pederbs/config.git";
system.autoUpgrade.flags = [
"-L" # print build logs
"--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
"--option" "access-tokens" "" # don't risk expired github tokens blocking upgrade
# fetch new inputs
#"--recreate-lock-file" # update all
"--refresh"
#"--update-input" "nixpkgs-edge" # deprecated in nix 2.22, removed in lix 2.90
# "--override-input" "nixpkgs-edge" "github:NixOS/nixpkgs/nixos-unstable"
] ++ (lib.pipe inputUrls [
(lib.filterAttrs (key: _: builtins.elem key [
"nixpkgs-edge"
"nixpkgs-2411"
"home-manager-edge"
"home-manager-2411"
"nix-index-database"
"nixos-hardware"
]))
(lib.mapAttrsToList (input: url: ["--override-input" input url]))
lib.concatLists
]);
# lots of "empty" updates
boot.loader.grub.configurationLimit = 15;
boot.loader.systemd-boot.configurationLimit = 15;
boot.loader.generic-extlinux-compatible.configurationLimit = 15;
}
Reference in New Issue View Git Blame Copy Permalink