diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2025-03-16 15:09:36 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2025-03-17 06:56:47 +0100 |
| commit | 11a5fe484f5a6509059892d95f018d81074da027 (patch) | |
| tree | 4e2400089ad8ab39bf782976876c9c017ab2ae2e /config/nix.nix | |
| parent | e40ef5b66e1f866537115c580767ea31a11afcdf (diff) | |
nixos: autoUpgrade: eval nix on remote machine
Diffstat (limited to 'config/nix.nix')
| -rw-r--r-- | config/nix.nix | 65 |
1 files changed, 58 insertions, 7 deletions
diff --git a/config/nix.nix b/config/nix.nix index ddc3bc5..e3b7602 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -1,4 +1,11 @@ -{config, ...}: { +{ + config, + lib, + pkgs, + ... +}: let + allowReboot = true; +in { personal.nix = { enable = true; autoUpgrade.enable = true; @@ -14,7 +21,7 @@ }; }; - system.autoUpgrade.allowReboot = true; + system.autoUpgrade = {inherit allowReboot;}; # disable remote builds nix.settings.max-jobs = 0; @@ -23,10 +30,54 @@ setFlakeRegistry = true; }; - systemd.services.nixos-upgrade.serviceConfig = { - MemoryAccounting = true; - MemoryHigh = "0.9G"; - MemoryMax = "1G"; - MemorySwapMax = "0"; + systemd.services.nixos-upgrade = { + preStart = lib.mkForce '' + cd /etc/nixos + # requires to have added + # hephaistos.aristote.mesh:/~/nixos-configuration + # as remote hephaistos + git push --force hephaistos master + ''; + script = lib.mkForce (let + hephaistos = "hephaistos.aristote.mesh"; + in + '' + RESULT=$(ssh ${hephaistos} -- \ + 'nix build --print-out-paths \ + git+file://$(pwd)/nixos-configuration#nixosConfigurations.hermes.config.system.build.toplevel' \ + ) + nix-copy-closure --from ${hephaistos} "$RESULT" + '' + + ( + let + switch = "$RESULT/bin/switch-to-configuration"; + readlink = "${pkgs.coreutils}/bin/readlink"; + in + if allowReboot + then '' + ${switch} boot + booted="$(${readlink} /run/booted-system/{initrd,kernel,kernel-modules})" + built="$(${readlink} /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" + if [ "$booted" = "$built" ] + then + ${switch} switch + else + cryptsetup --verbose luksAddKey \ + --key-file /etc/luks/keys/master \ + ${config.boot.initrd.luks.devices.crypt.device} \ + /etc/luks/keys/tmp + shutdown -r +1 + fi + '' + else '' + ${switch} switch + '' + )); + serviceConfig = { + MemoryAccounting = true; + MemoryHigh = "0.9G"; + MemoryMax = "1G"; + MemorySwapMax = "0"; + }; }; } |