From bb95fd59d059cb6da89133cc723bb06120fd48d0 Mon Sep 17 00:00:00 2001 From: "quentin@aristote.fr" Date: Sat, 22 Mar 2025 18:58:09 +0100 Subject: split nix and system MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'my-nixpkgs': 'github:qaristote/my-nixpkgs/65eb03f15116223871d06254dc453abc79bcffaa' (2025-03-18) → 'github:qaristote/my-nixpkgs/14fb28f55fa552aaeffb987e4078e16691bde5b0' (2025-03-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/da044451c6a70518db5b730fe277b70f494188f1' (2025-03-18) → 'github:NixOS/nixpkgs/7105ae3957700a9646cc4b766f5815b23ed0c682' (2025-03-20) --- config/default.nix | 1 + config/nix.nix | 83 +-------------------------------- config/services/web/quentin/default.nix | 2 +- config/system.nix | 13 ++++++ flake.lock | 12 ++--- 5 files changed, 22 insertions(+), 89 deletions(-) create mode 100644 config/system.nix diff --git a/config/default.nix b/config/default.nix index dd22e26..c1bc7e3 100644 --- a/config/default.nix +++ b/config/default.nix @@ -7,6 +7,7 @@ ./networking.nix ./nix.nix ./services + ./system.nix ./users.nix ]; diff --git a/config/nix.nix b/config/nix.nix index a5110a6..3142f93 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -1,92 +1,11 @@ -{ - config, - lib, - pkgs, - ... -}: let - allowReboot = true; -in { +{...}: { personal.nix = { enable = true; - autoUpgrade.enable = true; gc.enable = true; - flake = "git+file:///etc/nixos/"; - remoteBuilds = { - enable = true; - machines.hephaistos = { - enable = true; - domain = "aristote.mesh"; - user = config.networking.hostName; - }; - }; }; - system.autoUpgrade = {inherit allowReboot;}; - - # disable remote builds - nix.settings.max-jobs = 0; nixpkgs.flake = { setNixPath = true; setFlakeRegistry = true; }; - - systemd.services.nixos-upgrade = { - preStart = lib.mkForce '' - cd /etc/nixos - # requires to have added - # hephaistos.aristote.mesh:/~/nixos-configuration - # as remote hephaistos - git push --force hephaistos master - ''; - postStop = lib.mkForce ""; - serviceConfig.TimeoutStopSec = lib.mkForce (lib.mkOptionDefault ""); - script = lib.mkForce (let - hephaistos = "hephaistos.aristote.mesh"; - in - '' - RESULT=$(ssh ${hephaistos} -- \ - 'nix build --print-out-paths \ - git+file://$(pwd)/nixos-configuration#nixosConfigurations.hermes.config.system.build.toplevel' \ - ) - nix-copy-closure --from ${hephaistos} "$RESULT" - '' - + ( - let - switch = "$RESULT/bin/switch-to-configuration"; - readlink = "${pkgs.coreutils}/bin/readlink"; - luksCfg = config.boot.initrd.luks.devices; - crypt = luksCfg.crypt.device; - in - if allowReboot - then '' - ${switch} boot - booted="$(${readlink} /run/booted-system/{initrd,kernel,kernel-modules})" - built="$(${readlink} /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" - if [ "$booted" = "$built" ] - then - ${switch} switch - else - ${lib.optionalString (luksCfg ? crypt) '' - cryptsetup luksAddKey ${crypt} /etc/luks/keys/tmp \ - --key-file /etc/luks/keys/master \ - --verbose - ''} - shutdown -r now ${lib.optionalString (luksCfg ? crypt) '' || \ - cryptsetup luksRemoveKey ${crypt} \ - --key-file /etc/luks/keys/tmp \ - --verbose - ''} - fi - '' - else '' - ${switch} switch - '' - )); - serviceConfig = { - MemoryAccounting = true; - MemoryHigh = "0.9G"; - MemoryMax = "1G"; - MemorySwapMax = "0"; - }; - }; } diff --git a/config/services/web/quentin/default.nix b/config/services/web/quentin/default.nix index ac617f7..7194190 100644 --- a/config/services/web/quentin/default.nix +++ b/config/services/web/quentin/default.nix @@ -16,5 +16,5 @@ }; # automatically fetch (non-structural) website updates when updating the system - personal.nix.autoUpgrade.autoUpdateInputs = lib.mkOptionDefault ["personal-webpage/data"]; + personal.system.autoUpgrade.autoUpdateInputs = lib.mkOptionDefault ["personal-webpage/data"]; } diff --git a/config/system.nix b/config/system.nix new file mode 100644 index 0000000..847a046 --- /dev/null +++ b/config/system.nix @@ -0,0 +1,13 @@ +{...}: { + personal.system = { + flake = "git+file:///etc/nixos/"; + autoUpgrade = { + enable = true; + remoteBuilding = { + enable = true; + builder.domain = "aristote.mesh"; + }; + }; + }; + system.autoUpgrade.allowReboot = true; +} diff --git a/flake.lock b/flake.lock index 16d0b80..9e79fe3 100644 --- a/flake.lock +++ b/flake.lock @@ -270,11 +270,11 @@ "nur": "nur" }, "locked": { - "lastModified": 1742280726, - "narHash": "sha256-OEr0CwQcoEIa7Z5GeGR2xfb+22v2Mwda/AptjZmYfXQ=", + "lastModified": 1742669695, + "narHash": "sha256-gR0Z74ieu2ztxDb2lLcuqB6dGnZ4mVQAxwdTzevu0e8=", "owner": "qaristote", "repo": "my-nixpkgs", - "rev": "65eb03f15116223871d06254dc453abc79bcffaa", + "rev": "14fb28f55fa552aaeffb987e4078e16691bde5b0", "type": "github" }, "original": { @@ -490,11 +490,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1742268799, - "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", + "lastModified": 1742512142, + "narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da044451c6a70518db5b730fe277b70f494188f1", + "rev": "7105ae3957700a9646cc4b766f5815b23ed0c682", "type": "github" }, "original": { -- cgit v1.2.3