From bb95fd59d059cb6da89133cc723bb06120fd48d0 Mon Sep 17 00:00:00 2001 From: "quentin@aristote.fr" Date: Sat, 22 Mar 2025 18:58:09 +0100 Subject: split nix and system MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'my-nixpkgs': 'github:qaristote/my-nixpkgs/65eb03f15116223871d06254dc453abc79bcffaa' (2025-03-18) → 'github:qaristote/my-nixpkgs/14fb28f55fa552aaeffb987e4078e16691bde5b0' (2025-03-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/da044451c6a70518db5b730fe277b70f494188f1' (2025-03-18) → 'github:NixOS/nixpkgs/7105ae3957700a9646cc4b766f5815b23ed0c682' (2025-03-20) --- config/nix.nix | 83 +--------------------------------------------------------- 1 file changed, 1 insertion(+), 82 deletions(-) (limited to 'config/nix.nix') diff --git a/config/nix.nix b/config/nix.nix index a5110a6..3142f93 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -1,92 +1,11 @@ -{ - config, - lib, - pkgs, - ... -}: let - allowReboot = true; -in { +{...}: { personal.nix = { enable = true; - autoUpgrade.enable = true; gc.enable = true; - flake = "git+file:///etc/nixos/"; - remoteBuilds = { - enable = true; - machines.hephaistos = { - enable = true; - domain = "aristote.mesh"; - user = config.networking.hostName; - }; - }; }; - system.autoUpgrade = {inherit allowReboot;}; - - # disable remote builds - nix.settings.max-jobs = 0; nixpkgs.flake = { setNixPath = true; setFlakeRegistry = true; }; - - systemd.services.nixos-upgrade = { - preStart = lib.mkForce '' - cd /etc/nixos - # requires to have added - # hephaistos.aristote.mesh:/~/nixos-configuration - # as remote hephaistos - git push --force hephaistos master - ''; - postStop = lib.mkForce ""; - serviceConfig.TimeoutStopSec = lib.mkForce (lib.mkOptionDefault ""); - script = lib.mkForce (let - hephaistos = "hephaistos.aristote.mesh"; - in - '' - RESULT=$(ssh ${hephaistos} -- \ - 'nix build --print-out-paths \ - git+file://$(pwd)/nixos-configuration#nixosConfigurations.hermes.config.system.build.toplevel' \ - ) - nix-copy-closure --from ${hephaistos} "$RESULT" - '' - + ( - let - switch = "$RESULT/bin/switch-to-configuration"; - readlink = "${pkgs.coreutils}/bin/readlink"; - luksCfg = config.boot.initrd.luks.devices; - crypt = luksCfg.crypt.device; - in - if allowReboot - then '' - ${switch} boot - booted="$(${readlink} /run/booted-system/{initrd,kernel,kernel-modules})" - built="$(${readlink} /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" - if [ "$booted" = "$built" ] - then - ${switch} switch - else - ${lib.optionalString (luksCfg ? crypt) '' - cryptsetup luksAddKey ${crypt} /etc/luks/keys/tmp \ - --key-file /etc/luks/keys/master \ - --verbose - ''} - shutdown -r now ${lib.optionalString (luksCfg ? crypt) '' || \ - cryptsetup luksRemoveKey ${crypt} \ - --key-file /etc/luks/keys/tmp \ - --verbose - ''} - fi - '' - else '' - ${switch} switch - '' - )); - serviceConfig = { - MemoryAccounting = true; - MemoryHigh = "0.9G"; - MemoryMax = "1G"; - MemorySwapMax = "0"; - }; - }; } -- cgit v1.2.3