]> git.scottworley.com Git - auto-upgrade-with-pinch/blob - modules/auto-upgrade.nix
Trust the specified key
[auto-upgrade-with-pinch] / modules / auto-upgrade.nix
1 { config, lib, pkgs, ... }:
2 with lib;
3 let cfg = config.system.autoUpgradeWithPinch;
4 in {
5 options = {
6 system.autoUpgradeWithPinch = {
7
8 enable = mkOption {
9 type = types.bool;
10 default = false;
11 description = ''
12 Whether to periodically upgrade NixOS to the latest version.
13 Presumes that /etc/nixos is a git repo with a remote and
14 contains a pinch file called "channels".
15 '';
16 };
17
18 dates = mkOption {
19 default = "04:40";
20 type = types.str;
21 description = ''
22 Specification (in the format described by
23 <citerefentry><refentrytitle>systemd.time</refentrytitle>
24 <manvolnum>7</manvolnum></citerefentry>) of the time at
25 which the update will occur.
26 '';
27 };
28 };
29 };
30
31 config = lib.mkIf cfg.enable {
32 nixpkgs.overlays = [ (import ../overlays/pinch.nix) ];
33 systemd.services.nixos-upgrade = {
34 description = "NixOS Upgrade";
35 restartIfChanged = false;
36 unitConfig.X-StopOnRemoval = false;
37 serviceConfig.Type = "oneshot";
38 environment = config.nix.envVars // {
39 inherit (config.environment.sessionVariables) NIX_PATH;
40 HOME = "/root";
41 } // config.networking.proxy.envVars;
42
43 path = with pkgs; [
44 config.nix.package.out
45 coreutils
46 git
47 gitMinimal
48 gnutar
49 gzip
50 pinch
51 xz.bin
52 ];
53
54 script = ''
55 set -e
56 (
57 cd /etc/nixos
58 git pull --ff-only
59 pinch update channels
60 )
61
62 ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
63 '';
64
65 startAt = cfg.dates;
66 };
67 };
68 }