Separate pull-updates snippet

[auto-upgrade-with-pinch] / modules / auto-upgrade.nix

diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix
index e52720d8af0d1777da12f50be1148786c39d2052..d30a624b9e567d7a7d9397d6c0d1791abf33dfe4 100644 (file)
--- a/modules/auto-upgrade.nix
+++ b/modules/auto-upgrade.nix
@@ -2,6 +2,15 @@
 with lib;
 let
   cfg = config.system.autoUpgradeWithPinch;
+  pull-repo-snippet = ''
+    (
+      cd /etc/nixos
+      ${pkgs.git}/bin/git fetch
+      PATH="${pkgs.keyedgit cfg.keys}/bin:$PATH" \
+        ${pkgs.polite-merge}/bin/polite-merge --ff-only --verify-signatures
+    )
+  '';
+
   auto-upgrade-script = pkgs.writeShellScript "auto-upgrade" ''
     ${pkgs.utillinux}/bin/flock /run/auto-upgrade-with-pinch ${
       pkgs.writeShellScript "auto-upgrade-with-lock-held" ''
@@ -25,13 +34,11 @@ let
           }
         }
 
+        # Pull updates
+        ${pull-repo-snippet}
+
         # Update channels
-        (
-          cd /etc/nixos
-          ${pkgs.git}/bin/git fetch
-          PATH="${pkgs.keyedgit cfg.keys}/bin:$PATH" ${pkgs.polite-merge}/bin/polite-merge --ff-only --verify-signatures
-          ${pkgs.pinch}/bin/pinch update channels
-        )
+        ${pkgs.pinch}/bin/pinch update /etc/nixos/channels
 
         # Build
         in_tmpdir ${config.system.build.nixos-rebuild}/bin/nixos-rebuild build