pinch: 3.0.11 → 3.0.12

[auto-upgrade-with-pinch] / modules / auto-upgrade.nix

diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix
index a5c8b503d50e1842315d857ba46c4b3ba41ee3c5..a80aa5cdf56fe51ebdfedee0bdcf5e0f4ab3c608 100644 (file)
--- a/modules/auto-upgrade.nix
+++ b/modules/auto-upgrade.nix
@@ -1,3 +1,9 @@
+# auto-upgrade-with-pinch: Secure managed NixOS updates
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, version 3.
+
 { config, lib, pkgs, ... }:
 with lib;
 let
@@ -59,6 +65,8 @@ let
   '';
 
   auto-upgrade-script = pkgs.writeShellScript "auto-upgrade" ''
+    ${pkgs.coreutils}/bin/nice -n 17 \
+    ${pkgs.util-linux}/bin/ionice -c 3 \
     ${pkgs.util-linux}/bin/flock /run/auto-upgrade-with-pinch ${
       pkgs.writeShellScript "auto-upgrade-with-lock-held" ''
         set -eo pipefail