nixpkgs.overlays = [
(import ../overlays/keyedgit.nix)
(import ../overlays/pinch.nix)
+ (self: super: {
+ auto-upgrade = super.writeShellScriptBin "auto-upgrade" ''
+ flock /run/auto-upgrade-with-pinch ${super.writeShellScript "auto-upgrade-with-lock-held" ''
+ set -e
+ (
+ cd /etc/nixos
+ ${self.keyedgit cfg.key}/bin/git pull --ff-only --verify-signatures
+ ${self.pinch}/bin/pinch update channels
+ )
+
+ ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
+ ''}
+ '';
+ })
];
+
+ environment.systemPackages = [ pkgs.auto-upgrade ];
+
systemd.services.nixos-upgrade = {
description = "NixOS Upgrade";
restartIfChanged = false;
gitMinimal
gnutar
gzip
- pinch
xz.bin
];
# intervene either to fix the problem or disable automatic updates.
sleep 2h
- (
- cd /etc/nixos
- ${pkgs.keyedgit cfg.key}/bin/git pull --ff-only --verify-signatures
- pinch update channels
- )
+ # Wait until outside business hours
+ now=$(date +%s)
+ day_of_week=$(date +%u)
+ business_start=$(date -d 8:00 +%s)
+ business_end=$( date -d 17:00 +%s)
+ if (( day_of_week <= 5 && now > business_start && now < business_end ));then
+ delay=$((business_end - now))
+ echo "Waiting $delay seconds so we don't upgrade during business hours" >&2
+ sleep "$delay"
+ fi
- ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
+ ${pkgs.auto-upgrade}/bin/auto-upgrade
'';
startAt = cfg.dates;
projects / auto-upgrade-with-pinch / blobdiff