Make 'auto-upgrade' available in path

[auto-upgrade-with-pinch] / modules / auto-upgrade.nix

diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix
index 1facabab99b0cfbc8263af05f61c9734b1e15f8b..974ebb7a9d96a091e0157428aa6d817b9bfa0949 100644 (file)
--- a/modules/auto-upgrade.nix
+++ b/modules/auto-upgrade.nix
@@ -40,7 +40,22 @@ in {
     nixpkgs.overlays = [
       (import ../overlays/keyedgit.nix)
       (import ../overlays/pinch.nix)
+      (self: super: {
+        auto-upgrade = super.writeShellScriptBin "auto-upgrade" ''
+        set -e
+        (
+          cd /etc/nixos
+          ${self.keyedgit cfg.key}/bin/git pull --ff-only --verify-signatures
+          ${self.pinch}/bin/pinch update channels
+        )
+
+        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
+        '';
+      })
     ];
+
+    environment.systemPackages = [ pkgs.auto-upgrade ];
+
     systemd.services.nixos-upgrade = {
       description = "NixOS Upgrade";
       restartIfChanged = false;
@@ -58,19 +73,18 @@ in {
         gitMinimal
         gnutar
         gzip
-        pinch
         xz.bin
       ];
 
       script = ''
         set -e
-        (
-          cd /etc/nixos
-          ${pkgs.keyedgit cfg.key}/bin/git pull --ff-only --verify-signatures
-          pinch update channels
-        )
 
-        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
+        # Chill for awhile before applying updates.  If applying an update
+        # badly breaks things, we want a window in which an operator can
+        # intervene either to fix the problem or disable automatic updates.
+        sleep 2h
+
+        ${pkgs.auto-upgrade}/bin/auto-upgrade
       '';
 
       startAt = cfg.dates;