Safety-hatch: Initial delay

[auto-upgrade-with-pinch] / modules / auto-upgrade.nix

diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix
index 1facabab99b0cfbc8263af05f61c9734b1e15f8b..b493ac00d0db5478fe782ce065a934962779bb47 100644 (file)
--- a/modules/auto-upgrade.nix
+++ b/modules/auto-upgrade.nix
@@ -64,6 +64,12 @@ in {
 
       script = ''
         set -e
+
+        # Chill for awhile before applying updates.  If applying an update
+        # badly breaks things, we want a window in which an operator can
+        # intervene either to fix the problem or disable automatic updates.
+        sleep 2h
+
         (
           cd /etc/nixos
           ${pkgs.keyedgit cfg.key}/bin/git pull --ff-only --verify-signatures