X-Git-Url: http://git.scottworley.com/auto-upgrade-with-pinch/blobdiff_plain/901670f5f4337998c430ae27c3b31f6db4a5a8fe..f43ffe152e4274099983533c9922a76febc035c5:/modules/auto-upgrade.nix?ds=inline

diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix
index 973ac22..31e2b0b 100644
--- a/modules/auto-upgrade.nix
+++ b/modules/auto-upgrade.nix
@@ -25,11 +25,39 @@ in {
           which the update will occur.
         '';
       };
+
+      key = mkOption {
+        type = types.path;
+        description = ''
+          GPG key that signs updates.  Updates are only merged if the commit
+          at the tip of the remote branch is signed with this key.
+        '';
+      };
     };
   };
 
   config = lib.mkIf cfg.enable {
-    nixpkgs.overlays = [ (import ../overlays/pinch.nix) ];
+    nixpkgs.overlays = [
+      (import ../overlays/keyedgit.nix)
+      (import ../overlays/pinch.nix)
+      (self: super: {
+        auto-upgrade = super.writeShellScriptBin "auto-upgrade" ''
+          flock /run/auto-upgrade-with-pinch ${super.writeShellScript "auto-upgrade-with-lock-held" ''
+            set -e
+            (
+              cd /etc/nixos
+              ${self.keyedgit cfg.key}/bin/git pull --ff-only --verify-signatures
+              ${self.pinch}/bin/pinch update channels
+            )
+
+            ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
+          ''}
+        '';
+      })
+    ];
+
+    environment.systemPackages = [ pkgs.auto-upgrade ];
+
     systemd.services.nixos-upgrade = {
       description = "NixOS Upgrade";
       restartIfChanged = false;
@@ -47,19 +75,29 @@ in {
         gitMinimal
         gnutar
         gzip
-        pinch
         xz.bin
       ];
 
       script = ''
         set -e
-        (
-          cd /etc/nixos
-          git pull --ff-only
-          pinch update channels
-        )
 
-        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
+        # Chill for awhile before applying updates.  If applying an update
+        # badly breaks things, we want a window in which an operator can
+        # intervene either to fix the problem or disable automatic updates.
+        sleep 2h
+
+        # Wait until outside business hours
+        now=$(date +%s)
+        day_of_week=$(date +%u)
+        business_start=$(date -d  8:00 +%s)
+        business_end=$(  date -d 17:00 +%s)
+        if (( day_of_week <= 5 && now > business_start && now < business_end ));then
+          delay=$((business_end - now))
+          echo "Waiting $delay seconds so we don't upgrade during business hours" >&2
+          sleep "$delay"
+        fi
+
+        ${pkgs.auto-upgrade}/bin/auto-upgrade
       '';
 
       startAt = cfg.dates;