X-Git-Url: http://git.scottworley.com/auto-upgrade-with-pinch/blobdiff_plain/e830691a697a3a5d0e4461ceb073ac36abdfe3d6..98604ba76ee41d5835d3f0d4ef76e7250d9f59c2:/modules/auto-upgrade.nix?ds=sidebyside diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix index 4a5aa83..f3089bd 100644 --- a/modules/auto-upgrade.nix +++ b/modules/auto-upgrade.nix @@ -1,3 +1,9 @@ +# auto-upgrade-with-pinch: Secure managed NixOS updates +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, version 3. + { config, lib, pkgs, ... }: with lib; let @@ -59,7 +65,9 @@ let ''; auto-upgrade-script = pkgs.writeShellScript "auto-upgrade" '' - ${pkgs.utillinux}/bin/flock /run/auto-upgrade-with-pinch ${ + ${pkgs.coreutils}/bin/nice -n 17 \ + ${pkgs.util-linux}/bin/ionice -c 3 \ + ${pkgs.util-linux}/bin/flock /run/auto-upgrade-with-pinch ${ pkgs.writeShellScript "auto-upgrade-with-lock-held" '' set -eo pipefail @@ -175,7 +183,7 @@ let # Build in_tmpdir hydrate ${config.system.build.nixos-rebuild}/bin/nixos-rebuild build while read user;do - hydrate /run/wrappers/bin/sudo -u "$user" \ + hydrate /run/wrappers/bin/sudo -u "$user" -D / \ ${pkgs.nix}/bin/nix-build --no-out-link '' -A "$(userenv_query "$user" .package)" done < <( config_query '.userEnvironments | keys []' )