Auto-upgrade with pinch

diff --git a/modules/auto-upgrade.nix b/modules/auto-upgrade.nix
new file mode 100644 (file)
index 0000000..973ac22
--- /dev/null
+++ b/modules/auto-upgrade.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let cfg = config.system.autoUpgradeWithPinch;
+in {
+  options = {
+    system.autoUpgradeWithPinch = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to periodically upgrade NixOS to the latest version.
+          Presumes that /etc/nixos is a git repo with a remote and
+          contains a pinch file called "channels".
+        '';
+      };
+
+      dates = mkOption {
+        default = "04:40";
+        type = types.str;
+        description = ''
+          Specification (in the format described by
+          <citerefentry><refentrytitle>systemd.time</refentrytitle>
+          <manvolnum>7</manvolnum></citerefentry>) of the time at
+          which the update will occur.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    nixpkgs.overlays = [ (import ../overlays/pinch.nix) ];
+    systemd.services.nixos-upgrade = {
+      description = "NixOS Upgrade";
+      restartIfChanged = false;
+      unitConfig.X-StopOnRemoval = false;
+      serviceConfig.Type = "oneshot";
+      environment = config.nix.envVars // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
+      } // config.networking.proxy.envVars;
+
+      path = with pkgs; [
+        config.nix.package.out
+        coreutils
+        git
+        gitMinimal
+        gnutar
+        gzip
+        pinch
+        xz.bin
+      ];
+
+      script = ''
+        set -e
+        (
+          cd /etc/nixos
+          git pull --ff-only
+          pinch update channels
+        )
+
+        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
+      '';
+
+      startAt = cfg.dates;
+    };
+  };
+}