]> git.scottworley.com Git - auto-upgrade-with-pinch/commitdiff
Upgrade user environments
authorScott Worley <scottworley@scottworley.com>
Mon, 20 Apr 2020 22:45:30 +0000 (15:45 -0700)
committerScott Worley <scottworley@scottworley.com>
Mon, 18 May 2020 18:48:46 +0000 (11:48 -0700)
modules/auto-upgrade.nix

index 3a0d25d4d20f148ddd6f4d447a273950a03ac618..216c4baf8fa624e4d2ed08680c21edfa0ccd27d4 100644 (file)
@@ -6,13 +6,43 @@ let
     flock /run/auto-upgrade-with-pinch ${
       pkgs.writeShellScript "auto-upgrade-with-lock-held" ''
         set -e
     flock /run/auto-upgrade-with-pinch ${
       pkgs.writeShellScript "auto-upgrade-with-lock-held" ''
         set -e
+
+        in_tmpdir() {
+          d=$(mktemp -d)
+          pushd "$d"
+          "$@"
+          popd
+          rm -r "$d"
+        }
+
+        as_user() {
+          ${
+            if cfg.userEnvironment.enable then ''
+              sudo -u ${escapeShellArg cfg.userEnvironment.user} "$@"
+            '' else ''
+              :
+            ''
+          }
+        }
+
+        # Update channels
         (
           cd /etc/nixos
           ${pkgs.keyedgit cfg.key}/bin/git pull --ff-only --verify-signatures
           ${pkgs.pinch}/bin/pinch update channels
         )
 
         (
           cd /etc/nixos
           ${pkgs.keyedgit cfg.key}/bin/git pull --ff-only --verify-signatures
           ${pkgs.pinch}/bin/pinch update channels
         )
 
-        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --no-build-output
+        # Build
+        in_tmpdir ${config.system.build.nixos-rebuild}/bin/nixos-rebuild build
+        as_user nix-build '<nixpkgs>' -A ${
+          escapeShellArg cfg.userEnvironment.package
+        }
+
+        # Install
+        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch
+        as_user nix-env -f '<nixpkgs>' -riA ${
+          escapeShellArg cfg.userEnvironment.package
+        }
       ''
     }
   '';
       ''
     }
   '';
@@ -48,6 +78,41 @@ in {
           at the tip of the remote branch is signed with this key.
         '';
       };
           at the tip of the remote branch is signed with this key.
         '';
       };
+
+      userEnvironment = {
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            Whether to update a user-environment as well.  This update is done
+            with nix-env -riA.  Note the -r!  I.e., ALL OTHER PACKAGES INSTALLED
+            WITH nix-env WILL BE DELETED!
+
+            This presumes that you have configured an "entire user environment"
+            package as shown in
+            https://nixos.wiki/wiki/FAQ#How_can_I_manage_software_with_nix-env_like_with_configuration.nix.3F
+
+            To check if you're set up for this, run "nix-env --query".  If it
+            only lists one package, you're good to go.
+          '';
+        };
+
+        user = mkOption {
+          type = types.str;
+          description = ''
+            The username of the user whose environment should be updated.
+          '';
+        };
+
+        package = mkOption {
+          type = types.str;
+          example = "nixos.userPackages";
+          description = ''
+            The name of the single package that is the user's entire environment.
+          '';
+        };
+
+      };
     };
   };
 
     };
   };
 
@@ -123,5 +188,11 @@ in {
 
       startAt = cfg.dates;
     };
 
       startAt = cfg.dates;
     };
+
+    assertions = [{
+      assertion = cfg.userEnvironment.enable -> cfg.enable;
+      message =
+        "User environment upgrades cannot yet be enabled separately from system upgrades.";
+    }];
   };
 }
   };
 }