Commit 1b5d1da9f73b

Vincent Demeester <vincent@sbr.pm>
2026-01-15 15:46:52
feat(aomi): enable automated flake.lock updates with multi-arch verification
Enables weekly automated flake updates on aomi with comprehensive build verification across 9 systems (4 x86_64, 5 aarch64). Runs Sunday 2AM with ntfy notifications and creates review branches for manual merge. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
main
1 parent 85afd6e
Changed files (1)
systems
aomi
extra.nix
systems/aomi/extra.nix
@@ -39,6 +39,9 @@
 
     # XMPP Research Bot
     ../../modules/xmpp-research-bot
+
+    # Automated flake updates
+    ../../modules/nix-flake-updater
   ];
 
   # Firewall is enabled in openshift-port-forward.nix
@@ -137,6 +140,46 @@
     group = "users";
   };
 
+  # Automated flake.lock updates with build verification
+  services.nix-flake-updater = {
+    enable = true;
+    repoPath = "/home/vincent/src/home";
+
+    # Build systems across both architectures for verification
+    buildSystems = [
+      # x86_64-linux systems
+      "aomi" # Self (laptop/build server)
+      "kyushu" # Work laptop
+      "sakhalin" # Server
+      "kerkouane" # VPS server
+
+      # aarch64-linux systems
+      "rhea" # Main media server
+      "aion" # XMPP/podcast server
+      "athena" # Raspberry Pi 4
+      "demeter" # Raspberry Pi 4
+      "aix" # Raspberry Pi 4
+    ];
+
+    # Run weekly on Sunday at 2 AM
+    schedule = "Sun *-*-* 02:00:00";
+
+    # Notifications via ntfy
+    ntfyServer = "https://ntfy.sbr.pm";
+    ntfyTopic = "nix-updates";
+    ntfyTokenFile = config.age.secrets."ntfy-token".path;
+
+    # Git settings
+    gitRemote = "origin";
+    branchPrefix = "flake-update-";
+
+    # Run as vincent (has git push access)
+    user = "vincent";
+
+    # Add randomized delay to avoid conflicts
+    randomizedDelaySec = 1800; # 0-30 min delay
+  };
+
   services = {
     logind.settings.Login = {
       HandleLidSwitch = "ignore";