Commit 552d18355745

Vincent Demeester <vincent@sbr.pm>
2026-04-13 14:23:51
refactor(okinawa): replace flake updater services with manual script
Removed nix-flake-updater module and both systemd timer instances (biweekly and daily). Added nix-flake-update-home wrapper script to system packages for on-demand flake updates with pre-baked config.
main
1 parent d179847
Changed files (1)
systems
okinawa
extra.nix
systems/okinawa/extra.nix
@@ -21,7 +21,6 @@
     # Build and cache infrastructure
     ../../modules/harmonia
     ../../modules/job-notify
-    ../../modules/nix-flake-updater
   ];
 
   # Disable built-in MediaTek MT7922 WiFi (using USB TP-Link AC600 instead)
@@ -151,113 +150,6 @@
     defaultTopic = "builds";
   };
 
-  # Automated flake.lock updates with build verification
-  services.nix-flake-updater = {
-    # Bi-weekly updates for all inputs with AI-powered auto-fix
-    # Manual trigger: sudo systemctl start nix-flake-updater-biweekly
-    biweekly = {
-      enable = true;
-      repoPath = "/home/vincent/src/home";
-      sshKeyFile = "/home/vincent/.ssh/id_passage";
-
-      # Build systems across both architectures for verification
-      buildSystems = [
-        # x86_64-linux systems
-        "okinawa" # Self (desktop/build server)
-        "kyushu" # Work laptop
-        "sakhalin" # Server
-        "carthage" # VPS server (Hetzner)
-
-        # aarch64-linux systems
-        "rhea" # Main media server
-        "aion" # XMPP/podcast server
-        "athena" # Raspberry Pi 4
-        "demeter" # Raspberry Pi 4
-        "aix" # Raspberry Pi 4
-      ];
-
-      # Run bi-weekly: 1st and 3rd Sunday of each month at 2 AM
-      schedule = "Sun *-*-1..7,15..21 02:00:00";
-
-      # Notifications via ntfy
-      ntfyServer = "https://ntfy.sbr.pm";
-      ntfyTopic = "nix-updates";
-      ntfyTokenFile = config.age.secrets."ntfy-token".path;
-
-      # Git settings
-      gitRemote = "origin";
-      branchPrefix = "flake-update-";
-
-      # Run as vincent (has git push access)
-      user = "vincent";
-
-      # Add randomized delay to avoid conflicts
-      randomizedDelaySec = 1800; # 0-30 min delay
-
-      # AI-powered auto-fix on build failure
-      autoFix = {
-        enable = true;
-        command = "pi";
-        extraArgs = [
-          "--provider"
-          "google-vertex-claude"
-          "--no-session"
-          "--no-themes"
-          "--no-skills"
-        ];
-        maxAttempts = 3;
-        environment = {
-          GOOGLE_CLOUD_PROJECT = "itpc-gcp-pnd-pe-eng-claude";
-          GOOGLE_CLOUD_LOCATION = "us-east5";
-        };
-      };
-    };
-
-    # Daily automated updates for chick-group and chapeau-rouge with auto-merge
-    daily = {
-      enable = true;
-      repoPath = "/home/vincent/src/home";
-      sshKeyFile = "/home/vincent/.ssh/id_passage";
-
-      # Update only personal repos
-      flakeInputs = [
-        "chick-group"
-        "chapeau-rouge"
-      ];
-
-      # Auto-merge to main on successful build
-      autoMerge = true;
-
-      # Build fewer systems for faster daily updates
-      buildSystems = [
-        "okinawa" # Self (x86_64-linux)
-        "kyushu" # Work laptop (x86_64-linux)
-      ];
-
-      # Run daily at 4 AM
-      schedule = "*-*-* 04:00:00";
-
-      # Notifications via ntfy (same topic as weekly)
-      ntfyServer = "https://ntfy.sbr.pm";
-      ntfyTopic = "nix-updates";
-      ntfyTokenFile = config.age.secrets."ntfy-token".path;
-
-      # Git settings
-      gitRemote = "origin";
-      mainBranch = "main";
-      branchPrefix = "auto-update-daily-";
-
-      # Org inbox for failure TODOs
-      inboxOrg = "/home/vincent/desktop/org/inbox.org";
-
-      # Run as vincent (has git push access)
-      user = "vincent";
-
-      # Smaller delay for daily updates
-      randomizedDelaySec = 600; # 0-10 min delay
-    };
-  };
-
   # OpenCode web interface for remote AI coding
   # Accessible via opencode.sbr.pm through rhea's Traefik reverse proxy
   systemd.services.opencode-web =
@@ -485,8 +377,41 @@
       };
     };
 
-  # System packages for LLM and gaming
+  # System packages for LLM, gaming, and tools
   environment.systemPackages = with pkgs; [
+    # nix-flake-update wrapper with pre-baked config for the home repo
+    # Run manually: nix-flake-update-home [--dry-run] [--no-auto-fix]
+    (pkgs.writeShellScriptBin "nix-flake-update-home" ''
+      export REPO_PATH="/home/vincent/src/home"
+      export FLAKE_PATH="/home/vincent/src/home"
+      export GIT_REMOTE="origin"
+      export MAIN_BRANCH="main"
+      export BRANCH_PREFIX="flake-update-"
+      export NTFY_TOPIC="nix-updates"
+      export NTFY_SERVER="https://ntfy.sbr.pm"
+      export NTFY_TOKEN_FILE="/run/agenix/ntfy-token"
+      export INBOX_ORG="/home/vincent/desktop/org/inbox.org"
+      export BUILD_SYSTEMS="okinawa kyushu sakhalin carthage rhea aion athena demeter aix"
+      export GIT_SSH_COMMAND="ssh -F /dev/null -o IdentitiesOnly=yes -i /home/vincent/.ssh/id_passage -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/home/vincent/.ssh/known_hosts"
+
+      # AI-powered auto-fix
+      export AUTO_FIX="true"
+      export AUTO_FIX_COMMAND="pi"
+      export AUTO_FIX_EXTRA_ARGS="--provider google-vertex-claude --no-session --no-themes --no-skills"
+      export AUTO_FIX_MAX_ATTEMPTS="3"
+      export GOOGLE_CLOUD_PROJECT="itpc-gcp-pnd-pe-eng-claude"
+      export GOOGLE_CLOUD_LOCATION="us-east5"
+
+      # Allow overriding via CLI args
+      for arg in "$@"; do
+        case "$arg" in
+          --dry-run) export DRY_RUN="true" ;;
+          --no-auto-fix) export AUTO_FIX="false" ;;
+        esac
+      done
+
+      exec ${pkgs.nix-flake-update}/bin/nix-flake-update
+    '')
     # LLM tools (same package as the service, for CLI use)
     (llama-cpp.override {
       vulkanSupport = true;