Commit 66a93d398913

Vincent Demeester <vincent@sbr.pm>
2018-12-24 14:59:55
nix-config: enable auto-upgrade by default ๐Ÿ…
โ€ฆ and mail in case of failure ! Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 2bd82f0
Changed files (5)
machine
carthage.nix
honshu.nix
kerkouane.nix
modules
profiles
base.nix
nix-auto-update.nix
machine/carthage.nix
@@ -11,7 +11,10 @@ with import ../assets/machines.nix; {
   };
   profiles = {
     git.enable = true;
-    nix-config.localCaches = [];
+    nix-config = {
+      autoUpgrade = false;
+      localCaches = [];
+    };
     ssh.enable = true;
     syncthing.enable = true;
   };
machine/honshu.nix
@@ -66,6 +66,7 @@ vincent@synodine.local:/volume1/backup/drive/ /run/media/vincent/Toshito/backup/
       User = "vincent";
       ExecStart = "${pkgs.nur.repos.vdemeester.ape}/bin/ape up /home/vincent/var/mirrors/";
       Environment = "PATH=/run/current-system/sw/bin/";
+      OnFailure = "status-email-root@%n.service";
     };
   };
   systemd.timers.ape = {
machine/kerkouane.nix
@@ -9,7 +9,10 @@ with import ../assets/machines.nix; {
   };
   profiles = {
     git.enable = true;
-    nix-config.localCaches = [];
+    nix-config = {
+      autoUpgrade = false;
+      localCaches = [];
+    };
     ssh.enable = true;
     wireguard.server.enable = true;
   };
modules/profiles/base.nix
@@ -37,5 +37,16 @@ in
         wget
       ];
     };
+    systemd.services."status-email-root@" = {
+      description = "status email for %i to vincent";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = ''
+          ${pkgs.nur.repos.vdemeester.systemd-email}/bin/systemd-email vincent@demeester.fr %i
+        '';
+        User = "root";
+        Environment = "PATH=/run/current-system/sw/bin";
+      };
+    };
   };
 }
modules/profiles/nix-auto-update.nix
@@ -12,6 +12,11 @@ in
         description = "Enable nix-auto-update profile";
         type = types.bool;
       };
+      autoUpgrade = mkOption {
+        default = true;
+        description = "Automatically try to upgrade the system";
+        type = types.bool;
+      };
       dates = mkOption {
         default = "weekly";
         description = "Specification (in the format described by systemd.time(7)) of the time at which the auto-update will run. ";
@@ -24,44 +29,51 @@ in
       };
     };
   };
-  config = mkIf cfg.enable {
-    system = {
-      stateVersion = cfg.version;
-    };
-    # Auto refresh nix-channel each day
-    systemd.user.services.channel-update = {
-      description = "Update nix-channel daily";
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        Type = "oneshot";
-        ExecStart = "/run/current-system/sw/bin/nix-channel --update";
-        Environment = "PATH=/run/current-system/sw/bin";
+  config = mkIf cfg.enable (mkMerge [
+    {
+      system = {
+        stateVersion = cfg.version;
       };
-    };
-    systemd.user.timers.channel-update = {
-      description = "Update nix-channel daily";
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnCalendar = "daily";
-        Persistent = "true";
+      # Auto refresh nix-channel each day
+      systemd.services.channel-update = {
+        description = "Update nix-channel daily";
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = "/run/current-system/sw/bin/nix-channel --update";
+          Environment = "PATH=/run/current-system/sw/bin";
+        };
       };
-    };
-    systemd.user.timers.channel-update.enable = true;
-    systemd.services.nixos-update = {
-      description = "NixOS Upgrade";
-      unitConfig.X-StopOnRemoval = false;
-      serviceConfig.Type = "oneshot";
-      environment = config.nix.envVars //
-      { inherit (config.environment.sessionVariables) NIX_PATH;
-        HOME = "/root";
+      systemd.timers.channel-update = {
+        description = "Update nix-channel daily";
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = "daily";
+          Persistent = "true";
+        };
       };
-      path = [ pkgs.gnutar pkgs.xz pkgs.git config.nix.package.out ];
-      script = ''
-        cd /etc/nixos/
-        git pull --autostash --rebase
-        nix-channel --update
-      '';
-      startAt = cfg.dates;
-    };
-  };
+      systemd.timers.channel-update.enable = true;
+    }
+    (mkIf cfg.autoUpgrade {
+      systemd.services.nixos-update = {
+        description = "NixOS Upgrade";
+        unitConfig.X-StopOnRemoval = false;
+        restartIfChanged = false;
+        serviceConfig.Type = "oneshot";
+        environment = config.nix.envVars //
+        { inherit (config.environment.sessionVariables) NIX_PATH;
+          HOME = "/root";
+        };
+        path = [ pkgs.gnutar pkgs.xz pkgs.git config.nix.package.out ];
+        script = ''
+          cd /etc/nixos/
+          git pull --autostash --rebase
+          nix-channel --update
+          /run/current-system/sw/bin/nixos-rebuild switch
+        '';
+        startAt = cfg.dates;
+        onFailure = ["status-email-root@%n.service"];
+      };
+    })
+  ]);
 }