aynish/commoncomputing-nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
commoncomputing-nix/hosts/asusmini/auto-update.nix
T
Anish Lakhwara b7da25d6f5 Bump tangled to latest master (post-v1.13.0-alpha) and pin in auto-update 
The tangled core was on rev 956f97c (v1.11.0-alpha) and v1.13.0-alpha
introduces automatic DID minting for repositories which we want.

Master HEAD (6a27cd2) is post-v1.13.0-alpha and includes the DID
auto-mint migration. After deploy, retry verification on the knot
dashboard at https://tangled.org/settings/knots.

Note: the build's reported version string is hardcoded to 1.11.0-alpha
in nix/pkgs/knot-unwrapped.nix upstream -- this is a stale label, but
the actual code includes v1.13.0-alpha features (DID minting schema in
knotserver/db/db.go).

Also add an explicit `nix flake update tangled` to auto-update.nix so
tangled is always tracked, independent of how other inputs are pinned.
2026-04-26 16:34:10 -07:00

71 lines
1.9 KiB
Nix
Raw Permalink Blame History

{ config, pkgs, ... }:
{
systemd.services.auto-update = {
description = "Auto-update NixOS configuration";
path = with pkgs; [
git
nix
openssh
];
serviceConfig = {
Type = "oneshot";
User = "root";
WorkingDirectory = "/etc/commonscomputing-nix";
};
script = ''
set -e
echo "Pulling latest changes..."
git pull
echo "Updating flake inputs..."
nix flake update
# Explicitly update tangled so we always pull the latest knot/spindle
# builds, even if other inputs are pinned or the general update is
# later restricted. tangled.org/@tangled.org/core moves quickly and
# we want to track master.
nix flake update tangled
# Check if there are changes to commit
if ! git diff --quiet flake.lock; then
echo "Committing flake.lock updates..."
git add flake.lock
git commit -m "auto-update: flake inputs $(date -Iseconds)"
echo "Pushing changes..."
git push
else
echo "No flake.lock changes to commit"
fi
echo "Rebuilding system..."
if ! ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --flake .#asusmini; then
echo "Build/switch failed, staying on current generation"
exit 1
fi
echo "Auto-update completed successfully"
'';
};
systemd.timers.auto-update = {
description = "Auto-update timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly"; # Run weekly, adjust as needed
Persistent = true; # Run on boot if missed
RandomizedDelaySec = "1h"; # Add some randomness
};
};
# TODO: Set up SSH key for git push access
# Options:
# 1. Deploy key with write access to the repo
# 2. Generate SSH key on server and add to GitHub
# Command to generate: ssh-keygen -t ed25519 -f /root/.ssh/commons-nix-deploy -N ""
}
Reference in New Issue View Git Blame Copy Permalink