Anish Lakhwara
61 lines
1.6 KiB
Nix
61 lines
1.6 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
systemd.services.auto-update = {
|
|
description = "Auto-update NixOS configuration";
|
|
path = with pkgs; [ git nix openssh ];
|
|
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
User = "root";
|
|
WorkingDirectory = "/etc/commonscomputing-nix";
|
|
};
|
|
|
|
script = ''
|
|
set -e
|
|
|
|
echo "Pulling latest changes..."
|
|
git pull
|
|
|
|
echo "Updating flake inputs..."
|
|
nix flake update
|
|
|
|
# Check if there are changes to commit
|
|
if ! git diff --quiet flake.lock; then
|
|
echo "Committing flake.lock updates..."
|
|
git add flake.lock
|
|
git commit -m "auto-update: flake inputs $(date -Iseconds)"
|
|
|
|
echo "Pushing changes..."
|
|
git push
|
|
else
|
|
echo "No flake.lock changes to commit"
|
|
fi
|
|
|
|
echo "Rebuilding system..."
|
|
if ! ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --flake .#asusmini; then
|
|
echo "Build/switch failed, staying on current generation"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Auto-update completed successfully"
|
|
'';
|
|
};
|
|
|
|
systemd.timers.auto-update = {
|
|
description = "Auto-update timer";
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnCalendar = "weekly"; # Run weekly, adjust as needed
|
|
Persistent = true; # Run on boot if missed
|
|
RandomizedDelaySec = "1h"; # Add some randomness
|
|
};
|
|
};
|
|
|
|
# TODO: Set up SSH key for git push access
|
|
# Options:
|
|
# 1. Deploy key with write access to the repo
|
|
# 2. Generate SSH key on server and add to GitHub
|
|
# Command to generate: ssh-keygen -t ed25519 -f /root/.ssh/commons-nix-deploy -N ""
|
|
}
|