modules/auto-upgrade.nix at master · ryan.freumh.org/nixos

ryan.freumh.org / nixos

btw i use nix

nixos / modules / auto-upgrade.nix

at master 1.3 kB view raw

 1{
 2  pkgs,
 3  config,
 4  lib,
 5  ...
 6}@inputs:
 7
 8let
 9  cfg = config.custom.autoUpgrade;
10in
11{
12  options.custom.autoUpgrade.enable = lib.mkEnableOption "autoUpgrade";
13
14  config = lib.mkIf cfg.enable {
15    system.autoUpgrade = {
16      enable = true;
17      # allowReboot = true;
18      flake = inputs.self.outPath;
19      # flags = [
20      #   "--update-input"
21      #   "nixpkgs"
22      #   "-L"
23      # ];
24      dates = "03:00";
25      randomizedDelaySec = "1hr";
26      rebootWindow = {
27        lower = "03:00";
28        upper = "05:00";
29      };
30    };
31    systemd.services.nixos-upgrade = with pkgs; {
32      path = [ gnupg ];
33      preStart = ''
34        # fail to start on metered connection
35        DEVICE=$(${pkgs.iproute2}/bin/ip route list 0/0 | sed -r 's/.*dev (\S*).*/\1/g')
36        METERED=$(${pkgs.networkmanager}/bin/nmcli -f GENERAL.METERED dev show "$DEVICE" | ${pkgs.gawk}/bin/awk '/GENERAL.METERED/ {print $2}')
37        if [ "$METERED_STATUS" = "yes" ]; then
38          echo "Connection is metered. Aborting start."
39          exit 1
40        fi
41
42        DIR=/etc/nixos
43        ${sudo}/bin/sudo -u `stat -c "%U" $DIR` ${git}/bin/git -C $DIR pull || exit 0
44        ${sudo}/bin/sudo -u `stat -c "%U" $DIR` ${git}/bin/git -C $DIR verify-commit HEAD
45      '';
46    };
47  };
48}