sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modules/nixos: add update-host

Browse source
This commit is contained in:
zowoq 2024-08-27 09:26:35 +10:00
parent fe8818dceb
commit 4f10f3d3c0
4 changed files with 63 additions and 31 deletions

2
modules/nixos/common/default.nix
View file

@ -8,10 +8,10 @@
imports = [
../../shared/known-hosts.nix
../../shared/nix-daemon.nix
./reboot.nix
./security.nix
./sops-nix.nix
./telegraf.nix
./update.nix
./users.nix
inputs.sops-nix.nixosModules.sops
inputs.agenix.nixosModules.age

30
modules/nixos/common/reboot.nix
View file

@ -1,30 +0,0 @@
{ config, pkgs, ... }:
{
# adapted from:
# https://github.com/NixOS/nixpkgs/blob/3428bdf3c93a7608615dddd44dec50c3df89b4be/nixos/modules/system/boot/kexec.nix
# https://github.com/NixOS/nixpkgs/blob/3428bdf3c93a7608615dddd44dec50c3df89b4be/nixos/modules/tasks/auto-upgrade.nix
systemd.services.reboot-after-update = {
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig.Type = "oneshot";
path = [
config.systemd.package
pkgs.coreutils
pkgs.kexec-tools
];
script = ''
booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules} && cat /run/booted-system/kernel-params)"
p="$(readlink -f /nix/var/nix/profiles/system)"
built="$(readlink $p/{initrd,kernel,kernel-modules} && cat $p/kernel-params)"
if [ "''${booted}" != "''${built}" ]; then
# don't use kexec if system is virtualized
systemd-detect-virt -q || kexec --load $p/kernel --initrd=$p/initrd --append="$(cat $p/kernel-params) init=$p/init"
systemctl reboot
fi
'';
startAt = "hourly";
};
systemd.timers.reboot-after-update = {
timerConfig.RandomizedDelaySec = "2h";
};
}

33
modules/nixos/common/update.bash Normal file
View file

@ -0,0 +1,33 @@
arch=$(uname -m)
hostname=$(uname -n)
p=$(curl -L https://buildbot.nix-community.org/nix-outputs/nix-community/infra/master/"$arch"-linux.host-"$hostname")
if [[ "$(readlink /run/booted-system)" == "$p" ]]; then
return
fi
if [[ "$(readlink /run/current-system)" == "$p" ]]; then
return
fi
nix-store --realise "$p"
nix-env --profile /nix/var/nix/profiles/system --set "$p"
booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules} && cat /run/booted-system/kernel-params)"
built="$(readlink "$p"/{initrd,kernel,kernel-modules} && cat "$p"/kernel-params)"
if [[ $booted != "$built" ]]; then
if [[ -e /run/current-system ]]; then
echo "--- diff to current-system"
nvd diff /run/current-system "$p"
echo "---"
fi
/nix/var/nix/profiles/system/bin/switch-to-configuration boot
# don't use kexec if system is virtualized, reboots are fast enough
if ! systemd-detect-virt -q; then
kexec --load "$p"/kernel --initrd="$p"/initrd --append="$(cat "$p"/kernel-params) init=$p/init"
fi
if [[ ! -e /run/systemd/shutdown/scheduled ]]; then
shutdown -r "+$(shuf -i 5-60 -n 1)"
fi
else
/nix/var/nix/profiles/system/bin/switch-to-configuration switch
fi

29
modules/nixos/common/update.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
# adapted from:
# https://github.com/Mic92/dotfiles/blob/020180880d9413e076073889f82c4751a27734e9/nixos/modules/update-prefetch.nix
# https://github.com/NixOS/nixpkgs/blob/3428bdf3c93a7608615dddd44dec50c3df89b4be/nixos/modules/system/boot/kexec.nix
# https://github.com/NixOS/nixpkgs/blob/3428bdf3c93a7608615dddd44dec50c3df89b4be/nixos/modules/tasks/auto-upgrade.nix
systemd.services.update-host = {
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig.Restart = "on-failure";
serviceConfig.RestartSec = "30s";
serviceConfig.Type = "oneshot";
path = [
config.nix.package
config.systemd.package
pkgs.coreutils
pkgs.curl
pkgs.kexec-tools
pkgs.nvd
];
script = builtins.readFile ./update.bash;
};
systemd.timers.update-host = {
wantedBy = [ "timers.target" ];
timerConfig.OnBootSec = "5m";
timerConfig.OnUnitInactiveSec = "5m";
};
}