diff --git a/config/instance-20221213-1915.nix b/config/instance-20221213-1915.nix index effb1a9a..8b8432e7 100644 --- a/config/instance-20221213-1915.nix +++ b/config/instance-20221213-1915.nix @@ -151,4 +151,5 @@ }; services.restic.backups.sysbackup.paths = ["/persist"]; + system.autoUpgrade.allowReboot = true; } diff --git a/config/nas.nix b/config/nas.nix index f47f864a..37e0b10e 100644 --- a/config/nas.nix +++ b/config/nas.nix @@ -200,4 +200,5 @@ device = "/dev/sdc3"; } ]; + system.autoUpgrade.allowReboot = true; } diff --git a/config/nix.nix b/config/nix.nix index ad6a2267..6251e1a3 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -133,69 +133,14 @@ distributedBuilds = true; }; systemd.services.nix-daemon.environment.TMPDIR = "/build"; - systemd.services.nixos-upgrade = { - description = "NixOS Upgrade"; - - restartIfChanged = false; - unitConfig.X-StopOnRemoval = false; - - serviceConfig.Type = "oneshot"; - - path = with pkgs; [ - coreutils - gnutar - xz.bin - gzip - gitMinimal - config.nix.package.out - config.programs.ssh.package - jq - curl - ]; - - script = lib.mkDefault '' - #!${pkgs.bash}/bin/bash - - set -ex - - builds=$(${pkgs.curl}/bin/curl -H 'accept: application/json' https://hydra.int.chir.rs/jobset/flakes/nixos-config/evals | ${pkgs.jq}/bin/jq -r '.evals[0].builds[]') - - for build in $builds; do - doc=$(${pkgs.curl}/bin/curl -H 'accept: application/json' https://hydra.int.chir.rs/build/$build) - jobname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.job') - if [ "$jobname" = "${config.networking.hostName}.${system}" ]; then - drvname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.drvpath') - output=$(${pkgs.nix}/bin/nix-store -r $drvname) - $output/bin/switch-to-configuration boot - booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})" - built="$(${pkgs.coreutils}/bin/readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" - if [ "$booted" = "$built" ]; then - $output/bin/switch-to-configuration switch - else - ${pkgs.systemd}/bin/shutdown -r +1 - fi - exit - fi - done - - ''; - after = ["network-online.target"]; - wants = ["network-online.target"]; - }; - systemd.timers.nixos-upgrade = { - timerConfig = { - OnBootSec = 300; - RandomizedDelaySec = 3600; - OnUnitActiveSec = 3600; - }; - requires = ["nixos-upgrade.service"]; - wantedBy = ["multi-user.target"]; - }; - systemd.sockets.nixos-upgrade = { - socketConfig = { - Service = "nixos-upgrade.service"; - BindIPv6Only = true; - ListenDatagram = "[::]:15553"; - }; + system.autoUpgrade = { + enable = true; + flake = "git+https://git.chir.rs/darkkirb/nixos-config?ref=main"; + flags = [ + "--no-write-lock-file" + "-L" # print build logs + ]; + dates = "hourly"; + randomizedDelaySec = "1h"; }; } diff --git a/config/nixos-8gb-fsn1-1.nix b/config/nixos-8gb-fsn1-1.nix index 2628d0e8..00dcaaf2 100644 --- a/config/nixos-8gb-fsn1-1.nix +++ b/config/nixos-8gb-fsn1-1.nix @@ -208,23 +208,4 @@ services.resolved.enable = false; services.bind.forwarders = lib.mkForce []; services.tailscale.useRoutingFeatures = "server"; - systemd.services.nixos-upgrade.script = lib.mkForce '' - #!${pkgs.bash}/bin/bash - - set -ex - - builds=$(${pkgs.curl}/bin/curl -H 'accept: application/json' https://hydra.int.chir.rs/jobset/flakes/nixos-config/evals | ${pkgs.jq}/bin/jq -r '.evals[0].builds[]') - - for build in $builds; do - doc=$(${pkgs.curl}/bin/curl -H 'accept: application/json' https://hydra.int.chir.rs/build/$build) - jobname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.job') - if [ "$jobname" = "${config.networking.hostName}.${system}" ]; then - drvname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.drvpath') - output=$(${pkgs.nix}/bin/nix-store -r $drvname) - $output/bin/switch-to-configuration switch - exit - fi - done - - ''; } diff --git a/config/nutty-noon.nix b/config/nutty-noon.nix index da9a4c3d..6b3664e9 100644 --- a/config/nutty-noon.nix +++ b/config/nutty-noon.nix @@ -155,4 +155,5 @@ ''; services.tailscale.useRoutingFeatures = "client"; home-manager.users.darkkirb._module.args.withNSFW = lib.mkForce true; + system.autoUpgrade.allowReboot = true; } diff --git a/config/services/hydra.nix b/config/services/hydra.nix index 7f008656..48b0e66d 100644 --- a/config/services/hydra.nix +++ b/config/services/hydra.nix @@ -173,32 +173,4 @@ in { OnUnitActiveSec = 604800; }; }; - systemd.services."upload-hydra-results" = { - description = "Upload hydra build results"; - serviceConfig = { - Type = "oneshot"; - User = "hydra-queue-runner"; - Group = "hydra"; - }; - script = '' - set -ex - if [ -e /var/lib/hydra/queue-runner/uploading ]; then - cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.nix}/bin/nix copy --to 's3://cache-chir-rs?scheme=https&endpoint=ams1.vultrobjects.com&secret-key=${config.sops.secrets."services/hydra/cache-key".path}&multipart-upload=true&compression=zstd&compression-level=15' -vv - rm /var/lib/hydra/queue-runner/uploading - fi - mv /var/lib/hydra/queue-runner/upload-queue /var/lib/hydra/queue-runner/uploading - cat /var/lib/hydra/queue-runner/uploading | xargs ${pkgs.nix}/bin/nix copy --to 's3://cache-chir-rs?scheme=https&endpoint=ams1.vultrobjects.com&secret-key=${config.sops.secrets."services/hydra/cache-key".path}&multipart-upload=true&compression=zstd&compression-level=15' -vv - rm /var/lib/hydra/queue-runner/uploading - ''; - }; - systemd.timers.upload-hydra-results = { - enable = true; - description = "Upload hydra build results"; - requires = ["upload-hydra-results.service"]; - wantedBy = ["multi-user.target"]; - timerConfig = { - OnBootSec = 300; - OnUnitActiveSec = 300; - }; - }; } diff --git a/config/thinkrac.nix b/config/thinkrac.nix index 2f319148..ca132117 100644 --- a/config/thinkrac.nix +++ b/config/thinkrac.nix @@ -179,4 +179,5 @@ hardware.bluetooth.enable = true; services.blueman.enable = true; services.tailscale.useRoutingFeatures = "client"; + system.autoUpgrade.allowReboot = true; } diff --git a/config/vf2.nix b/config/vf2.nix index 8d94e8d9..a4cd0820 100644 --- a/config/vf2.nix +++ b/config/vf2.nix @@ -121,4 +121,5 @@ ]; boot.loader.efi.canTouchEfiVariables = lib.mkForce false; system.requiredKernelConfig = lib.mkForce []; + system.autoUpgrade.allowReboot = true; }