summary refs log tree commit diff
path: root/nixos/modules/tasks/auto-upgrade.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/tasks/auto-upgrade.nix')
-rw-r--r--nixos/modules/tasks/auto-upgrade.nix98
1 files changed, 69 insertions, 29 deletions
diff --git a/nixos/modules/tasks/auto-upgrade.nix b/nixos/modules/tasks/auto-upgrade.nix
index e70004e643e..69385e5f2fe 100644
--- a/nixos/modules/tasks/auto-upgrade.nix
+++ b/nixos/modules/tasks/auto-upgrade.nix
@@ -2,9 +2,9 @@
 
 with lib;
 
-let cfg = config.system.autoUpgrade; in
+let cfg = config.system.autoUpgrade;
 
-{
+in {
 
   options = {
 
@@ -21,6 +21,16 @@ let cfg = config.system.autoUpgrade; in
         '';
       };
 
+      flake = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "github:kloenk/nix";
+        description = ''
+          The Flake URI of the NixOS configuration to build.
+          Disables the option <option>system.autoUpgrade.channel</option>.
+        '';
+      };
+
       channel = mkOption {
         type = types.nullOr types.str;
         default = null;
@@ -35,10 +45,20 @@ let cfg = config.system.autoUpgrade; in
 
       flags = mkOption {
         type = types.listOf types.str;
-        default = [];
-        example = [ "-I" "stuff=/home/alice/nixos-stuff" "--option" "extra-binary-caches" "http://my-cache.example.org/" ];
+        default = [ ];
+        example = [
+          "-I"
+          "stuff=/home/alice/nixos-stuff"
+          "--option"
+          "extra-binary-caches"
+          "http://my-cache.example.org/"
+        ];
         description = ''
           Any additional flags passed to <command>nixos-rebuild</command>.
+
+          If you are using flakes and use a local repo you can add
+          <command>[ "--update-input" "nixpkgs" "--commit-lock-file" ]</command>
+          to update nixpkgs.
         '';
       };
 
@@ -82,11 +102,23 @@ let cfg = config.system.autoUpgrade; in
 
   config = lib.mkIf cfg.enable {
 
-    system.autoUpgrade.flags =
-      [ "--no-build-output" ]
-      ++ (if cfg.channel == null
-          then [ "--upgrade" ]
-          else [ "-I" "nixpkgs=${cfg.channel}/nixexprs.tar.xz" ]);
+    assertions = [{
+      assertion = !((cfg.channel != null) && (cfg.flake != null));
+      message = ''
+        The options 'system.autoUpgrade.channels' and 'system.autoUpgrade.flake' cannot both be set.
+      '';
+    }];
+
+    system.autoUpgrade.flags = [ "--no-build-output" ]
+      ++ (if cfg.flake == null then
+        (if cfg.channel == null then
+          [ "--upgrade" ]
+        else [
+          "-I"
+          "nixpkgs=${cfg.channel}/nixexprs.tar.xz"
+        ])
+      else
+        [ "--flake ${cfg.flake}" ]);
 
     systemd.services.nixos-upgrade = {
       description = "NixOS Upgrade";
@@ -96,33 +128,41 @@ let cfg = config.system.autoUpgrade; in
 
       serviceConfig.Type = "oneshot";
 
-      environment = config.nix.envVars //
-        { inherit (config.environment.sessionVariables) NIX_PATH;
-          HOME = "/root";
-        } // config.networking.proxy.envVars;
+      environment = config.nix.envVars // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
+      } // config.networking.proxy.envVars;
 
-      path = with pkgs; [ coreutils gnutar xz.bin gzip gitMinimal config.nix.package.out ];
+      path = with pkgs; [
+        coreutils
+        gnutar
+        xz.bin
+        gzip
+        gitMinimal
+        config.nix.package.out
+      ];
 
       script = let
-          nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild";
-        in
-        if cfg.allowReboot then ''
-            ${nixos-rebuild} boot ${toString cfg.flags}
-            booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
-            built="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
-            if [ "$booted" = "$built" ]; then
-              ${nixos-rebuild} switch ${toString cfg.flags}
-            else
-              /run/current-system/sw/bin/shutdown -r +1
-            fi
-          '' else ''
-            ${nixos-rebuild} switch ${toString cfg.flags}
-        '';
+        nixos-rebuild =
+          "${config.system.build.nixos-rebuild}/bin/nixos-rebuild";
+      in if cfg.allowReboot then ''
+        ${nixos-rebuild} boot ${toString cfg.flags}
+        booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
+        built="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
+        if [ "$booted" = "$built" ]; then
+          ${nixos-rebuild} switch ${toString cfg.flags}
+        else
+          /run/current-system/sw/bin/shutdown -r +1
+        fi
+      '' else ''
+        ${nixos-rebuild} switch ${toString cfg.flags}
+      '';
 
       startAt = cfg.dates;
     };
 
-    systemd.timers.nixos-upgrade.timerConfig.RandomizedDelaySec = cfg.randomizedDelaySec;
+    systemd.timers.nixos-upgrade.timerConfig.RandomizedDelaySec =
+      cfg.randomizedDelaySec;
 
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-16 12:53:58 +0000