chaosbit/nix-auto-update
1
0
Fork 0
Code Issues Pull Requests Actions Activity

initial commit

Browse Source
This commit is contained in:
bit
2025-08-20 18:24:30 +02:00
commit eea18118a0
4 changed files with 414 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

218
module/default.nix Normal file
View File

@@ -0,0 +1,218 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.system.autoUpdate;
in
{
options = {
system.autoUpdate = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to periodically update the NixOS
configuration to the latest version.
'';
};
flake = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = "github:kloenk/nix";
description = ''
The Flake URI of the NixOS configuration to build.
'';
};
flags = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [
"-I"
"stuff=/home/alice/nixos-stuff"
"--option"
"extra-binary-caches"
"http://my-cache.example.org/"
];
description = ''
Any additional flags passed to {command}`nixos-rebuild`.
If you are using flakes and use a local repo you can add
{command}`[ "--update-input" "nixpkgs" "--commit-lock-file" ]`
to update nixpkgs.
'';
};
dates = lib.mkOption {
type = lib.types.str;
default = "04:40";
example = "daily";
description = ''
How often or when upgrade occurs. For most desktop and server systems
a sufficient upgrade frequency is once a day.
The format is described in
{manpage}`systemd.time(7)`.
'';
};
randomizedDelaySec = lib.mkOption {
default = "0";
type = lib.types.str;
example = "45min";
description = ''
Add a randomized delay before each automatic upgrade.
The delay will be chosen between zero and this value.
This value must be a time span in the format specified by
{manpage}`systemd.time(7)`
'';
};
fixedRandomDelay = lib.mkOption {
default = false;
type = lib.types.bool;
example = true;
description = ''
Make the randomized delay consistent between runs.
This reduces the jitter between automatic upgrades.
See {option}`randomizedDelaySec` for configuring the randomized delay.
'';
};
rebootWindow = lib.mkOption {
description = ''
Define a lower and upper time value (in HH:MM format) which
constitute a time window during which reboots are allowed after an upgrade.
This option only has an effect when {option}`allowReboot` is enabled.
The default value of `null` means that reboots are allowed at any time.
'';
default = null;
example = {
lower = "01:00";
upper = "05:00";
};
type =
with lib.types;
nullOr (submodule {
options = {
lower = lib.mkOption {
description = "Lower limit of the reboot window";
type = lib.types.strMatching "[[:digit:]]{2}:[[:digit:]]{2}";
example = "01:00";
};
upper = lib.mkOption {
description = "Upper limit of the reboot window";
type = lib.types.strMatching "[[:digit:]]{2}:[[:digit:]]{2}";
example = "05:00";
};
};
});
};
environment = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Extra Environment variables to pass to the update script.";
default = {};
example = {
GIT_SSH = "ssh -i /root/.ssh/custom-deploy-key";
};
};
persistent = lib.mkOption {
default = true;
type = lib.types.bool;
example = false;
description = ''
Takes a boolean argument. If true, the time when the service
unit was last triggered is stored on disk. When the timer is
activated, the service unit is triggered immediately if it
would have been triggered at least once during the time when
the timer was inactive. Such triggering is nonetheless
subject to the delay imposed by RandomizedDelaySec=. This is
useful to catch up on missed runs of the service when the
system was powered down.
'';
};
};
};
config = lib.mkIf cfg.enable {
system.autoUpgrade.flags = (
[
"--refresh"
"--flake ${cfg.flake}"
]
);
systemd.services.nixos-update = {
description = "NixOS Upgrade";
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig.Type = "oneshot";
environment =
config.nix.envVars
// {
inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
}
// config.networking.proxy.envVars // cfg.environment;
path = with pkgs; [
coreutils
gnutar
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
];
script = import ./script.nix {
inherit cfg;
nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild";
date = "${pkgs.coreutils}/bin/date";
realpath = "${pkgs.coreutils}/bin/realpath";
stat = "${pkgs.coreutils}/bin/stat";
cut = "${pkgs.coreutils}/bin/cut";
head = "${pkgs.coreutils}/bin/head";
grep = "${pkgs.gnugrep}/bin/grep";
grub-reboot = "${pkgs.grub2}/bin/grub-reboot";
shutdown = "${config.systemd.package}/bin/shutdown";
bootctl = "${config.systemd.package}/bin/bootctl";
systemd-analyze = "${config.systemd.package}/bin/systemd-analyze";
upgradeFlag = "--upgrade";
units = "${pkgs.units}/bin/units";
jq = "${pkgs.jq}/bin/jq";
hostname = "${pkgs.nettools}/bin/hostname";
};
startAt = cfg.dates;
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
};
systemd.timers.nixos-update = {
timerConfig = {
RandomizedDelaySec = cfg.randomizedDelaySec;
FixedRandomDelay = cfg.fixedRandomDelay;
Persistent = cfg.persistent;
};
};
};
}