anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-05-20 05:12:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ac3c0886b7a4479cb6e95bd00fc158567f3d8650
nixy/server-modules/auto-upgrade.nix
T
Hadi ac3c0886b7 auto upgrades 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
2026-04-12 19:02:46 +02:00

78 lines
2.3 KiB
Nix
Raw Blame History

# Auto upgrade some of my inputs every hour.
# With signal notification on failure, but only once per failure streak to avoid spamming me if something is broken for a while.
{
config,
pkgs,
...
}: let
configDir = config.var.configDirectory;
auto-update-inputs = ["blog" "awesome-wallpapers" "iknowyou" "default-creds"];
signalConfigDir = "/var/lib/signal-cli";
sentinelFile = "/var/lib/nixos-auto-upgrade/failure-notified";
in {
sops.secrets."signal-sender-number" = {};
sops.secrets."signal-receiver-number" = {};
environment.systemPackages = [pkgs.signal-cli];
systemd.tmpfiles.rules = [
"d /var/lib/nixos-auto-upgrade 0700 root root -"
"d ${signalConfigDir} 0700 root root -"
];
# Main upgrade service
systemd.services.nixos-auto-upgrade = {
description = "NixOS auto upgrade";
after = ["network-online.target"];
wants = ["network-online.target"];
serviceConfig = {
Type = "oneshot";
User = "root";
};
onFailure = ["nixos-auto-upgrade-notify.service"];
script = ''
set -e
cd ${configDir}
${pkgs.nix}/bin/nix flake update ${builtins.concatStringsSep " " auto-update-inputs}
/run/current-system/sw/bin/nixos-rebuild switch --flake ${configDir}#jack
# Clear failure sentinel on success
rm -f ${sentinelFile}
'';
};
# Notification service — only fires once per failure streak
systemd.services.nixos-auto-upgrade-notify = {
description = "Signal notification on NixOS upgrade failure";
serviceConfig = {
Type = "oneshot";
User = "root";
};
script = ''
# Already notified for this failure streak, skip
if [ -f "${sentinelFile}" ]; then
exit 0
fi
SENDER=$(cat ${config.sops.secrets."signal-sender-number".path})
RECEIVER=$(cat ${config.sops.secrets."signal-receiver-number".path})
${pkgs.signal-cli}/bin/signal-cli \
--config ${signalConfigDir} \
-u "$SENDER" send \
-m "Jack: nixos-auto-upgrade failed, check the logs: journalctl -u nixos-auto-upgrade" \
"$RECEIVER"
touch ${sentinelFile}
'';
};
# Hourly timer
systemd.timers.nixos-auto-upgrade = {
description = "NixOS auto upgrade timer";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
};
}
Reference in New Issue View Git Blame Copy Permalink