emmet/nixos-config
0
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity
Files
84d7101a6e11d3bee3280a512e20bf331d59c17b
nixos-config/modules/system/phoenix/default.nix

177 lines
7.0 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
{
options = {
systemSettings = {
dotfilesDir = lib.mkOption {
default = "/etc/nixos";
description = "Absolute path to the dotfiles directory";
type = lib.types.path;
};
secretsFlakeDir = lib.mkOption {
default = "/etc/nixos.secrets";
description = "Absolute path to my secrets flake";
type = lib.types.path;
};
systemBuilder.enable = lib.mkEnableOption "Enable automatic config updater and builder";
systemBuilder.buildCronExpression = lib.mkOption {
default = "Sat *-*-* 02:00:00"; # Sat morning at 2am
description = "Cron expression for when the system should auto build config";
type = lib.types.str;
};
};
};
config = {
environment.systemPackages = with pkgs; [
attic-client
git
nix-output-monitor
(pkgs.writeScriptBin "phoenix" ''
if [[ $EUID -ne 0 ]]; then
echo "Error: This script must be run as root" 1>&2
exit 1
fi
if [ "$1" = "sync" ]; then
if [ "$#" -gt 1 ]; then
echo "Warning: The 'sync' command has no subcommands (no $2 subcommand)";
fi
chown -R 0:0 ${config.systemSettings.dotfilesDir};
chown -R 0:0 ${config.systemSettings.secretsFlakeDir};
pushd ${config.systemSettings.dotfilesDir} &> /dev/null;
nixos-rebuild switch;
popd &> /dev/null;
exit 0;
elif [ "$1" = "update" ]; then
pushd ${config.systemSettings.dotfilesDir} &> /dev/null;
nix flake update "''${@:2}";
popd &> /dev/null;
#if [ "$#" -eq 1 ]; then
# pushd ${config.systemSettings.secretsFlakeDir} &> /dev/null;
# nix flake update;
# popd &> /dev/null;
#fi
exit 0;
elif [ "$1" = "pull" ]; then
if [ "$#" -gt 1 ]; then
echo "Warning: The 'pull' command has no subcommands (no $2 subcommand)";
fi
chown -R $DOAS_USER:users ${config.systemSettings.dotfilesDir};
chown -R $DOAS_USER:users ${config.systemSettings.secretsFlakeDir};
pushd ${config.systemSettings.dotfilesDir} &> /dev/null;
sudo -u $DOAS_USER git stash;
sudo -u $DOAS_USER git pull;
sudo -u $DOAS_USER git stash apply;
popd &> /dev/null;
pushd ${config.systemSettings.secretsFlakeDir} &> /dev/null;
sudo -u $DOAS_USER git stash;
sudo -u $DOAS_USER git pull;
sudo -u $DOAS_USER git stash apply;
popd &> /dev/null;
chown -R 0:0 ${config.systemSettings.dotfilesDir};
chown -R 0:0 ${config.systemSettings.secretsFlakeDir};
exit 0;
# TODO allow specifying host with $2 in build subcommand
elif [ "$1" = "build" ]; then
if [ "$#" -gt 1 ]; then
echo "Warning: The 'build' command has no subcommands (no $2 subcommand)";
fi
chown -R 0:0 ${config.systemSettings.dotfilesDir};
chown -R 0:0 ${config.systemSettings.secretsFlakeDir};
pushd ${config.systemSettings.dotfilesDir} &> /dev/null;
nixos-rebuild build --flake .#snowfire;
attic push emmet ./result;
rm ./result;
nixos-rebuild build --flake .#duskfall;
attic push emmet ./result;
rm ./result;
nixos-rebuild build --flake .#zenith;
attic push emmet ./result;
rm ./result;
nixos-rebuild build --flake .#stardust;
attic push emmet ./result;
rm ./result;
nixos-rebuild build --flake .#ori;
attic push emmet ./result;
rm ./result;
exit 0;
elif [ "$1" = "lock" ]; then
if [ "$#" -gt 1 ]; then
echo "Warning: The 'lock' command has no subcommands (no $2 subcommand)";
fi
chown -R 0:0 ${config.systemSettings.dotfilesDir};
chown -R 0:0 ${config.systemSettings.secretsFlakeDir};
exit 0;
elif [ "$1" = "unlock" ]; then
if [ "$#" -gt 1 ]; then
echo "Warning: The 'unlock' command has no subcommands (no $2 subcommand)";
fi
chown -R $DOAS_USER:users ${config.systemSettings.dotfilesDir};
chown -R $DOAS_USER:users ${config.systemSettings.secretsFlakeDir};
exit 0;
elif [ "$1" = "gc" ]; then
if [ "$#" -gt 2 ]; then
echo "Warning: The 'gc' command only accepts one argument (collect_older_than)";
fi
if [ "$2" = "full" ]; then
nix-collect-garbage --delete-old;
elif [ "$2" ]; then
nix-collect-garbage --delete-older-than $2;
else
nix-collect-garbage --delete-older-than 30d;
fi
exit 0;
fi
'')
];
systemd.services."phoenix-system-builder" = lib.mkIf config.systemSettings.systemBuilder.enable {
path = with pkgs; [
openssh git nix nixos-rebuild
];
script = ''
set -euo pipefail
export NIX_PATH="nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix"
echo "navigating to /etc/nixos";
cd ${config.systemSettings.dotfilesDir};
echo "running git pull";
${pkgs.git}/bin/git pull;
echo "running nix flake update";
nix flake update;
${pkgs.git}/bin/git stage *;
${pkgs.git}/bin/git commit -m "Updated system" || true;
${pkgs.git}/bin/git push || true;
cd ${config.systemSettings.secretsFlakeDir};
${pkgs.git}/bin/git pull;
chown -R 0:0 ${config.systemSettings.dotfilesDir};
chown -R 0:0 ${config.systemSettings.secretsFlakeDir};
cd ${config.systemSettings.dotfilesDir};
${config.system.build.nixos-rebuild}/bin/nixos-rebuild build --flake .#snowfire;
${pkgs.attic-client}/bin/attic push emmet ./result;
rm ./result;
${config.system.build.nixos-rebuild}/bin/nixos-rebuild build --flake .#duskfall;
${pkgs.attic-client}/bin/attic push emmet ./result;
rm ./result;
${config.system.build.nixos-rebuild}/bin/nixos-rebuild build --flake .#zenith;
${pkgs.attic-client}/bin/attic push emmet ./result;
rm ./result;
${config.system.build.nixos-rebuild}/bin/nixos-rebuild build --flake .#stardust;
${pkgs.attic-client}/bin/attic push emmet ./result;
rm ./result;
${config.system.build.nixos-rebuild}/bin/nixos-rebuild build --flake .#ori;
${pkgs.attic-client}/bin/attic push emmet ./result;
rm ./result;
'';
serviceConfig = {
Type = "simple";
User = "root";
};
};
systemd.timers."phoenix-system-builder-auto" = lib.mkIf config.systemSettings.systemBuilder.enable {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = config.systemSettings.systemBuilder.buildCronExpression;
Unit = "phoenix-system-builder.service";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink