From b37bdf88e100532e7eec760fec0dbfd4b6fe70c9 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 1 Dec 2023 18:14:25 +0100 Subject: [PATCH] pkgs/nixfiles: Ask before doing a system upgrade from Hydra --- modules/nixfiles/nixfiles-system-upgrade.nix | 2 +- pkgs/nixfiles/nixfiles-system-upgrade.sh | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/modules/nixfiles/nixfiles-system-upgrade.nix b/modules/nixfiles/nixfiles-system-upgrade.nix index a848a92..546478b 100644 --- a/modules/nixfiles/nixfiles-system-upgrade.nix +++ b/modules/nixfiles/nixfiles-system-upgrade.nix @@ -21,7 +21,7 @@ in systemd.services.nixfiles-system-auto-upgrade = { serviceConfig = { Type = "oneshot"; - ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade${optionalString cfg.allowReboot " --allow-reboot"}"; + ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}"; }; startAt = "*-*-* 06:47:00"; }; diff --git a/pkgs/nixfiles/nixfiles-system-upgrade.sh b/pkgs/nixfiles/nixfiles-system-upgrade.sh index d3da0c0..9ad1b96 100755 --- a/pkgs/nixfiles/nixfiles-system-upgrade.sh +++ b/pkgs/nixfiles/nixfiles-system-upgrade.sh @@ -3,17 +3,22 @@ set -euo pipefail ALLOW_REBOOT= +NO_CONFIRM= while [[ $# -gt 0 ]]; do case $1 in --allow-reboot) ALLOW_REBOOT=1 shift - ;; + ;; + --no-confirm) + NO_CONFIRM=1 + shift + ;; *) echo "Unknown option $1" exit 1 - ;; + ;; esac done @@ -22,6 +27,17 @@ HYDRA_JOB_URL="https://hydra.clerie.de/job/nixfiles/nixfiles/nixosConfigurations echo "Fetching job output from ${HYDRA_JOB_URL}" STORE_PATH="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_JOB_URL}" | jq -r ".buildoutputs.out.path")" +if [[ -z $NO_CONFIRM ]]; then + echo "" + echo " ! WARNING !" + echo "" + echo " You are about to upgrade ${HOSTNAME} to ${STORE_PATH}." + echo " This can be an older version than currently running on this system." + echo "" + read -e -r -p "Continue?" confirm + echo "$confirm" > /dev/null +fi + echo "Download ${STORE_PATH}" nix copy --from "https://nix-cache.clerie.de" "${STORE_PATH}"