diff --git a/system/pull-update.nix b/system/pull-update.nix deleted file mode 100644 index 5bf03ed..0000000 --- a/system/pull-update.nix +++ /dev/null @@ -1,87 +0,0 @@ -# Pull-based NixOS updates for hosts that can't be pushed to reliably. -# CI builds the system closure on muffin (which Harmonia serves), then -# records the output store path at /deploy/. On boot this -# service fetches that path, pulls the closure from the binary cache, -# sets it as the boot profile, and reboots into it. -# -# Runs before the display manager so the user sees progress on the -# console instead of staring at a frozen Steam loading screen. -{ - pkgs, - hostname, - lib, - ... -}: -let - deploy-url = "https://nix-cache.sigkill.computer/deploy/${hostname}"; - - pull-update = pkgs.writeShellApplication { - name = "pull-update"; - - runtimeInputs = with pkgs; [ - pkgs.curl - pkgs.coreutils - pkgs.nix - pkgs.systemd - pkgs.util-linux - ]; - - text = '' - set -uo pipefail - - # wait for actual connectivity, not just networkd "up" - for i in $(seq 1 30); do - if curl -sf --max-time 5 "${deploy-url}" >/dev/null; then - break - fi - echo "Waiting for network... ($i/30)" - sleep 2 - done - - STORE_PATH=$(curl -sf --max-time 30 "${deploy-url}" || true) - - if [ -z "$STORE_PATH" ]; then - echo "Server unreachable or no deployment available, skipping" - exit 0 - fi - - CURRENT=$(readlink -f /nix/var/nix/profiles/system) - if [ "$CURRENT" = "$STORE_PATH" ]; then - echo "Already on latest configuration" - exit 0 - fi - - echo "" - echo "=====================================" - echo " System update available. Installing." - echo "=====================================" - echo "" - - nix-store -r "$STORE_PATH" || { echo "Failed to fetch closure"; exit 1; } - nix-env -p /nix/var/nix/profiles/system --set "$STORE_PATH" || { echo "Failed to set profile"; exit 1; } - "$STORE_PATH/bin/switch-to-configuration" boot || { echo "Failed to install boot entry"; exit 1; } - - echo "" - echo "Update installed. Rebooting..." - echo "" - systemctl reboot - ''; - }; -in -{ - systemd.services.pull-update = { - description = "Pull latest NixOS configuration from binary cache"; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - # run before the display manager so the message is visible on the console - before = [ "display-manager.service" ]; - wantedBy = [ "multi-user.target" ]; - restartIfChanged = false; - serviceConfig = { - Type = "oneshot"; - ExecStart = lib.getExe pull-update; - StandardOutput = "journal+console"; - StandardError = "journal+console"; - }; - }; -} diff --git a/system/system-yarn.nix b/system/system-yarn.nix index 6a0f0c7..58e661d 100644 --- a/system/system-yarn.nix +++ b/system/system-yarn.nix @@ -11,7 +11,6 @@ ./disk_yarn.nix ./common.nix ./impermanence.nix - ./pull-update.nix ./no-rgb.nix ./vr.nix @@ -97,65 +96,102 @@ # This prevents Steam from requesting reboots for "system updates" # Steam client updates will still work normally nixpkgs.overlays = [ - (final: prev: { - jovian-stubs = prev.stdenv.mkDerivation { - name = "jovian-stubs-no-update"; - dontUnpack = true; - installPhase = '' - mkdir -p $out/bin + ( + final: prev: + let + deploy-url = "https://nix-cache.sigkill.computer/deploy/yarn"; - # steamos-update: always report "no update available" (exit 7) - # This disables the kernel mismatch check that triggers reboot prompts - cat > $out/bin/steamos-update << 'STUB' - #!/bin/sh - >&2 echo "[JOVIAN] $0: stub called with: $* (system updates disabled)" - exit 7 - STUB + steamos-update-script = final.writeShellScript "steamos-update" '' + export PATH=${ + final.lib.makeBinPath [ + final.curl + final.coreutils + final.nix + ] + } - # steamos-reboot: reboot the system - cat > $out/bin/steamos-reboot << 'STUB' - #!/bin/sh - >&2 echo "[JOVIAN] $0: stub called with: $*" - systemctl reboot - STUB + STORE_PATH=$(curl -sf --max-time 30 "${deploy-url}" || true) - # steamos-select-branch: no-op stub - cat > $out/bin/steamos-select-branch << 'STUB' - #!/bin/sh - >&2 echo "[JOVIAN] $0: stub called with: $*" - exit 0 - STUB + if [ -z "$STORE_PATH" ]; then + >&2 echo "[steamos-update] server unreachable" + exit 7 + fi - # steamos-factory-reset-config: no-op stub - cat > $out/bin/steamos-factory-reset-config << 'STUB' - #!/bin/sh - >&2 echo "[JOVIAN] $0: stub called with: $*" - exit 0 - STUB + CURRENT=$(readlink -f /nix/var/nix/profiles/system) + if [ "$CURRENT" = "$STORE_PATH" ]; then + >&2 echo "[steamos-update] no update available" + exit 7 + fi - # steamos-firmware-update: no-op stub - cat > $out/bin/steamos-firmware-update << 'STUB' - #!/bin/sh - >&2 echo "[JOVIAN] $0: stub called with: $*" - exit 0 - STUB + # check-only mode: just report that an update exists + if [ "''${1:-}" = "check" ] || [ "''${1:-}" = "--check-only" ]; then + >&2 echo "[steamos-update] update available" + exit 0 + fi - # pkexec: pass through to real pkexec - cat > $out/bin/pkexec << 'STUB' - #!/bin/sh - exec /run/wrappers/bin/pkexec "$@" - STUB + >&2 echo "[steamos-update] downloading update..." + nix-store -r "$STORE_PATH" || { >&2 echo "[steamos-update] fetch failed"; exit 1; } - # sudo: pass through to doas - cat > $out/bin/sudo << 'STUB' - #!/bin/sh - exec /run/wrappers/bin/doas "$@" - STUB + >&2 echo "[steamos-update] installing update..." + nix-env -p /nix/var/nix/profiles/system --set "$STORE_PATH" || { >&2 echo "[steamos-update] profile set failed"; exit 1; } + "$STORE_PATH/bin/switch-to-configuration" boot || { >&2 echo "[steamos-update] boot entry failed"; exit 1; } - chmod 755 $out/bin/* + >&2 echo "[steamos-update] update installed, reboot to apply" ''; - }; - }) + in + { + jovian-stubs = prev.stdenv.mkDerivation { + name = "jovian-stubs"; + dontUnpack = true; + installPhase = '' + mkdir -p $out/bin + ln -s ${steamos-update-script} $out/bin/steamos-update + + # steamos-reboot: reboot the system + cat > $out/bin/steamos-reboot << 'STUB' + #!/bin/sh + >&2 echo "[JOVIAN] $0: stub called with: $*" + systemctl reboot + STUB + + # steamos-select-branch: no-op stub + cat > $out/bin/steamos-select-branch << 'STUB' + #!/bin/sh + >&2 echo "[JOVIAN] $0: stub called with: $*" + exit 0 + STUB + + # steamos-factory-reset-config: no-op stub + cat > $out/bin/steamos-factory-reset-config << 'STUB' + #!/bin/sh + >&2 echo "[JOVIAN] $0: stub called with: $*" + exit 0 + STUB + + # steamos-firmware-update: no-op stub + cat > $out/bin/steamos-firmware-update << 'STUB' + #!/bin/sh + >&2 echo "[JOVIAN] $0: stub called with: $*" + exit 0 + STUB + + # pkexec: pass through to real pkexec + cat > $out/bin/pkexec << 'STUB' + #!/bin/sh + exec /run/wrappers/bin/pkexec "$@" + STUB + + # sudo: pass through to doas + cat > $out/bin/sudo << 'STUB' + #!/bin/sh + exec /run/wrappers/bin/doas "$@" + STUB + + chmod 755 $out/bin/* + ''; + }; + } + ) ]; jovian = {