pull-update: update and reboot

.gitea/workflows/deploy.yml

@@ -24,11 +24,19 @@ jobs:
         run: |
           mkdir -p /var/lib/dotfiles-deploy
           readlink -f result > /var/lib/dotfiles-deploy/yarn
+          nix-store --add-root /var/lib/dotfiles-deploy/yarn-gcroot -r "$(readlink -f result)"
 
       - name: Build NixOS configuration (mreow)
         run: |
           nix build .#nixosConfigurations.mreow.config.system.build.toplevel -L
 
+      - name: Record mreow store path
+        continue-on-error: true
+        run: |
+          mkdir -p /var/lib/dotfiles-deploy
+          readlink -f result > /var/lib/dotfiles-deploy/mreow
+          nix-store --add-root /var/lib/dotfiles-deploy/mreow-gcroot -r "$(readlink -f result)"
+
       - name: Notify success
         if: success()
         run: |

system/pull-update.nix

@@ -2,15 +2,33 @@
 # CI builds the system closure on muffin (which Harmonia serves), then
 # records the output store path at /deploy/<hostname>.  On boot this
 # service fetches that path, pulls the closure from the binary cache,
-# and activates it.
+# sets it as the boot profile, and reboots into it.
 { pkgs, hostname, ... }:
 let
   deploy-url = "https://nix-cache.sigkill.computer/deploy/${hostname}";
 
   pull-update = pkgs.writeShellScript "pull-update" ''
-    set -euo pipefail
+    set -uo pipefail
+    export PATH=${
+      pkgs.lib.makeBinPath [
+        pkgs.curl
+        pkgs.coreutils
+        pkgs.nix
+        pkgs.systemd
+        pkgs.util-linux
+      ]
+    }
 
-    STORE_PATH=$(${pkgs.lib.getExe pkgs.curl} -sf --max-time 30 "${deploy-url}" || true)
+    # wait for actual connectivity, not just networkd "up"
+    for i in $(seq 1 30); do
+      if curl -sf --max-time 5 "${deploy-url}" >/dev/null; then
+        break
+      fi
+      echo "Waiting for network... ($i/30)"
+      sleep 2
+    done
+
+    STORE_PATH=$(curl -sf --max-time 30 "${deploy-url}" || true)
 
     if [ -z "$STORE_PATH" ]; then
       echo "Server unreachable or no deployment available, skipping"
@@ -23,11 +41,15 @@ let
       exit 0
     fi
 
-    echo "Pulling update: $CURRENT -> $STORE_PATH"
+    echo "Update available: $CURRENT -> $STORE_PATH"
-    nix-store -r "$STORE_PATH"
+
-    nix-env -p /nix/var/nix/profiles/system --set "$STORE_PATH"
+    nix-store -r "$STORE_PATH" || { echo "Failed to fetch closure"; exit 1; }
-    "$STORE_PATH/bin/switch-to-configuration" switch
+    nix-env -p /nix/var/nix/profiles/system --set "$STORE_PATH" || { echo "Failed to set profile"; exit 1; }
-    echo "Update applied"
+    "$STORE_PATH/bin/switch-to-configuration" boot || { echo "Failed to install boot entry"; exit 1; }
+
+    wall "System update installed. Rebooting in 10 seconds..."
+    sleep 10
+    systemctl reboot
   '';
 in
 {
@@ -36,6 +58,7 @@ in
     after = [ "network-online.target" ];
     wants = [ "network-online.target" ];
     wantedBy = [ "multi-user.target" ];
+    restartIfChanged = false;
     serviceConfig = {
       Type = "oneshot";
       ExecStart = pull-update;