New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/self-deploy: init #120940
nixos/self-deploy: init #120940
Conversation
Add `self-deploy` service to facilitate continuous deployment of NixOS configuration from a git repository.
f3ae74a
to
a40674e
Compare
Changes: - Correct `services.self-deploy.branch` description - Use `systemd.services.<name>.restartIfChanged` - Switch to using empty git repo and fetching without adding remote - Move `systemctl reboot` to after cleanup tasks
@ofborg eval |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you format the file with nixpkgs-fmt? I don't want to write a suggestion for every little indentation.
Also some of these options could require an example value like sshKeyFile, nixArgs or startAt.
Changes: - /var/lib/{self-deploy->nixos-self-deploy} - run nixpkgs-fmt
@SuperSandro2000 made proposed changes other than |
That has nothing to do with being correct or not. Network-online delays the start unecessary and it also does not mean you have internet connection necessarily. I am not a big fan of it and have it disabled on all my machines. |
@SuperSandro2000: The Yes, |
As Gabriel mentions, my understanding is that, while the By this argument, any time that |
@SuperSandro2000: Do you have any other feedback before we merge this? |
not right now |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/how-to-use-services-self-deploy/20696/1 |
Add
self-deploy
service to facilitate continuous deployment of a NixOS system derivation from a git repository to the local system. This is based on an internal NixOS module of the same name we've been using at Awake Security that we've generalized for open source use.Motivation for this change
At Awake Security we've found our internal version of this service useful in ensuring infrastructure is always up to date and felt it could be useful for others.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)