fruchti/hosts
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Auto-upgrade: Check kernel version before switching

Browse source
This commit is contained in:
fruchti 2023-02-26 18:36:18 +01:00
parent 2b4264d32d
commit 70454613d1
1 changed files with 48 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
options/auto-upgrade.nix
View file

@ -19,7 +19,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.nixos-upgrade.script = mkOverride 50 ( systemd.services.nixos-upgrade.script = mkOverride 50 (
let let
nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild"; nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild";
date = "${pkgs.coreutils}/bin/date"; date = "${pkgs.coreutils}/bin/date";
readlink = "${pkgs.coreutils}/bin/readlink"; readlink = "${pkgs.coreutils}/bin/readlink";
@ -29,26 +29,23 @@ in
upgradeFlag = optional (cfg.channel == null) "--upgrade"; upgradeFlag = optional (cfg.channel == null) "--upgrade";
in '' in ''
set -o pipefail set -o pipefail
upgrade() {
${nixos-rebuild} ${cfg.operation} ${toString (cfg.flags ++ upgradeFlag)}
}
indent() indent()
{ {
while read -r line ; do while read -r line ; do
echo " $line" echo " $line"
done <<< "$1" done <<< "$1"
} }
start_time="$(${date})" start_time="$(${date})"
reboot_allowed="no" reboot_allowed="no"
activate_configuration="yes"
do_reboot="no" do_reboot="no"
exit_code=0 exit_code=0
${optionalString cfg.allowReboot '' ${optionalString cfg.allowReboot ''
reboot_allowed="yes" reboot_allowed="yes"
${optionalString (cfg.rebootWindow != null) '' ${optionalString (cfg.rebootWindow != null) ''
current_time="$(${date} +%H:%M)" current_time="$(${date} +%H:%M)"
lower="${cfg.rebootWindow.lower}" lower="${cfg.rebootWindow.lower}"
@ -74,10 +71,8 @@ in
''} ''}
output_file="$(mktemp)" output_file="$(mktemp)"
upgrade 2>&1 | tee "$output_file" || exit_code=$? ${nixos-rebuild} boot ${toString (cfg.flags ++ upgradeFlag)} 2>&1 | tee "$output_file" || exit_code=$?
upgrade_output="$(cat "$output_file")"
rm -f "$output_file"
send_email=no send_email=no
email_subject="Upgrade succeeded" email_subject="Upgrade succeeded"
email_body="The system upgrade started at $start_time has succeeded." email_body="The system upgrade started at $start_time has succeeded."
@ -86,30 +81,15 @@ in
email_subject="Upgrade failed (exit code $exit_code)" email_subject="Upgrade failed (exit code $exit_code)"
email_body="The system upgrade started at $start_time has failed with exit code $exit_code." email_body="The system upgrade started at $start_time has failed with exit code $exit_code."
fi fi
possible_warnings="$(${grep} -e "^trace:" <<<"$upgrade_output" || true)"
if [ "$possible_warnings" != "" ] ; then
send_email=yes
email_subject="$email_subject with warnings"
email_body="$(cat <<-EOF
$email_body
These trace messages and warnings were encountered:
---------------------------------------------------
$possible_warnings
EOF
)"
fi
booted_version="$(${readlink} /run/booted-system/{initrd,kernel,kernel-modules})" booted_version="$(${readlink} /run/booted-system/{initrd,kernel,kernel-modules})"
built_version="$(${readlink} /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" built_version="$(${readlink} /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
if [ "$booted_version" != "$built_version" ] ; then if [ "$booted_version" != "$built_version" ] ; then
version_comparison="$(cat <<-EOF version_comparison="$(cat <<-EOF
The booted kernel version The booted kernel version
$(indent "$booted_version") $(indent "$booted_version")
does not match currently active does not match the newly built
$(indent "$built_version") $(indent "$built_version")
. .
EOF EOF
@ -119,19 +99,48 @@ in
email_subject="$email_subject, reboot required" email_subject="$email_subject, reboot required"
email_body="$(cat <<-EOF email_body="$(cat <<-EOF
$email_body $email_body
A reboot is required, because: A reboot is required, because:
------------------------------ ------------------------------
$version_comparison $version_comparison
EOF EOF
)" )"
activate_configuration="no"
if [ "$reboot_allowed" = "yes" ] && [ $exit_code -eq 0 ] ; then if [ "$reboot_allowed" = "yes" ] && [ $exit_code -eq 0 ] ; then
email_body="$(printf "%s\n%s" "$email_body" "The system will reboot now.")" email_body="$(printf "%s\n%s" "$email_body" "The system will reboot now.")"
do_reboot="yes" do_reboot="yes"
activate_configuration="yes"
else
email_body="$(printf "%s\n%s" "$email_body" "The upgraded configuration will be activated on the next reboot.")"
fi fi
fi fi
${optionalString (cfg.operation == "switch") ''
if [ "$activate_configuration" = "yes" ] ; then
echo "Activating new configuration."
${nixos-rebuild} switch ${toString cfg.flags} 2>&1 | tee -a "$output_file" || exit_code=$?
fi
''}
upgrade_output="$(cat "$output_file")"
rm -f "$output_file"
possible_warnings="$(${grep} -e "^trace:" <<<"$upgrade_output" || true)"
if [ "$possible_warnings" != "" ] ; then
send_email=yes
email_subject="$email_subject with warnings"
email_body="$(cat <<-EOF
$email_body
These trace messages and warnings were encountered:
---------------------------------------------------
$possible_warnings
EOF
)"
fi
${optionalString cfg.sendEmail '' ${optionalString cfg.sendEmail ''
if [ "$send_email" = "yes" ] ; then if [ "$send_email" = "yes" ] ; then
${sendmail} -t -X - <<-EOF ${sendmail} -t -X - <<-EOF
@ -141,22 +150,22 @@ in
Content-Transfer-Encoding: 8bit Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8 Content-Type: text/plain; charset=UTF-8
X-Priority: 3 X-Priority: 3
$email_body $email_body
Full upgrade output: Full upgrade output:
-------------------- --------------------
$upgrade_output $upgrade_output
EOF EOF
fi fi
''} ''}
if [ "$do_reboot" = "yes" ] ; then if [ "$do_reboot" = "yes" ] ; then
echo "Rebooting system." echo "Rebooting system."
${shutdown} -r +1 ${shutdown} -r +1
fi fi
exit $exit_code exit $exit_code
'' ''
); );