UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

updater #19

Merged
hdh20267 merged 6 commits from updater into main 2025-12-19 16:00:33 +00:00
Conversation 0 Commits 6 Files Changed 1 +108
1 changed files with 108 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
sw/updater.nix
View File

@@ -43,6 +43,98 @@ with lib;
# Service path for unprivileged (no flags)
UNIT="update-system.service"
<<<<<<< HEAD
# Figure out the "real" invoking user, even under sudo.
INVOKER_USER="''${SUDO_USER:-$(id -un)}"
INVOKER_HOME="$(getent passwd "$INVOKER_USER" | cut -d: -f6)"
if [ -z "$INVOKER_HOME" ]; then
# fallback if getent is weird in some containers
INVOKER_HOME="''${HOME:-/home/$INVOKER_USER}"
fi
# Defaults for flagged mode
DEFAULT_REMOTE_URL="https://git.factory.uga.edu/UGA-Innovation-Factory/athenix"
REPO_MODE="default" # default | local | remote
LOCAL_PATH=""
REMOTE_URL=""
BRANCH=""
IMPURE=0
usage() {
cat >&2 <<'EOF'
usage:
update-system
update-system [--local-repo[=PATH]] [--remote-repo=URL] [--branch=BRANCH] [--impure]
notes:
- No flags: runs the systemd service (works for unprivileged users via polkit).
- Any flags: only allowed for root or wheel (runs nixos-rebuild directly).
EOF
exit 2
}
# No flags -> polkit-friendly systemd service route
if [ "$#" -eq 0 ]; then
journalctl -fu "$UNIT" -n 0 --output=cat &
JPID=$!
if systemctl start --wait --no-ask-password "$UNIT"; then
STATUS=$?
else
STATUS=$?
fi
sleep 2
kill "$JPID" 2>/dev/null || true
exit "$STATUS"
fi
# Flags -> require root or wheel
if ! is_root && ! in_wheel; then
printf "''${RED}error:''${NC} flags are only allowed for root or wheel. Run without flags (service path), or use sudo / add yourself to wheel.\n" >&2
exit 2
fi
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
--local-repo)
REPO_MODE="local"
LOCAL_PATH="$INVOKER_HOME/athenix"
shift
;;
--local-repo=*)
REPO_MODE="local"
LOCAL_PATH="''${1#*=}"
shift
;;
--remote-repo=*)
REPO_MODE="remote"
REMOTE_URL="''${1#*=}"
shift
;;
--branch)
[ "$#" -ge 2 ] || usage
BRANCH="$2"
shift 2
;;
--branch=*)
BRANCH="''${1#*=}"
shift
;;
--impure)
IMPURE=1
shift
;;
-h|--help) usage ;;
*)
printf "''${RED}error:''${NC} unknown argument: %s\n" "$1" >&2
usage
;;
esac
done
=======
# Defaults for flagged mode
DEFAULT_REMOTE_URL="https://git.factory.uga.edu/UGA-Innovation-Factory/athenix"
REPO_MODE="default" # default | local | remote
@@ -125,6 +217,7 @@ with lib;
esac
done
>>>>>>> origin/main
if [ "$REPO_MODE" = "local" ] && [ -n "$REMOTE_URL" ]; then
printf "''${RED}error:''${NC} can't use --local-repo and --remote-repo together.\n" >&2
exit 2
@@ -134,7 +227,11 @@ with lib;
# Build flake ref
if [ "$REPO_MODE" = "local" ]; then
<<<<<<< HEAD
[ -n "$LOCAL_PATH" ] || LOCAL_PATH="$INVOKER_HOME/athenix"
=======
[ -n "$LOCAL_PATH" ] || LOCAL_PATH="''${HOME}/athenix"
>>>>>>> origin/main
# Clone default repo if missing
if [ ! -d "$LOCAL_PATH" ]; then
@@ -177,7 +274,18 @@ with lib;
impureFlag="--impure"
fi
<<<<<<< HEAD
# If not root, re-exec via sudo to do the actual switch.
# Preserve our computed invoker context so sudo doesn't "helpfully" change it.
if ! is_root; then
exec sudo --preserve-env=HOME,USER,LOGNAME \
nixos-rebuild switch --refresh --print-build-logs $impureFlag --flake "$flakeRef"
else
exec nixos-rebuild switch --refresh --print-build-logs $impureFlag --flake "$flakeRef"
fi
=======
exec nixos-rebuild switch --refresh --print-build-logs $impureFlag --flake "''${flakeRef}"
>>>>>>> origin/main
'')
];