README.md

@@ -29,6 +29,8 @@ Adds a few new options to ``system.autoUpgrade``
 
 ``failureNotification`` sends a notification to a ntfy topic on an auto upgrade failure
 
+``extraCommands`` extra commands to run during auto upgrade 
+
 ```nix
 system.autoUpgrade = {
     enable = true;

flake.nix

@@ -3,32 +3,36 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
   };
 
-  outputs = {nixpkgs, ...}: let
+  outputs = { nixpkgs, ... }:
-    lib = nixpkgs.lib;
+    let
+      lib = nixpkgs.lib;
 
-    # Stolen from https://github.com/divnix/digga/blob/main/src/importers.nix
+      # Stolen from https://github.com/divnix/digga/blob/main/src/importers.nix
-    rakeLeaves = dirPath: let
+      rakeLeaves = dirPath:
-      seive = file: type:
+        let
-      # Only rake `.nix` files or directories
+          seive = file: type:
-        (type == "regular" && lib.hasSuffix ".nix" file) || (type == "directory");
+            # Only rake `.nix` files or directories
+            (type == "regular" && lib.hasSuffix ".nix" file) || (type == "directory");
 
-      collect = file: type: {
+          collect = file: type: {
-        name = lib.removeSuffix ".nix" file;
+            name = lib.removeSuffix ".nix" file;
-        value = let
+            value =
-          path = dirPath + "/${file}";
+              let
+                path = dirPath + "/${file}";
+              in
+              if
+                (type == "regular")
+                || (type == "directory" && builtins.pathExists (path + "/default.nix"))
+              then path
+              # recurse on directories that don't contain a `default.nix`
+              else rakeLeaves path;
+          };
+
+          files = lib.filterAttrs seive (builtins.readDir dirPath);
         in
-          if
+        lib.filterAttrs (n: v: v != { }) (lib.mapAttrs' collect files);
-            (type == "regular")
-            || (type == "directory" && builtins.pathExists (path + "/default.nix"))
-          then path
-          # recurse on directories that don't contain a `default.nix`
-          else rakeLeaves path;
-      };
-
-      files = lib.filterAttrs seive (builtins.readDir dirPath);
     in
-      lib.filterAttrs (n: v: v != {}) (lib.mapAttrs' collect files);
+    {
-  in {
+      nixosModules = rakeLeaves ./modules;
-    nixosModules = rakeLeaves ./modules;
+    };
-  };
 }

modules/nixos-upgrade.nix

@@ -1,40 +1,50 @@
-{
+{ config
-  config,
+, lib
-  lib,
+, pkgs
-  pkgs,
+, ...
-  ...
+}:
-}: let
+let
   cfg = config.system.autoUpgrade;
 
   updateScript = pkgs.writeShellApplication {
     name = "update";
 
-    runtimeInputs = with pkgs; [git nix];
+    runtimeInputs = with pkgs; [ git nix ];
 
     text = ''
       cd ${cfg.flake}
       git pull
       nix flake update --commit-lock-file
+      ${cfg.extraCommands}
       git push
     '';
   };
-in {
+in
+{
   options.system.autoUpgrade = {
-    # TODO: make sure flake is a local folder
+    # TODO: make sure system.autoUpgrade.flake is a local folder
     updateFlake = lib.mkOption {
       default = false;
       description = "Update lockfile of the flake.";
+      example = true;
+    };
+
+    extraCommands = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      description = "Extra commands to run during upgrade";
     };
 
     failureNotification = {
       enable = lib.mkOption {
         default = false;
         description = "Enable ntfy notification on upgrade failure.";
+        example = true;
       };
 
       ntfyUrlFile = lib.mkOption {
         type = lib.types.nullOr lib.types.path;
         description = "Environment file containing NTFY_URL";
+        example = "/etc/secrets/failureNotification.env";
       };
     };
   };
@@ -42,10 +52,10 @@ in {
   config.systemd.services = lib.mkIf cfg.enable {
     nixos-upgrade.serviceConfig.ExecStartPre =
       lib.mkIf cfg.updateFlake
-      (lib.getExe updateScript);
+        (lib.getExe updateScript);
 
     nixos-upgrade-failure = lib.mkIf cfg.failureNotification.enable {
-      path = with pkgs; ["/run/wrappers" "/run/current-system/sw" curl];
+      path = with pkgs; [ "/run/wrappers" "/run/current-system/sw" curl ];
       script = ''
         journalctl _SYSTEMD_INVOCATION_ID=`systemctl show --value -p InvocationID nixos-upgrade.service` > /tmp/upgrade-failure.txt
         curl -T /tmp/upgrade-failure.txt  -H "Filename: failure-logs.txt" -H "Title: Nixos auto upgrade failed for $(hostname)" $NTFY_URL
@@ -58,6 +68,6 @@ in {
       };
     };
 
-    nixos-upgrade.onFailure = lib.mkIf cfg.failureNotification.enable ["nixos-upgrade-failure.service"];
+    nixos-upgrade.onFailure = lib.mkIf cfg.failureNotification.enable [ "nixos-upgrade-failure.service" ];
   };
 }

modules/qbittorrent-nox.nix

@@ -1,15 +1,16 @@
-{
+{ config
-  config,
+, pkgs
-  pkgs,
+, lib
-  lib,
+, ...
-  ...
+}:
-}: let
+let
   cfg = config.services.qbittorrent-nox;
-in {
+in
+{
   options.services.qbittorrent-nox = {
     enable = lib.mkEnableOption "qbittorrent, BitTorrent client.";
 
-    package = lib.mkPackageOption pkgs "qbittorrent-nox" {};
+    package = lib.mkPackageOption pkgs "qbittorrent-nox" { };
 
     openFirewall = lib.mkOption {
       default = false;
@@ -42,13 +43,13 @@ in {
     systemd = {
       services.qbittorrent-nox = {
         description = "qbittorrent BitTorrent client";
-        wants = ["network-online.target"];
+        wants = [ "network-online.target" ];
         after = [
           "local-fs.target"
           "network-online.target"
           "nss-lookup.target"
         ];
-        wantedBy = ["multi-user.target"];
+        wantedBy = [ "multi-user.target" ];
 
         # Needed for running cross-seed's hook
         # /bin/sh -c "curl -XPOST http://localhost:2468/api/webhook --data-urlencode 'name=%N'"
@@ -87,7 +88,7 @@ in {
           MemoryDenyWriteExecute = true;
           SystemCallArchitectures = "native";
           CapabilityBoundingSet = "";
-          SystemCallFilter = ["@system-service"];
+          SystemCallFilter = [ "@system-service" ];
         };
       };
     };

modules/unpackerr.nix

@@ -1,14 +1,15 @@
-{
+{ config
-  config,
+, lib
-  lib,
+, pkgs
-  pkgs,
+, ...
-  ...
+}:
-}: let
+let
   cfg = config.services.unpackerr;
-in {
+in
+{
   options.services.unpackerr = {
     enable = lib.mkEnableOption "unpackerr";
-    package = lib.mkPackageOption pkgs "unpackerr" {};
+    package = lib.mkPackageOption pkgs "unpackerr" { };
 
     user = lib.mkOption {
       type = lib.types.str;
@@ -23,7 +24,7 @@ in {
     };
 
     settings = lib.mkOption {
-      default = {};
+      default = { };
       description = "unpackerr config file";
     };
 
@@ -43,7 +44,7 @@ in {
           User = cfg.user;
           Group = cfg.group;
           ProtectHome = "yes";
-          DeviceAllow = [""];
+          DeviceAllow = [ "" ];
           LockPersonality = true;
           MemoryDenyWriteExecute = true;
           PrivateDevices = true;
@@ -63,7 +64,7 @@ in {
           EnvironmentFile = cfg.environmentFile;
         };
 
-        wantedBy = ["default.target"];
+        wantedBy = [ "default.target" ];
       };
     };
   };