I have all my NixOS configuration in git, now what I want to achieve is: when something changes this change should get automatically applied to the machine. Perhaps this could be called CI/CD but in essence it is just that git is my source of truth.
So I’ve created some systemd service/timer oneshot thing that periodically invokes something like:
git pull
nixos-rebuild switch
Everything is fine, except that there is a bit of a chicken-and-egg problem. When the service itself is changed I get:
/nix/store/vrh8hq6cgwhkwhn829kgzjix35208321-nixos-rebuild/bin/nixos-rebuild: line 303: 15411 Terminated “${maybeSudo[@]}” “$@”
service → nixos-rebuild → service. So how to break this cycle? I don’t really want to have some stuff not managed through nix configuration. So ideally I could somehow set some env. variable and then the rebuild wouldn’t touch the service. Or perhaps there is some easier way? Is anybody else using some similar workflow?