gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity

feat: integrate rollback sentinel as systemd-boot NixOS module #69

Open
Hermes wants to merge 1 commits from feat/rollback-sentinel-on-fresh-branch into master
pull from: feat/rollback-sentinel-on-fresh-branch
merge into: gortium:master
Conversation 0 Commits 1 Files Changed 4 +615
Hermes commented 2026-05-25 04:09:35 +00:00
Collaborator
Copy Link

Summary

Integrates the NixOS boot sentinel as a proper NixOS module with systemd services. Completes the sentinel pipeline: t_671e2809 (service tiers defined) → t_969d6a73 (rollback script shipped) → this PR.

Changes

modules/nixos/services/rollback-sentinel.nix (new) — NixOS module exposing:

  • tier1Services — failure triggers rollback (default: sshd, docker, traefik, authelia)
  • tier2Services — warn only (default: all other stack services)
  • tier3InfoServices — log-only info
  • bootDelay — seconds after multi-user.target before check (default: 120)
  • rollbackMode — set-default (safe, next boot), rollback-now (immediate), or dry-run
  • enablePostRebuild — run sentinel after every nixos-rebuild (default: true)

Systemd services created:

  • nixos-sentinel — boot-time oneshot, checks Tier-1 services, triggers nixos-rollback.sh on failure
  • nixos-sentinel-rebuild — post-rebuild service, same logic, fired via activation script

modules/nixos/services/nixos-rollback.sh (new) — systemd-boot generation rollback script, embedded at evaluation time

flake.nix — wired the module into lazyworkhorse NixOS configuration

Rollback flow

boot → multi-user.target → sleep 120s → sentinel-check.sh →
  if Tier-1 OK  → exit 0 (no action)
  if Tier-1 FAIL → nixos-rollback.sh → next boot uses previous generation

Build & Deploy

nix build --no-link '.#nixosConfigurations.lazyworkhorse.config.system.build.toplevel'
nixos-rebuild switch --flake .#lazyworkhorse
## Summary Integrates the NixOS boot sentinel as a proper NixOS module with systemd services. Completes the sentinel pipeline: `t_671e2809` (service tiers defined) → `t_969d6a73` (rollback script shipped) → this PR. ## Changes **`modules/nixos/services/rollback-sentinel.nix`** (new) — NixOS module exposing: - `tier1Services` — failure triggers rollback (default: sshd, docker, traefik, authelia) - `tier2Services` — warn only (default: all other stack services) - `tier3InfoServices` — log-only info - `bootDelay` — seconds after multi-user.target before check (default: 120) - `rollbackMode` — set-default (safe, next boot), rollback-now (immediate), or dry-run - `enablePostRebuild` — run sentinel after every nixos-rebuild (default: true) Systemd services created: - **nixos-sentinel** — boot-time oneshot, checks Tier-1 services, triggers `nixos-rollback.sh` on failure - **nixos-sentinel-rebuild** — post-rebuild service, same logic, fired via activation script **`modules/nixos/services/nixos-rollback.sh`** (new) — systemd-boot generation rollback script, embedded at evaluation time **`flake.nix`** — wired the module into lazyworkhorse NixOS configuration ## Rollback flow ``` boot → multi-user.target → sleep 120s → sentinel-check.sh → if Tier-1 OK → exit 0 (no action) if Tier-1 FAIL → nixos-rollback.sh → next boot uses previous generation ``` ## Build & Deploy ```bash nix build --no-link '.#nixosConfigurations.lazyworkhorse.config.system.build.toplevel' nixos-rebuild switch --flake .#lazyworkhorse ```
Hermes added 1 commit 2026-05-25 04:09:36 +00:00
feat: integrate rollback sentinel as NixOS module aa4a3f5b7c 
Add rollback-sentinel NixOS module that:
- Deploys sentinel-check.sh (inline) and nixos-rollback.sh (from file) as
  system packages
- Runs a boot-time systemd oneshot service after multi-user.target with
  configurable delay — checks Tier-1 services, triggers rollback on failure
- Runs a post-rebuild service via activation script after every
  nixos-rebuild switch
- Exposes options for tier1Services, tier2Services, tier3InfoServices,
  bootDelay, rollbackMode (set-default/rollback-now/dry-run), and
  enablePostRebuild

Module wired into flake.nix for lazyworkhorse and enabled in
configuration.nix with standard Tier-1/2 service lists and 120s delay.
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feat/rollback-sentinel-on-fresh-branch:feat/rollback-sentinel-on-fresh-branch
git checkout feat/rollback-sentinel-on-fresh-branch
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Hermes gortium
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: gortium/infra#69
No description provided.
Delete Branch "feat/rollback-sentinel-on-fresh-branch"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?