Expand description
Linux (NixOS) activation primitives. fire_* uses systemd-run --unit=...
so the agent’s SIGTERM can’t kill the activation mid-run.
Structs§
Constants§
- CURRENT_
SYSTEM_ 🔒PATH - SWITCH_
INHIBITORS 🔒 - Critical components whose live-swap nixos-rebuild refuses. Detection is
canonicalize-equality on the symlink target between current + new closure.
initis NOT listed: it’s a regenerated-per-system stub that always differs across closures regardless of whether anything runtime-relevant changed; listing it would force a defer on every update. The actually- unsafe components are systemd (PID 1), kernel, and dbus. - SWITCH_
LOCK_ 🔒PATH
Functions§
- detect_
switch_ 🔒inhibitors - Returns
Some(component)when a critical-component swap is detected between the running system and the new closure. Either side missing the path is out-of-scope (returnsNonefor that component) - we only flag genuine swaps, not absences. - fire_
rollback 🔒 - LOADBEARING:
target_basenameresolves to the rolled-back closure’s store path, NOT/run/current-system. The agent fires rollback while the failed closure is still current, so itsswitch-to-configurationwould “switch to” itself - a no-op that leaves nginx (or whatever caused the failure) still down. Use the freshly-flipped profile target’s binary. - fire_
switch 🔒 - is_
switch_ 🔒in_ progress - Fail-open: absent lock file or missing flock binary -> false.
- is_
switch_ 🔒in_ progress_ at - read_
unit_ 🔒exit_ code Noneon failure / empty / non-numeric (never synthesise a misleading 0).- rollback_
switch_ 🔒bin