From a32613ece4d2593a71683d3c8b2c8ab39a84e9a4 Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Thu, 28 Dec 2023 12:14:58 +0400
Subject: [PATCH] nixos-upgrade.serviceConfig.ExecCondition on /etc/nixos
 changes

---
 configuration.nix | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 07d4893..3f21c60 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -88,13 +88,27 @@
     allowReboot = config.selfprivacy.autoUpgrade.allowReboot;
     # TODO get attribute name from selfprivacy options
     flake = "/etc/nixos#default";
+    flags = [ "--verbose" "--print-build-logs" ];
   };
   systemd.services.nixos-upgrade.serviceConfig.WorkingDirectory = "/etc/nixos";
   # TODO parameterize URL somehow; run nix flake update as non-root user
-  systemd.services.nixos-upgrade.serviceConfig.ExecStartPre = ''
-    ${config.nix.package.out}/bin/nix flake update \
-    --override-input selfprivacy-nixos-config git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes
-  '';
+  systemd.services.nixos-upgrade.serviceConfig.ExecCondition =
+    pkgs.writeShellScript "flake-update-script" ''
+      set -o xtrace
+      if ${config.nix.package.out}/bin/nix flake update \
+      --override-input selfprivacy-nixos-config git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes
+      then
+          if ${pkgs.diffutils}/bin/diff -u -r /etc/selfprivacy/nixos-config-source/ /etc/nixos/
+          then
+              set +o xtrace
+              echo "No configuration changes detected. Nothing to upgrade."
+              exit 1
+          fi
+      else
+          # ExecStart must not start after 255 exit code, service must fail.
+          exit 255
+      fi
+    '';
   nix = {
     channel.enable = false;