Automatic system upgrades: Difference between revisions
m Added a sentence about garbage collection |
Prioritize channel-based auto-upgrade config since it's the NixOS default; clarify flake vs channel differences |
||
| Line 2: | Line 2: | ||
== Configuration == | == Configuration == | ||
=== Channel-based systems (default) === | |||
Most NixOS installations use channels by default. If you're unsure which you're using, check with `nix-channel --list`. If that returns results, you're using channels. | |||
For channel-based systems, use this configuration: | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
system.autoUpgrade = { | |||
enable = true; | |||
flags = [ | |||
"--print-build-logs" | |||
]; | |||
dates = "02:00"; | |||
randomizedDelaySec = "45min"; | |||
allowReboot = false; # Set to true if you want automatic reboots | |||
}; | |||
</nowiki>}} | |||
**Important:** Do not use `--update-input` or similar flake-specific flags with channel-based systems, as they will cause the upgrade to fail silently. | |||
=== Flake-based systems === | |||
To enable unattended automatic system updates on a flake-enabled host, add following part to your configuration: | To enable unattended automatic system updates on a flake-enabled host, add following part to your configuration: | ||
| Line 18: | Line 40: | ||
}; | }; | ||
</nowiki>}} | </nowiki>}} | ||
== Monitoring == | |||
To see the status of the timer run | To see the status of the timer run | ||
| Line 29: | Line 53: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# systemctl status nixos-upgrade.service | # systemctl status nixos-upgrade.service | ||
</syntaxhighlight> | |||
To check if upgrades have been failing silently, examine the service logs: | |||
<syntaxhighlight lang="bash"> | |||
# journalctl -u nixos-upgrade.service | |||
</syntaxhighlight> | </syntaxhighlight> | ||
[[Category:NixOS]] | [[Category:NixOS]] | ||
Revision as of 15:14, 18 July 2025
Automatic system upgrades can be used to upgrade a system regularly at a specific time. This can help to reduce the time period of applying important security patches to your running software but might also introduce some breakage in case an automatic upgrade fails. For automatic upgrades an automatic garbage collection is important to prevent full /boot and / partitions.
Configuration
Channel-based systems (default)
Most NixOS installations use channels by default. If you're unsure which you're using, check with `nix-channel --list`. If that returns results, you're using channels.
For channel-based systems, use this configuration:
system.autoUpgrade = {
enable = true;
flags = [
"--print-build-logs"
];
dates = "02:00";
randomizedDelaySec = "45min";
allowReboot = false; # Set to true if you want automatic reboots
};
- Important:** Do not use `--update-input` or similar flake-specific flags with channel-based systems, as they will cause the upgrade to fail silently.
Flake-based systems
To enable unattended automatic system updates on a flake-enabled host, add following part to your configuration:
system.autoUpgrade = {
enable = true;
flake = inputs.self.outPath;
flags = [
"--update-input"
"nixpkgs"
"--print-build-logs"
];
dates = "02:00";
randomizedDelaySec = "45min";
};
Monitoring
To see the status of the timer run
# systemctl status nixos-upgrade.timer
The upgrade log can be printed with this command
# systemctl status nixos-upgrade.service
To check if upgrades have been failing silently, examine the service logs:
# journalctl -u nixos-upgrade.service