Jump to content

Automatic system upgrades: Difference between revisions

From NixOS Wiki
Bittner (talk | contribs)
Flake-based systems: Remove deprecated flag
Bittner (talk | contribs)
Remove reference to deprecated flag in text
 
Line 21: Line 21:
</nowiki>}}
</nowiki>}}


**Important:** Do not use `--update-input` or similar flake-specific flags with channel-based systems, as they will cause the upgrade to fail silently.
<strong>Important:</strong> Do not use flake-specific flags with channel-based systems, as they will cause the upgrade to fail silently.


=== Flake-based systems ===
=== Flake-based systems ===

Latest revision as of 13:24, 30 July 2025

Automatic system upgrades can be used to upgrade a system regularly at a specific time. This can help to reduce the time period of applying important security patches to your running software but might also introduce some breakage in case an automatic upgrade fails. For automatic upgrades an automatic garbage collection is important to prevent full /boot and / partitions.

Configuration

Channel-based systems (default)

Most NixOS installations use channels by default. If you're unsure which you're using, check with `nix-channel --list`. If that returns results, you're using channels.

For channel-based systems, use this configuration:

❄︎ /etc/nixos/configuration.nix
system.autoUpgrade = {
  enable = true;
  flags = [
    "--print-build-logs"
  ];
  dates = "02:00";
  randomizedDelaySec = "45min";
  allowReboot = false;  # Set to true if you want automatic reboots
};

Important: Do not use flake-specific flags with channel-based systems, as they will cause the upgrade to fail silently.

Flake-based systems

To enable unattended automatic system updates on a flake-enabled host, add following part to your configuration:

❄︎ /etc/nixos/configuration.nix
system.autoUpgrade = {
  enable = true;
  flake = inputs.self.outPath;
  flags = [
    "--print-build-logs"
  ];
  dates = "02:00";
  randomizedDelaySec = "45min";
};

Monitoring

To see the status of the timer run

# systemctl status nixos-upgrade.timer

The upgrade log can be printed with this command

# systemctl status nixos-upgrade.service

To check if upgrades have been failing silently, examine the service logs:

# journalctl -u nixos-upgrade.service