Automatic system upgrades: Difference between revisions
imported>IgorM m Added category |
→Flake-based systems: explain why --update-inputs nixpkgs doesn't work anymore and which bug to follow for resolutions. |
||
| (8 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
Automatic system upgrades can be used to upgrade a system regularly at a specific time. This can help to reduce the time period of applying important security patches to your running software but might also introduce some breakage in case an automatic upgrade fails. | Automatic system upgrades can be used to upgrade a system regularly at a specific time. This can help to reduce the time period of applying important security patches to your running software but might also introduce some breakage in case an automatic upgrade fails. For automatic upgrades an automatic [[Garbage Collection|garbage collection]] is important to prevent full <syntaxhighlight inline lang="bash">/boot</syntaxhighlight> and <syntaxhighlight inline lang="bash">/</syntaxhighlight> partitions. | ||
== Configuration == | == Configuration == | ||
=== Channel-based systems (default) === | |||
Most NixOS installations use channels by default. If you're unsure which you're using, check with <syntaxhighlight inline lang="bash">nix-channel --list</syntaxhighlight>. If that returns results, you're using channels. | |||
For channel-based systems, use this configuration: | |||
{{file|auto-upgrade.nix|nix|<nowiki> | |||
system.autoUpgrade = { | |||
enable = true; | |||
flags = [ | |||
"--print-build-logs" | |||
]; | |||
dates = "02:00"; | |||
randomizedDelaySec = "45min"; | |||
allowReboot = false; # Set to true if you want automatic reboots | |||
}; | |||
</nowiki>}} | |||
<strong>Important:</strong> Do not use flake-specific flags with channel-based systems, as they will cause the upgrade to fail silently. | |||
=== Flake-based systems === | |||
To enable unattended automatic system updates on a flake-enabled host, add following part to your configuration: | To enable unattended automatic system updates on a flake-enabled host, add following part to your configuration: | ||
{{file| | {{file|auto-upgrade.nix|nix|<nowiki> | ||
system.autoUpgrade = { | system.autoUpgrade = { | ||
enable = true; | enable = true; | ||
flake = | flake = "/path/to/flake"; | ||
flags = [ | flags = [ | ||
"-- | "--print-build-logs" | ||
"--commit-lock-file" # If you want to automatically commit the updated flake.lock | |||
"- | |||
]; | ]; | ||
dates = "02:00"; | dates = "02:00"; | ||
randomizedDelaySec = "45min"; | randomizedDelaySec = "45min"; | ||
}; | }; | ||
</nowiki>}} | </nowiki>}}Previously this page advised to set the flags <code>--update-input nixpkgs</code> to trigger updating a specific input. However that flag will just be handed through to <code>nix build</code> where it was deprecated and removed. Follow [https://github.com/NixOS/nixpkgs/issues/349734 this Bug for details and resolutions]. | ||
== Monitoring == | |||
Check that automatic system upgrades run successfully. Force an automatic system upgrade by running | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# systemctl | # systemctl start nixos-upgrade | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Check the upgrade log with | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# systemctl status nixos-upgrade.service | # systemctl status nixos-upgrade.service | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Or, to see the full log | |||
<syntaxhighlight lang="bash"> | |||
# journalctl -u nixos-upgrade.service | |||
</syntaxhighlight> | |||
To see the status of the upgrade timer run | |||
<syntaxhighlight lang="bash"> | |||
# systemctl status nixos-upgrade.timer | |||
</syntaxhighlight> | |||
== Troubleshooting == | |||
=== Git "repository is not owned by current user" === | |||
The flake repository directory is not owned by <syntaxhighlight inline lang="bash">root</syntaxhighlight> (which <syntaxhighlight inline lang="bash">nixos-upgrade</syntaxhighlight> runs as). To fix this, add the following to <syntaxhighlight inline lang="bash">/root/.gitconfig</syntaxhighlight>: | |||
{{file|/root/.gitconfig|gitconfig|<nowiki> | |||
[safe] | |||
directory = /path/to/flake | |||
</nowiki>}} | |||
=== Git "fatal: unable to auto-detect email address" === | |||
The root user doesn't have specified the user and email in the git configuration. To fix this, you can extend the <syntaxhighlight inline lang="bash">nixos-upgrade</syntaxhighlight> service with: | |||
{{file|auto-upgrade.nix|nix|<nowiki> | |||
systemd.services.nixos-upgrade.environment = { | |||
GIT_AUTHOR_NAME = "NixOS Auto-upgrade"; | |||
GIT_AUTHOR_EMAIL = "root@<your-hostname>"; | |||
GIT_COMMITTER_NAME = "NixOS Auto-upgrade"; | |||
GIT_COMMITTER_EMAIL = "root@<your-hostname>"; | |||
}; | |||
</nowiki>}} | |||
[[Category:NixOS]] | [[Category:NixOS]] | ||