Automatic system upgrades: Difference between revisions
m →Flake-based systems: Capitalisation consistency. |
m how to fix Git "fatal: unable to auto-detect email address" |
||
| Line 77: | Line 77: | ||
</nowiki>}} | </nowiki>}} | ||
=== Git "fatal: unable to auto-detect email address" === | |||
The root user doesn't have specified the user and email in the git configuration. To fix this, you can extend the <syntaxhighlight inline lang="bash">nixos-upgrade</syntaxhighlight> service with: | |||
{{file|auto-upgrade.nix|nix|<nowiki> | |||
systemd.services.nixos-upgrade.environment = { | |||
GIT_AUTHOR_NAME = "NixOS Auto-upgrade"; | |||
GIT_AUTHOR_EMAIL = "root@<your-hostname>"; | |||
GIT_COMMITTER_NAME = "NixOS Auto-upgrade"; | |||
GIT_COMMITTER_EMAIL = "root@<your-hostname>"; | |||
}; | |||
</nowiki>}} | |||
[[Category:NixOS]] | [[Category:NixOS]] | ||
Latest revision as of 12:56, 31 March 2026
Automatic system upgrades can be used to upgrade a system regularly at a specific time. This can help to reduce the time period of applying important security patches to your running software but might also introduce some breakage in case an automatic upgrade fails. For automatic upgrades an automatic garbage collection is important to prevent full /boot and / partitions.
Configuration
Channel-based systems (default)
Most NixOS installations use channels by default. If you're unsure which you're using, check with nix-channel --list. If that returns results, you're using channels.
For channel-based systems, use this configuration:
system.autoUpgrade = {
enable = true;
flags = [
"--print-build-logs"
];
dates = "02:00";
randomizedDelaySec = "45min";
allowReboot = false; # Set to true if you want automatic reboots
};
Important: Do not use flake-specific flags with channel-based systems, as they will cause the upgrade to fail silently.
Flake-based systems
To enable unattended automatic system updates on a flake-enabled host, add following part to your configuration:
system.autoUpgrade = {
enable = true;
flake = "/path/to/flake";
flags = [
"--print-build-logs"
"--commit-lock-file" # If you want to automatically commit the updated flake.lock
];
dates = "02:00";
randomizedDelaySec = "45min";
};
Monitoring
Check that automatic system upgrades run successfully. Force an automatic system upgrade by running
# systemctl start nixos-upgrade
Check the upgrade log with
# systemctl status nixos-upgrade.service
Or, to see the full log
# journalctl -u nixos-upgrade.service
To see the status of the upgrade timer run
# systemctl status nixos-upgrade.timer
Troubleshooting
Git "repository is not owned by current user"
The flake repository directory is not owned by root (which nixos-upgrade runs as). To fix this, add the following to /root/.gitconfig:
[safe]
directory = /path/to/flakeGit "fatal: unable to auto-detect email address"
The root user doesn't have specified the user and email in the git configuration. To fix this, you can extend the nixos-upgrade service with:
systemd.services.nixos-upgrade.environment = {
GIT_AUTHOR_NAME = "NixOS Auto-upgrade";
GIT_AUTHOR_EMAIL = "root@<your-hostname>";
GIT_COMMITTER_NAME = "NixOS Auto-upgrade";
GIT_COMMITTER_EMAIL = "root@<your-hostname>";
};