How to perform unattended system upgrades?

[jokogr]

In conventional NixOS deployments there is the system.autoUpgrade option which setups a systemd timer and service which perform periodically channel upgrades and nixos-rebuild switch.

Given that nixops does not deploy the configuration to /etc/nixos (so system.autoUpgrade cannot be effectively used), is there anything else that people are using for the same purpose?

[jazmit]

+1 There are blog posts suggesting to manually copy the configuration which seems to work, but I would appreciate some opinions from the maintainers on this..

[craigem]

The only blog post I've been able to find on this issue is:

Auto-upgrade with NixOS and NixOps by Pascal Wittmann.

[asymmetric]

Why doesn’t NixOps copy the configuration.nix to /etc?

[pSub]

@craigem Does my approach work for you? My configuration has changes slightly since the post. You can find the current version here. However my auto-upgrade is currently was broken, because I use deployment in a module that is required. The filterAttrs has no chance of sorting that out. By the way the issue NixOS/nixpkgs#28527 I mention in my config seems to be resolved in nixpkgs master.

@asymmetric I guess because there is more to it than just copying that file. Look at my configuration for a tast. My approach serves most of my needs but I doubt that it works for everyone.

[MelleB]

My hacky work-around is the following 2 lines in my configuration.nix:

environment.etc."nixos/configuration.nix".text = builtins.readFile "/full/path/to/configuration.nix";
environment.etc."nixos/hardware-configuration.nix".text = builtins.readFile "/full/path/to/hardware-configuration.nix";

Hope that helps someone.

[pSub]

@MelleB Do you copy configuration.nix manually to the server? Or how is full/path/to/configuration.nix realized? The nice thing about my approach is that no manual intervention is needed.

[asymmetric]

@pSub which specific parts of your config are you referring to? Is it this one?

[pSub]

@asymmetric Yes, but you need the activation script and nixos-upgrade-path too. This should be all you need besides the standard nixos-upgrade options.
This copies all configuration files (except the keys and passwords) into /etc/nixos/current. The configuration.nix uses the server attribute from the nixops deployment configuration and removes deployment attributes and requires that have deployment in their filename. This is needed because nixos-rebuild does not know about the deployment attribute.
I hope this makes sense.

[aanderse]

Maybe I'm missing something... but if you want automatic upgrades on nixops why wouldn't you just make a job that runs nixops deploy on the nixops master server? 🤷‍♂️

[benley]

Maybe I'm missing something... but if you want automatic upgrades on nixops why wouldn't you just make a job that runs nixops deploy on the nixops master server?

That doesn't really work if you run nixops from a laptop, or a workstation that's not always online. It's not a workflow I'd recommend for Real World Business Use, but I suspect it's a common scenario for individual users and SOHO deployments.