+++
date = '2025-10-13T00:00:01+02:00'
draft = false
title = 'NixOs update workflow'
+++

I update my NixOS systems once a week, on Sundays.
Gone are the days of frantic updates on Arch Linux for a package that changes twice a day!

I start on my desktop machine by updating the repositories and freezing the versions in Git.
It’s my anchor point — the one that validates a successful update.

```
nix flake update
git add flake.lock
git commit -m "FLAKE: update"
git push origin master
```

Then I update the desktop itself, with a bit of cleanup.
I keep eight days of generations, which means I always have a complete, stable version from the previous week.

```
sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin --show-trace --keep-going
nix-collect-garbage --delete-older-than 8d
sudo nix-collect-garbage --delete-older-than 8d
```
Next comes the server.
I start by pulling the flake update, then rebuild:

```
ssh dunoz@terre-neuvas
cd nixos-config
git pull
sudo nixos-rebuild switch --flake $HOME/nixos-config#terre-neuvas --show-trace --keep-going
nix-collect-garbage --delete-older-than 8d
sudo nix-collect-garbage --delete-older-than 8d
```

## And if it breaks?

If an update goes wrong, I simply revert to the previous flake version on the desktop.

```
git revert HEAD
git push origin master
sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin
```

Then on then server:

```
git pull
sudo nixos-rebuild switch --flake $HOME/nixos-config#pennsardin
```

I could use rollback, but that would create a mismatch between the Git repository and the machines — something I don’t want.
The Git repo is the sanctuary, the one that governs everything.