Next: X Window, Previous: Networking Services, Up: Services [Contents][Index]
Guix provides a service to perform unattended upgrades: periodically, the system automatically reconfigures itself from the latest Guix. Guix System has several properties that make unattended upgrades safe:
guix system
list-generations
—and you can roll back to any previous generation,
should the upgraded system fail to behave as intended;
guix system reconfigure
prevents downgrades, which makes it
immune to downgrade attacks.
To set up unattended upgrades, add an instance of
unattended-upgrade-service-type
like the one below to the list of
your operating system services:
The defaults above set up weekly upgrades: every Sunday at midnight. You do not need to provide the operating system configuration file: it uses /run/current-system/configuration.scm, which ensures it always uses your latest configuration—see provenance-service-type, for more information about this file.
There are several things that can be configured, in particular the
periodicity and services (daemons) to be restarted upon completion.
When the upgrade is successful, the service takes care of deleting
system generations older that some threshold, as per guix
system delete-generations
. See the reference below for details.
To ensure that upgrades are actually happening, you can run
guix system describe
. To investigate upgrade failures, visit
the unattended upgrade log file (see below).
This is the service type for unattended upgrades. It sets up an mcron
job (see Scheduled Job Execution) that runs guix system
reconfigure
from the latest version of the specified channels.
Its value must be a unattended-upgrade-configuration
record (see
below).
This data type represents the configuration of the unattended upgrade service. The following fields are available:
schedule
(default: "30 01 * * 0"
)This is the schedule of upgrades, expressed as a gexp containing an mcron job schedule (see mcron job specifications in GNU mcron).
channels
(default: #~%default-channels
)This gexp specifies the channels to use for the upgrade
(see Channels). By default, the tip of the official guix
channel is used.
operating-system-file
(default: "/run/current-system/configuration.scm"
)This field specifies the operating system configuration file to use. The default is to reuse the config file of the current configuration.
There are cases, though, where referring to
/run/current-system/configuration.scm is not enough, for instance
because that file refers to extra files (SSH public keys, extra
configuration files, etc.) via local-file
and similar
constructs. For those cases, we recommend something along these lines:
(unattended-upgrade-configuration
(operating-system-file
(file-append (local-file "." "config-dir" #:recursive? #t)
"/config.scm")))
The effect here is to import all of the current directory into the
store, and to refer to config.scm within that directory.
Therefore, uses of local-file
within config.scm will work
as expected. See G-Expressions, for information about
local-file
and file-append
.
operating-system-expression
(default: #f
)This field specifies an expression that evaluates to the operating
system to use for the upgrade. If no value is provided the
operating-system-file
field value is used.
(unattended-upgrade-configuration
(operating-system-expression
#~(@ (guix system install) installation-os)))
reboot?
(default: #f
)This field specifies whether the system should reboot after completing an unattended upgrade.
services-to-restart
(default: '(mcron)
)This field specifies the Shepherd services to restart when the upgrade completes.
Those services are restarted right away upon completion, as with
herd restart
, which ensures that the latest version is
running—remember that by default guix system reconfigure
only restarts services that are not currently running, which is
conservative: it minimizes disruption but leaves outdated services
running.
Use herd status
to find out candidates for restarting.
See Services, for general information about services. Common
services to restart would include ntpd
and ssh-daemon
.
By default, the mcron
service is restarted. This ensures that
the latest version of the unattended upgrade job will be used next time.
system-expiration
(default: (* 3 30 24 3600)
)This is the expiration time in seconds for system generations. System
generations older that this amount of time are deleted with
guix system delete-generations
when an upgrade completes.
Note: The unattended upgrade service does not run the garbage collector. You will probably want to set up your own mcron job to run
guix gc
periodically.
maximum-duration
(default: 3600
)Maximum duration in seconds for the upgrade; past that time, the upgrade aborts.
This is primarily useful to ensure the upgrade does not end up rebuilding or re-downloading “the world”.
log-file
(default: "/var/log/unattended-upgrade.log"
)File where unattended upgrades are logged.
Next: X Window, Previous: Networking Services, Up: Services [Contents][Index]