Tired of SSH-ing into every NixOS machine to run updates? New guide on how to automate it: CI updates flake.lock daily, shows you exactly what changed per host, and machines self-upgrade after you merge. No surprises, no manual SSH.
Works also for your desktop machines.
@obale
This is really cool❤️. I always love the approach of systems fetching the state rather than us applying the state manually to each one.
I wish pushing the commit & PR part is easier like GitHub actions.
Doubt:
does the diff show for each system ?
Also checkout this cool tool if u haven't yet: https://github.com/faukah/dix
(iirc this is used under the hood of nh too)
The next steps for u might be to monitor any system fail and automatically revert the systems to older state automatically 😅
@vivekanandanks I agree. The system fetching the state is a good design choice, especially also from a security perspective.
The diff is shown for each system (host). That was one of the main motivation factors to implement the automation in the first place. It uses nvd. How does dix differ?
Forgejo may have an easier way of implementing the commit/PR logic. The overcomplications may be my fault. Will look into it and if there is an easier way, update the article.
Thank you!
Alex Oberhauser
Vivekanandan KS 
(vivek)