Add ringtail post-deploy maintenance: kernel check, generation pruning, GC
Update manage-lockfile doc with post-deploy steps (kernel update detection, reboot guidance, generation pruning). Add prune-ringtail-generations mise task that keeps the 5 most recent generations plus the most recent one matching the booted kernel for safe rollback. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
a5b33591d3
commit
66a47738dd
3 changed files with 204 additions and 3 deletions
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title: Manage Ringtail Lockfile
|
||||
modified: 2026-02-22
|
||||
modified: 2026-03-27
|
||||
tags:
|
||||
- how-to
|
||||
- ringtail
|
||||
|
|
@ -16,23 +16,57 @@ Two [[dagger]] pipelines manage the ringtail NixOS flake lockfile (`nixos/ringta
|
|||
To pull the latest versions of all flake inputs (equivalent to `nix flake update`):
|
||||
|
||||
```fish
|
||||
# Update flake.lock
|
||||
# 1. Update flake.lock
|
||||
dagger call flake-update --src=. --flake-path=nixos/ringtail \
|
||||
export --path=nixos/ringtail/flake.lock
|
||||
|
||||
# Commit, push, then deploy
|
||||
# 2. Commit, push, then deploy
|
||||
git add nixos/ringtail/flake.lock
|
||||
git commit -m "Update ringtail flake inputs"
|
||||
git push
|
||||
mise run provision-ringtail
|
||||
```
|
||||
|
||||
After deploying, continue with [post-deploy maintenance](#post-deploy-maintenance).
|
||||
|
||||
## Lock New Inputs Only
|
||||
|
||||
`mise run provision-ringtail` automatically runs `flake-lock` before deploying. This resolves any newly added inputs without upgrading existing ones (equivalent to `nix flake lock`). If the lockfile changes, the task stages the file and exits — commit, push, and re-run.
|
||||
|
||||
This is the right behavior for provisioning: configuration changes that add a new input get locked, but existing inputs stay pinned until explicitly updated.
|
||||
|
||||
## Post-Deploy Maintenance
|
||||
|
||||
After `provision-ringtail` completes (whether from a full update or a config change), perform these steps.
|
||||
|
||||
### Check for Kernel Update
|
||||
|
||||
Compare the booted kernel against the one in the current system profile:
|
||||
|
||||
```fish
|
||||
ssh ringtail 'echo "Booted: $(uname -r)"; echo "Staged: $(readlink /run/current-system/kernel | grep -oP "linux-\K[^/]+")"'
|
||||
```
|
||||
|
||||
If they differ, a reboot is needed for the new kernel to take effect. Reboot at a convenient time:
|
||||
|
||||
```fish
|
||||
ssh ringtail 'sudo reboot'
|
||||
```
|
||||
|
||||
> **AI agents:** Do not reboot automatically. Inform the user that a kernel update is pending and suggest they reboot when convenient.
|
||||
|
||||
### Prune Old Generations and Garbage Collect
|
||||
|
||||
Old NixOS system generations accumulate over time. The `prune-ringtail-generations` task handles pruning and garbage collection together:
|
||||
|
||||
```fish
|
||||
mise run prune-ringtail-generations # keep 5 most recent + kernel-safe gen
|
||||
mise run prune-ringtail-generations --dry-run # preview only
|
||||
mise run prune-ringtail-generations --keep 3 # keep fewer generations
|
||||
```
|
||||
|
||||
The task keeps the 5 most recent generations plus the most recent generation whose kernel matches the currently **booted** kernel — this preserves a rollback target that won't require a reboot. After pruning, it runs `nix-collect-garbage` to free unreferenced store paths.
|
||||
|
||||
## Related
|
||||
|
||||
- [[ringtail]] — Host reference
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue