My investment in learning and migrating to NixOS is and has been primarily driven by providing consistency, predictability and reliability as this is where other operating environments are failing IMHO. So far, it has been an exceptional experience in all of these but I now find myself needing to manage updates on a greater scale and want to also achieve this with the same goals, so I am really interested to discuss and learn how others use and manage updates particularly with regards to packages.
Background
Itâs probably worth explaining how I understand things to work which somehow after 2 years of using NixOS caught me by surprise, probably because I didnât really think about it fully but maybe also because looking back I was so caught up with declarative configs and immutable systems that I didnât carefully read all the documentation!
Yesterday (10Jul24) I built a test NixOS 24.05 domain (virtual machine) from a minimal ISO (nixos-minimal-24.05.1270.2819fffa7fa4-x86_64-linux.iso) and a binary cache (built 17Jun24 from the same ISO and with no updates applied). When each of these machines were built, Firefox 126.0.1 was installed using configuration.nix. The NixOS version on the test system shows as:
$ nixos-version
24.05.1270.2819fffa7fa4 (Uakari)
If I remove Firefox from configuration.nix on the test system, rebuild, reboot and then run a garbage collection, I am left with what appears to be a clean system with no Firefox. If I then add Firefox again to the configuration.nix and do another rebuild using the external substituter http://cache.nixos.org and not the binary cache. Firefox 126.0.1 is re-installed despite Firefox 127.0.2 being currently available in the NixOS 24.05 channel.
Firefox 126.0.1 seems therefore to be âpinnedâ to NixOS version 24.05.1270.2819fffa7fa4
Looking in nixpkgs using the commit hash above, I can find Firefox 126.0.1 under applications / networking / browsers / firefox.
If I do a rebuild using the nixos-rebuild --upgrade option, Firefox is then upgraded to Firefox 127.0.2. and the new NixOS version is 24.05.2580.194846768975.
So my understanding is that the version of packages _ by default _ are tied to the âminorâ version of NixOS.
I was initially concerned that upgrades within the âstableâ channel of NixOS, didnât necessarily mean that updates to applications would also stay within their own equivalent of âstableâ if the package offers such a thing until I found the following comment from @danieldk:
Hopefully I have both understood and explained this correctly, even if my explanation is somewhat simplistic.
My naive expectation
For some reason I had always expected that if I installed a package on NixOS it would install the version shown by Search for the relevant channel. 
Questions and Thoughts
I am currently reading (and re-reading) everything I can find on this topic but would be grateful for any ârecommended readingâ as there is so much out there!
- I am looking for info on when updates happen - predictable periodic cycle like the channel or ad-hoc based on flowing down from the upstream or possibly both.
- How are packages bundled into updates
- How do people know that updates are there and whatâs in them
- How do others manage updates to applications in the real world?
Summary
I find with each passing year a greater portion of my life is consumed by either doing updates or dealing with the fallout of updates. The fallout can be either re-establishing operation and integration or just finding where someone decided to move a button! So I am really keen to establish (and evolve) methods to do the best I can in this area and would value good input from anyone on this. TIA
