If you want, you can write two services: one that runs as your user to update the lockfile, and one system service to rebuild the system.
However, I would not use auto-upgrade, the whole point of flakes is to have a lockfile that controls the revision of nixpkgs (or whatever other inputs) that you’re using. Auto-upgrade defeats this entire purpose, and might automatically push you into a broken revision or a revision that you don’t want to use.
That sounds like it should work. But I already tried removing the flag "--commit-lock-file" and adding the flag "--no-write-lock-file" , but it still refuses to build because it refuses to even read the repo.
I’ll play around using the self flake in the nix store instead of my repo, but I initially didn’t like that idea because I want to capture and commit the flake lock file for every good build.
I also thought auto-upgrade with flakes in git would be such a common scenario, that there would be a “proper” way of doing it, I just haven’t found it yet
I (obviously ) disagree about auto-upgrades. I think auto-upgrade is fine, because any bad upgrade can be rolled back by either booting a previous build, or reverting the lock file to a previous good commit. But that hinges on capturing the lock file on every good commit. This is for a media-PC btw, not a critical server. For an unattended or critical machine I’d be more wary of auto-upgrade
Yes auto-upgrade works after adding my repo to roots .gitignore [safe] folder.
I’m still having trouble getting the --commit-lock-file flag to work. With the flag, the update service just hangs indefinitely (no CPU utilisation). Maybe it’s waiting for interactive writing of committ message or something. I’ll try the two-step approach suggested by waffle.
For future reference, --commit-lock-file was not working because the current flakes.lock file in the working tree differed from the latest committed flake.lock file. (i.e. flake.lock was ‘dirty’) . That might be a bug; i’m not sure why the process hung indefinitely instead of failing.
After committing the dirt flake.lock, the auto-upgrade worked, including updateing and committing new flake.lock file