Nix flake auto-upgrading when I don't want it to

Naed3r · October 31, 2025, 5:17am

Hello all, sorry if its a duplicate but I don’t know how to word this problem in a way thats searchable on here (or google/kagi).

My issue currently is that whenever I run a nh os switch, or nixos-rebuild switch --flake ~/nix#nixos it seems to ALWAYS pull the newest nixos channels possible. Even if I don’t do a nix flake update or pass the update flag into nh. This has been driving me up a wall recently because there are times where I don’t have the time or need to update my system, and I just want to install something new, but instead it upgrades everything it can.

My question is, is this intended behavior, or is this some weird edge case that I am running into, or is this some side effect of a configuration I am using?

You can find my flake in the following git repo: GitHub - nate-moo/nix-systems The git repo does not include the nix flake.lock because that is managed independantly on each system as to prevent this exact issue, but doesn’t seem to be. There should not be any instance of an auto-upgrade as I never intended that command to be run

It affects all 3 systems I have applied that flake to and sometimes I just don’t have the time to update my laptop when I’m in class just trying to install a new piece of software - say wireshark or a compiler.

Thanks, Nate

TLATER · October 31, 2025, 5:38am

You don’t seem to be committing flake.lock. Commit that file; I’m unsure if that by itself is enough (since I think the flake download happens before eval so it shouldn’t be invisible) but I don’t see any other major issues at a glance.

Michael-C-Buckley · October 31, 2025, 11:54am

Commit the lock is the answer. The systems won’t update unless you prompt them and the lock won’t change unless you prompt that. That is most likely your issue.

Naed3r · October 31, 2025, 3:59pm

Is there a way I can specify to not use the git repo’s non-existant lock file, and use the on-disk one? or do I have to use 3 separate flakes if I don’t want to upgrade all systems when I upgrade one in turn it updating the lock file?

TLATER · October 31, 2025, 10:02pm

Yep, that’s what you’ll have to do. I guess alternatively you could use a different nixpkgs instance for each system and explicitly nix flake update them instead of all inputs.