Finally got this working. - Yay!
# ========================
# 🔄 About Automatic Upgrades
# ========================
# Automatically checks for and applies NixOS updates daily at 3:00 AM.
# It runs: `nixos-rebuild switch --upgrade`
#
# ✅ What it does:
# - Downloads the latest NixOS packages
# - Rebuilds your system with the new updates
# - Applies changes immediately (new software, fixes, etc.)
# - Saves a log to: /var/log/nixos-upgrade.log
#
# ⚠️ What it *doesn't* do:
# - ❌ Doesn't reboot your system — you still need to do that manually
# - ❌ Doesn't update Flatpak or home-manager apps
#
#
# Ensure logrotate state directory exists
system.activationScripts.ensureLogrotateStateDir.text = ''
mkdir -p /var/lib/logrotate
chown root:root /var/lib/logrotate
chmod 755 /var/lib/logrotate
'';
systemd.services.nixos-upgrade = {
description = "Automatic NixOS upgrade";
enable = true;
serviceConfig = {
Type = "oneshot";
Environment = [
"PATH=${pkgs.nix}/bin:${pkgs.nixos-rebuild}/bin:/run/current-system/sw/bin:/bin:/usr/bin:/usr/local/bin"
"NIX_PATH=nixpkgs=${toString <nixpkgs>}:nixos-config=/etc/nixos/configuration.nix"
];
ExecStart = "/bin/sh -c 'set -euo pipefail; /run/current-system/sw/bin/touch /var/log/nixos-upgrade.log; /run/current-system/sw/bin/chmod 644 /var/log/nixos-upgrade.log; ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --upgrade 2>&1 | /run/current-system/sw/bin/tee -a /var/log/nixos-upgrade.log'";
StandardOutput = "journal+console";
StandardError = "journal+console";
};
};
systemd.timers.nixos-upgrade = {
description = "Daily NixOS upgrade at 3 AM";
enable = true; # Ensure the service is enabled
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 03:00:00"; # Change this if 3 AM isn't a convenient time for you.
Persistent = true;
WakeSystem = true;
};
};
# ========================
# 📑 Logrotate Setup for NixOS Upgrade Logs
# Declarative, 7-Day Rotation
# ========================
# Configure logrotate declaratively
# This keeps 7 days of logs. Change "rotate 7" below to keep more or fewer days.
environment.etc."logrotate.d/nixos-upgrade".text = ''
/var/log/nixos-upgrade.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
}
'';
# Systemd timer to rotate logs daily at 3:30 AM
systemd.services.logrotate-nixos-upgrade = {
description = "Logrotate for NixOS upgrade logs";
enable = true; # Ensure the service is enabled
serviceConfig.Type = "oneshot";
serviceConfig.ExecStart = "${pkgs.logrotate}/bin/logrotate /etc/logrotate.d/nixos-upgrade --state /var/lib/logrotate/status";
};
systemd.timers.logrotate-nixos-upgrade = {
description = "Daily Logrotate for NixOS upgrade logs";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 03:30:00"; # Log rotation happens 30 minutes after the upgrade to avoid overlap.
Persistent = true;
WakeSystem = true;
};
};
# ========================
# 🗑️ Automatic System Cleanup (Garbage Collection)
# ========================
#
# This system runs a safe, automatic cleanup every Sunday at 4:00 AM.
# It removes unused system generations and outdated packages to free up space.
#
# ✅ What it does:
# - Runs: `nix-collect-garbage -d`
# - Deletes old, unused system versions (generations)
# - Frees disk space without affecting the active system
#
# ⚠️ What it doesn't do:
# - ❌ Doesn't touch the current or booted configuration
# - ❌ Doesn't reboot your machine
#
# 💡 Pro Tip:
# You can run it manually anytime:
#
# sudo nix-collect-garbage -d
#
# Safe to run regularly — it only deletes what's no longer in use.
systemd.services.nix-garbage-collect = {
description = "Weekly Nix Garbage Collection";
enable = true; # Ensure the service is enabled
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.nix}/bin/nix-collect-garbage -d";
StandardOutput = "journal";
StandardError = "journal";
};
};
systemd.timers.nix-garbage-collect = {
description = "Weekly Nix Garbage Collection Timer";
enable = true; # Ensure the service is enabled
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "Sun *-*-* 04:00:00"; # Every Sunday at 4 AM
Persistent = true;
WakeSystem = true;
};
};