I recently migrated a bunch of docker services onto NixOS as declarative oci-containers (podman backend). Everything works well, and podman pulled the latest images for each one on the first startup.
Now it’s been a couple weeks, and I know some of those images have updates. Is there a way to get all of them to update again? The NixOS configuration specifies the “latest” tag for each, but a nixos-rebuild doesn’t do anything here.
Do I need to deal directly with podman and update each image individually? Or is there a way to get all containers to rebuild on the latest images again?
I’m pretty new to Nix, but I migrated my ansible playbooks and a couple of scripts for managing/updating my containers for everything but the setup of the service in the NixOS configuration.
You could probably setup a simple systemd service to podman pull each image and restart periodically using Nix if you’re not too concerned about automatically updating latest containers. I prefer a bit more control to prevent inadvertent breakage due to an update…
Thanks! This is what I ended up doing, creating a systemd service/timer to periodically pull the latest image for each container.
My confusion came from the fact that I was able to specify the creation of the containers via virtualisation.oci-containers in the NixOS config, but couldn’t update them from the same source. But, in the end, pulling new images and restarting the services isn’t a big deal.