BlumeOps Docs

Manage Ringtail Lockfile

2 min read

Manage Ringtail Lockfile

Two dagger pipelines manage the ringtail NixOS flake lockfile (nixos/ringtail/flake.lock) for different purposes.

Update All Inputs

To pull the latest versions of all flake inputs (equivalent to nix flake update):

# 1. Update flake.lock
dagger call flake-update --src=. --flake-path=nixos/ringtail \
    export --path=nixos/ringtail/flake.lock
 
# 2. Commit, push, then deploy
git add nixos/ringtail/flake.lock
git commit -m "Update ringtail flake inputs"
git push
mise run provision-ringtail

After deploying, continue with post-deploy maintenance.

Lock New Inputs Only

mise run provision-ringtail automatically runs flake-lock before deploying. This resolves any newly added inputs without upgrading existing ones (equivalent to nix flake lock). If the lockfile changes, the task stages the file and exits — commit, push, and re-run.

This is the right behavior for provisioning: configuration changes that add a new input get locked, but existing inputs stay pinned until explicitly updated.

Post-Deploy Maintenance

After provision-ringtail completes (whether from a full update or a config change), perform these steps.

Check for Kernel Update

Compare the booted kernel against the one in the current system profile:

ssh ringtail 'echo "Booted:  $(uname -r)"; echo "Staged:  $(readlink /run/current-system/kernel | grep -oP "linux-\K[^/]+")"'

If they differ, a reboot is needed for the new kernel to take effect. Reboot at a convenient time:

ssh ringtail 'sudo reboot'

AI agents: Do not reboot automatically. Inform the user that a kernel update is pending and suggest they reboot when convenient.

Prune Old Generations and Garbage Collect

Old NixOS system generations accumulate over time. The prune-ringtail-generations task handles pruning and garbage collection together:

mise run prune-ringtail-generations            # keep 5 most recent + kernel-safe gen
mise run prune-ringtail-generations --dry-run  # preview only
mise run prune-ringtail-generations --keep 3   # keep fewer generations

The task keeps the 5 most recent generations plus the most recent generation whose kernel matches the currently booted kernel — this preserves a rollback target that won’t require a reboot. After pruning, it runs nix-collect-garbage to free unreferenced store paths.

  • ringtail — Host reference
  • dagger — Build engine (provides both pipelines)

Graph View

Backlinks