Our review
Upgrades NixOS to a new stable release version by updating version-pinned flake inputs and handling breaking changes.
Strengths
- Automates research of breaking changes and release notes.
- Provides a structured upgrade plan with clear steps.
- Lists specific files and commands for safe upgrade.
- Includes easy-to-follow rollback instructions.
Limitations
- Requires user to manually review and approve the plan.
- Only works with flake-based NixOS configurations.
- Does not handle non-NixOS package upgrades outside the system.
When you need to upgrade NixOS to a new stable release and want to ensure breaking changes are addressed systematically.
When you only need to update flake.lock within the same release or upgrade individual packages without a system version change.
Security analysis
CautionThe skill performs NixOS release upgrades using bash commands that alter the system (just switch, nixos-rebuild switch). While it includes a safe check step (just check) and rollback instructions, these are powerful operations that could cause breakage if misapplied. No data exfiltration or obfuscation is present.
- •Uses just switch to apply system upgrades without explicit user confirmation per step; could break system if incorrect versions are used, though a check step is included.
Examples
Upgrade NixOS to version 25.11Upgrade my NixOS system to the new releaseI want to move from NixOS 25.05 to 25.11, please help me check breaking changes and create a plan.name: upgrade-nixos description: | This skill upgrades NixOS to a new release version (e.g., 25.05 → 25.11). Triggers: "upgrade nixos", "upgrade to new release", "update nixos version", "move to nixos 25.11", "nixos release upgrade", "upgrade system version". Researches breaking changes, updates flake inputs, guides through upgrade. Not for flake.lock updates within same release (use upgrade-flake for that).
Upgrade NixOS Release
Upgrade NixOS to a new stable release version. This involves updating version-pinned flake inputs and handling any breaking changes.
Process
-
Check current state
nixos-version nix --version -
Identify version-pinned inputs in flake/flake.nix that need updating:
nixpkgs(e.g.,nixos-25.05→nixos-25.11)home-manager(e.g.,release-25.05→release-25.11)nix-darwin(e.g.,nix-darwin-25.05→nix-darwin-25.11)stylix(e.g.,release-25.05→release-25.11)
-
Research the target release
- Use web search to find the latest stable NixOS release
- Check release notes for breaking changes relevant to this config
- Verify release branches exist for home-manager, stylix, nix-darwin
-
Identify breaking changes that affect this config:
- Scan modules for services/packages that might be affected
- Key areas: Hyprland, Docker, Steam, Secure Boot, impermanence
-
Create upgrade plan (use creating-plans skill):
- Save to
thoughts/shared/issues/NN-nixos-<version>-upgrade/plan.md - Include exact file changes with line numbers
- Include verification commands
- Include rollback instructions
- Save to
-
Execute upgrade (when user is ready):
# Edit flake/flake.nix with new versions just update # Update flake.lock just check # Build without applying (safe) just switch # Apply the upgrade -
Post-upgrade verification:
nixos-version nix --version docker --version systemctl status docker tailscaled hyprctl version
What stays pinned (don't change)
lanzaboote- explicit version pin (e.g., v0.4.2), not tied to NixOS releasesnixpkgs-unstable- always tracks unstable- Inputs that
follownixpkgs - automatically updated
Rollback
Print out the instructions to:
sudo nixos-rebuild switch --rollback
git checkout flake/flake.nix flake/flake.lock
$ARGUMENTS
Docker Compose Architect
DevOps
Designs optimized Docker Compose configurations.
Incident Postmortem Writer
DevOps
Writes structured and blameless incident postmortem reports.
Runbook Creator
DevOps
Creates clear operational runbooks for common DevOps procedures.