Ansible. Basically if I need to upgrade something for the first time, I write or extend an Ansible script an run those periodically.
this post was submitted on 12 Apr 2026
110 points (97.4% liked)
Selfhosted
56957 readers
324 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Snapshots and for i in $hosts;do ssh -tt "sudo apt update -y && sudo apt upgrade -y";done
For docker/k8s: argocd, helm, etc.
I have a shell script that handles all the quircks. I run it every few weeks. It does a btrfs snapshot so I can go back in case something is wrong, and after it updates Docker and Podman to the latest label.
For services not containized I have some automation to fetch the last version from internet (for example some home assistant addons that are just js files).
For the updates that are more difficult to script (or just not worth because they are very infrequent) I have a script that compares the running version with what published on their website and warns me I have a manual update.
Since most of the projecs I host have a gitub page it is relatively simple to write reusable code to do this stuff.
In general I don't trust automatic updates, there are seldom issues but they can be annoying to fix. So I just prefer to updates by hand whenever I have a few minutes free and I know I have direct access to the server in case the connection drops.
I just run watchtower in docker. It will watch all your other docker images and update them to latest version automatically if you want.
It works fine but with time, I stopped thinking i need to be on latest version all the time. It really isnt very important.
Just a few of my services are open on the internet, mainly caddy and wireguard.
load more comments
(1 replies)
Proxmox helper scripts - at least the ones i use - come with a tag updateable. Those tagged have a command update that runs everything necessary on containers, VMs whatever.
Makes life simple, mostly.
The only manual interaction I’ve had was upgrading some VMs Debian from 12 to 13.
I'd definitely go with Renovate + ArgoCD, or any other GitOps-based tooling.
Portainer for container images
Bash script for everything else.
Unattended upgrades 11 months out of the year.
Very attended apt upgrades 2 weeks out of the year.
Renovate couple with FluxCD if you're in k8s land, or noco-cd if you're on docker. GitOps is the way.
I use dockhand right now, but I used to just use compose pull
- Avoid anything with bad supply chains that fail iso27002
- Yum via cron
- Huh. That's all of it.