Help understanding Overlays


I have my Nixos system in a repository, and a flake.nix at the top level that looks like this:

# /etc/nixos/flake.nix
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
  outputs = inputs@{ self, nixpkgs, ... }: {
    nixosConfigurations.valhalla = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [ ./hosts/desktop/valhalla/configuration.nix ];
    # environment.systemPackages = [nixos-needsreboot.packages.${nixpkgs.system}.default];
    nixosConfigurations.katmai = nixpkgs.lib.nixosSystem {
      # NOTE: Change this to aarch64-linux if you are on ARM
      system = "x86_64-linux";
      modules = [ ./hosts/desktop/katmai/configuration.nix ];

So right now I have two different hosts using this, Katmai and Valhalla. I load host-specific configuration files, and those import host-specific hardware-configuration.nix files, set a few host-specific settings (like host, boot options, bind mounts) and import a bunch of other modules where I’ve split out various packages and options based on what kinds of tools are needed on each host (e.g. Office software, Desktop software, DevOps tools, etc).

This was building fine, a few days ago, but after a flake update there are two broken packages, and I also wanted to build a new version of a Jetbrains IDE, and I’m thinking I can do these as overlays?

Overlay for old packages

The broken packages are awscli2 - Build failure: awscli2 · Issue #298023 · NixOS/nixpkgs · GitHub , and vault – which I’m getting this:

warning: Git tree '/home/john/git/nixos-config' is dirty
error: hash mismatch in fixed-output derivation '/nix/store/ja3s1qlx3p23i7awymfvm7yf9h492kx7-vault-1.15.6-go-modules.drv':
         specified: sha256-SYGqlLCA7T4MhRlOVBSYnZdZ2+WuJvmmHw3MdnfoezM=
            got:    sha256-97/nNRwTJnoW1gRvWhdsO36TuLdGTX67o0oTiGMotrs=

For Jetbrains, I’ve forked the nixpkgs repo, run the pkgs/applications/editors/jetbrains/bin/update-jetbrains script, and pushed the result into my nixpkgs fork at GitHub - freelock/nixpkgs: Nix Packages collection & NixOS . I was thinking if it worked I would open a PR on the main repo – but I’m not yet getting these to work…

It looks like I might also be able to update the hash for Vault there too – but I’m not sure exactly how to verify this hash is correct, I just tried downloading the Vault release tarball for the specified release from Hashicorp’s github and running sha256sum on that, and it didn’t look like either of these values.

So… A bunch of questions:

  1. What would be a manual way I can verify a checksum for a package? It looks base64-encoded, maybe – is there a command for doing this against the source?

  2. Can I configure an input at my top level flake pointing at my github fork, and create an overlay there that will make Vault and jetbrains.phpstorm packages load from there? Can I specify a specific commit of nixpkgs for awscli2 (or I see there is now a PR fixing it – guess I can merge that into my tree) – but for future breakages, I’m wanting to know how to use a pinned version of Nixpkgs for specific packages… What exactly would this look like?

  3. Can I do all the overlays in flake.nix, or do I need to change the definitions in the specific module I’ve created that contains the package I want to override?

Published my current flake repo here: Public/nixos-config - Forgejo: Beyond coding. We forge. … would love any suggestions/feedback on my approach, if I get this dialed in I’ll probably be using it for 20+ hosts in a matter of a few weeks…