Nixops pinning nixpkgs


#1

Is there a way to pin the nixpkgs used in a nixops deployment within the configuration file? (not using -I nixpkgs=<uri>)?

An issue that I have been having is that my nixops deployments depend on the NIX_PATH on the local machine I am deploying from and it often does not match the nixpkgs on the hosts that nixops deploys to. I know how to pin the nixpkgs on the nixops hosts using https://stackoverflow.com/questions/47961494/propagate-nixpkgs-checkout-to-nixops-machines.

environment.extraInit = "export NIX_PATH=nixpkgs=${pinnedNixpkgs}:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";

Some incomplete articles that do not show how to do it completely.

This article says how to use a url https://nix-cookbook.readthedocs.io/en/latest/faq.html#how-to-pin-nixpkgs-to-a-specific-commit-branch. This article does not show how a configuration can be used with nixops http://www.haskellforall.com/2018/08/nixos-in-production.html.

How would I set nixpkgs in the nixops configuration for each machine?

Ideally I would like to have a nixpkgs.nix file as a single source of truth used for nixops deployments.


#2

You can set nix.nixPath in the logical specification of each
machine:

Christopher Ostrouchov nixos1@discoursemail.com writes:


#3

I do all my nixops commands from within a nix shell that pins nixpkgs using NIX_PATH. Here is an example shell.nix file:

let

  commitRev = "4df3426f5a5e78cef4835897a43abd9e2a092b74"; # 18.03 on 2018-08-22

  nixpkgs = builtins.fetchTarball {
    url = "https://github.com/NixOS/nixpkgs-channels/archive/${commitRev}.tar.gz";
    sha256 = "05k5mssiqxffxi45mss9wjns6k76i248rpasa48akdcriry1mp63";
  };

  pkgs = import nixpkgs { config = {}; };

in

pkgs.mkShell {

  buildInputs = [ pkgs.nixops ];

  shellHook = ''
    export NIX_PATH="nixpkgs=${nixpkgs}:."
  '';

}

Note the NIX_PATH includes the current directory, that’s necessary if you want to use <mySystem.nix> like a lot of nixops command line examples do. The shell also ensures everyone is using the same version of nixops.

This isn’t actually my whole shell.nix file, there are more details here: http://www.ryantm.com/blog/nixops-without-sharing/


#4

Thank you @ryantm this is extremely helpful. Looks simple too


#5

I updated my example in the previous post so that you don’t have to potentially download nixpkgs twice.


#6

You can also set the Nix path via nixops modify, like this:

$ nixops modify -I nixpkgs=... network.nix