Nixops pinning nixpkgs

costrouc · August 21, 2018, 9:36pm

Is there a way to pin the nixpkgs used in a nixops deployment within the configuration file? (not using -I nixpkgs=<uri>)?

An issue that I have been having is that my nixops deployments depend on the NIX_PATH on the local machine I am deploying from and it often does not match the nixpkgs on the hosts that nixops deploys to. I know how to pin the nixpkgs on the nixops hosts using nix - Propagate nixpkgs checkout to NixOps machines - Stack Overflow.

environment.extraInit = "export NIX_PATH=nixpkgs=${pinnedNixpkgs}:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";

Some incomplete articles that do not show how to do it completely.

This article says how to use a url https://nix-cookbook.readthedocs.io/en/latest/faq.html#how-to-pin-nixpkgs-to-a-specific-commit-branch. This article does not show how a configuration can be used with nixops Haskell for all: NixOS in production.

How would I set nixpkgs in the nixops configuration for each machine?

Ideally I would like to have a nixpkgs.nix file as a single source of truth used for nixops deployments.

eqyiel · August 22, 2018, 12:10am

You can set nix.nixPath in the logical specification of each
machine:
https://github.com/NixOS/nixops/issues/736#issuecomment-333399151

Christopher Ostrouchov nixos1@discoursemail.com writes:

ryantm · August 22, 2018, 2:41pm

I do all my nixops commands from within a nix shell that pins nixpkgs using NIX_PATH. Here is an example shell.nix file:

let

  commitRev = "4df3426f5a5e78cef4835897a43abd9e2a092b74"; # 18.03 on 2018-08-22

  nixpkgs = builtins.fetchTarball {
    url = "https://github.com/NixOS/nixpkgs-channels/archive/${commitRev}.tar.gz";
    sha256 = "05k5mssiqxffxi45mss9wjns6k76i248rpasa48akdcriry1mp63";
  };

  pkgs = import nixpkgs { config = {}; };

in

pkgs.mkShell {

  buildInputs = [ pkgs.nixops ];

  shellHook = ''
    export NIX_PATH="nixpkgs=${nixpkgs}:."
  '';

}

Note the NIX_PATH includes the current directory, that’s necessary if you want to use <mySystem.nix> like a lot of nixops command line examples do. The shell also ensures everyone is using the same version of nixops.

This isn’t actually my whole shell.nix file, there are more details here: http://www.ryantm.com/blog/nixops-without-sharing/

costrouc · August 22, 2018, 3:01pm

Thank you @ryantm this is extremely helpful. Looks simple too

ryantm · August 22, 2018, 3:44pm

I updated my example in the previous post so that you don’t have to potentially download nixpkgs twice.

aszlig · August 24, 2018, 2:33am

You can also set the Nix path via nixops modify, like this:

$ nixops modify -I nixpkgs=... network.nix