`packageOverrides` with NixOps

Hi all,

I’m trying to use a package from 20.09 in a 20.03 deployment via NixOps. I have this in the machine configuration:

{ config, pkgs, ... }: let
  unstable = import (pkgs.fetchFromGitHub {
    owner = "NixOS";
    repo = "nixpkgs";
    rev = "nixos-20.09";
    sha256 = "1jrn6prplav0knaj859qqwg0l6mcyiv5yjd567hpgm4bi9hy1nxg";
  }) {};
in {


  nixpkgs.config = {
    packageOverrides = pkgs: {
      lego = unstable.lego;
  environment.systemPackages = [ pkgs.lego ];



This works perfectly in a normal NixOS machine (built through nixos-install), i.e. I get the lego at version 3.8.0. It has no effect if the machine is deployed via NixOps though, the lego there is 3.3.0, i.e. the one from 20.03.

Any idea why this is?

Am I doing anything wrong in my attempt to override the lego package?

(The end goal is to have the lego package used by security.acme.*, so I don’t think that simply installing via unstable.lego instead of pkgs.lego will cut it.)


Edit: Forgot to mention - I’m using NixOps 2.0 (6fc9ca59a93907aef9fbf74a4815c01282b535c5).

I ended up using network.nixpkgs from this change which is in current master of NixOps.

  network.nixpkgs = import <nixpkgs> { config = {
    packageOverrides = pkgs: let
      unstable = import (fetchTarball ...) { };
    in {
      lego = unstable.lego;
  }; };

This overrides the lego package for all machines, which works for me for the time being.

It seems to be undocumented as of now and might be subject to change considering this open issue, but given that ATM I’ve pinned the NixOps version it works for me.

@grahamc, @adisbladis, I will greatly appreciate if you can shine some light on what’s the long term plan with this. Thanks!