Pinning nixpkgs on buiding a qcow2 for OpenStack

I’m currently testing NixOS over a Cloud Provider that works with OpenStack cluster, and I’d like to customize a bit the generated qcow2 image.

For now, I’m building it with passing a parameter to nix-build specifying the path to a copy of a nix-channel I’m using while using this file as a base :

{ config, lib, pkgs, ... }:

with lib;

{
  imports =
    [
      <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
      <nixpkgs/nixos/modules/virtualisation/openstack-config.nix>
    ];

  system.build.openstackImage = import <nixpkgs/nixos/lib/make-disk-image.nix> {
    inherit lib config;
    pkgs = import <nixpkgs> { inherit (pkgs) system; };
    diskSize = 8192;
    format = "qcow2";
    configFile = pkgs.writeText "configuration.nix" (builtins.readFile ./configuration.nix);
  };
}

My goal is to select a version of nixpkgs directly from this file so I can execute the building of the qcow2 from a standalone CI. I found this solution from the NixOS Wiki but I could not understand where to do the import so my <nixpkgs> is poiting the pinned version. How could I achieve this ?

Bonus question : Is it a preferable for a headless (ssh-only) system to use the small version of the channel ?

you could also make pkgs point to a nixpkgs revision:

{ config, lib, pkgs, ... }:

let
  pkgs = import (builtins.fetchTarball {
    name = "nixos-unstable-2018-09-12";
    # Commit hash for nixos-unstable as of 2018-09-12
   url = https://github.com/nixos/nixpkgs/archive/ca2ba44cab47767c8127d1c8633e2b581644eb8f.tar.gz;
   # Hash obtained using `nix-prefetch-url --unpack <url>`
    sha256 = "1jg7g6cfpw8qvma0y19kwyp549k1qyf11a5sg6hvn6awvmkny47v";
  }) {};
in
{
  imports =
  ...

the pkgs defined in the let clause will override the one declared at the top.

config is created as part of evaluating your configuration.nix, so no pinning is needed
lib doesn’t contain any derivations, so you’re largely able to ignore pinning it (some edge cases)