nixos/nixpkgs: add option to specify Nixpkgs source path #373201
Conversation
github-actions
bot
added
6.topic: nixos
There was a problem hiding this comment.
Hey, nixpkgs.source option in nixos is an interesting approach to pin nixpkgs for a given nixos configuration. I found several issues with your implementation of it.
I cannot review changes in nixos-rebuild-ng because I am not familiar with its code.
in nixos-rebuild.sh, there is also one more instance of getting nixpkgs from nix path in line 646 (after changes). I think you forgot about that occurence.
|
I just noticed that there is option |
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
from
bd5f609 to
e2076cf
Compare
Thank you for reviewing!
Yes, I missed it because I was looking only for the angle brackets syntax. |
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
4 times, most recently
from
f4152b0 to
2c1cfe0
Compare
I think we should unify the two options. |
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
from
2c1cfe0 to
9c91df5
Compare
|
I made an attempt to unify flakes and non-flakes options in 0fca667. The flake part is completely untested for now. |
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
from
9c91df5 to
887facb
Compare
amozeo
added
the
12.approvals: 1
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
2 times, most recently
from
03adbc7 to
b233775
Compare
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
from
b233775 to
5252286
Compare
wegank
removed
the
12.approvals: 1
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
2 times, most recently
from
b119c71 to
61e4dbe
Compare
ofborg
bot
added
the
2.status: merge conflict
This moves the options under `nixpkgs.flake` to `nixpkgs` and generalises them to work with systems built without flakes. Specifically, nixpkgs.source now allows to pin the version of nixpkgs used by nixos-rebuild to build the system, even without flakes.
This option can be used by other NixOS modules to detect whether the system is being built from a flake.
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
from
61e4dbe to
e84a41a
Compare
ofborg
bot
removed
the
2.status: merge conflict
rnhmjoj
force-pushed
the
pr-nixpkgs-source
branch
from
e84a41a to
8247d9f
Compare
| if nixpkgsPath=$(test -n "$NIXOS_CONFIG" && runCmd nix-instantiate --eval --expr " | ||
| (import <nixpkgs/nixos> { | ||
| configuration = { | ||
| imports = [ $NIXOS_CONFIG ]; | ||
| _module.check = false; | ||
| }; | ||
| }).config.nixpkgs.source |
There was a problem hiding this comment.
I'm really not a fan of this. It's fundamentally impossible to make configuration.nix specify Nixpkgs and it be used consistently, you always end up with the same problematic cases, such as:
- A separate Nixpkgs is needed to "bootstrap" the eval, like the
<nixpkgs>here. And this is not reproducible in general. - Upgrades across Nixpkgs versions are problematic, because some module might not evaluate with both the older and newer Nixpkgs (the
_module.checkcan't ignore everything)
The real solution is to abandon the idea of "configuration.nix can reproduce the system" and switch to "system.nix/flake.nix/default.nix can reproduce the system", where that entry-point file depends on configuration.nix. That's something that Flakes got right, and it's also the direction I've indicated with #333788. This way there's none of the above problems.
There was a problem hiding this comment.
Agreed, I kinda think of the non Flakes way as legacy and so large changes specific for it shouldn't be made. Flakes is the direction a lot of things are going and just manages it a lot cleaner.
There was a problem hiding this comment.
I don't necessarily agree with that. I don't want people to have to buy into Flakes just to have an eval-reproducible system. It's very easy to make something similar work in traditional Nix, it's not a large change.
There was a problem hiding this comment.
It's fundamentally impossible to make configuration.nix specify Nixpkgs and it be used consistently
My initial proposal was to use callPackage (or similar) to fill in the arguments of configuration.nix and extract nixpkgs.source, without using evalModules. This works reliably with the only limitation that nixpkgs.source must not depend on any of the module arguments and be set directly in configuration.nix.
The real solution is to abandon the idea of "configuration.nix can reproduce the system"
Yes, but even then it's a letdown that you can't have a self-contained expression to describe a system reproducibly.
It means you'll never be able to just copy-paste, build and get the same system.
There was a problem hiding this comment.
Nah it's totally possible. With #333788, you can write a /etc/nixos/system.nix as follows:
let
nixpkgs = fetchTarball { ... };
in
import (nixpkgs + "/nixos") {
configuration = {
environment.systemPackages = [ ... ];
};
# Or if you want to have the traditional `configuration.nix`:
# configuration = ./configuration.nix;
}And nixos-rebuild switch works.
A non-breaking and (IMHO) simpler alternative to #333788 for setting the Nixpkgs versions declaratively from configuration.nix.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenixos-rebuild,nixos-rebuild-ng)Add a 👍 reaction to pull requests you find important.