FAQ/Pinning Nixpkgs: Difference between revisions
imported>Onetom m Wrong channel name in ref attribute |
mNo edit summary |
||
(13 intermediate revisions by 9 users not shown) | |||
Line 3: | Line 3: | ||
separately on their own terms, and to ensure their deployability is | separately on their own terms, and to ensure their deployability is | ||
not impacted by other systems' requirements. | not impacted by other systems' requirements. | ||
Another reason why one would want to pin nixpkgs is to get older versions of a specific software. [https://lazamar.co.uk/nix-versions/ This site] can show you all the versions a package went through, and what nixpkgs revision to use to get your specific version. | |||
Note: You can <code>sudo nix-channel --remove nixpkgs</code>, but you still need a nix-channel for nixos | |||
<pre> | |||
sudo nix-channel --list | |||
nixos https://nixos.org/channels/nixos-21.05 | |||
</pre> | |||
== Nix 2.0 onwards == | == Nix 2.0 onwards == | ||
Line 13: | Line 22: | ||
name = "nixos-unstable-2018-09-12"; | name = "nixos-unstable-2018-09-12"; | ||
# Commit hash for nixos-unstable as of 2018-09-12 | # Commit hash for nixos-unstable as of 2018-09-12 | ||
url = https://github.com/nixos/nixpkgs/archive/ca2ba44cab47767c8127d1c8633e2b581644eb8f.tar.gz; | url = "https://github.com/nixos/nixpkgs/archive/ca2ba44cab47767c8127d1c8633e2b581644eb8f.tar.gz"; | ||
# Hash obtained using `nix-prefetch-url --unpack <url>` | # Hash obtained using `nix-prefetch-url --unpack <url>` | ||
sha256 = "1jg7g6cfpw8qvma0y19kwyp549k1qyf11a5sg6hvn6awvmkny47v"; | sha256 = "1jg7g6cfpw8qvma0y19kwyp549k1qyf11a5sg6hvn6awvmkny47v"; | ||
Line 25: | Line 34: | ||
# Descriptive name to make the store path easier to identify | # Descriptive name to make the store path easier to identify | ||
name = "nixos-unstable-2018-09-12"; | name = "nixos-unstable-2018-09-12"; | ||
url = https://github.com/nixos/nixpkgs/; | url = "https://github.com/nixos/nixpkgs/"; | ||
# Commit hash for nixos-unstable as of 2018-09-12 | # Commit hash for nixos-unstable as of 2018-09-12 | ||
# `git ls-remote https://github.com/nixos/nixpkgs | # `git ls-remote https://github.com/nixos/nixpkgs nixos-unstable` | ||
ref = "refs/heads/nixos-unstable"; | ref = "refs/heads/nixos-unstable"; | ||
rev = "ca2ba44cab47767c8127d1c8633e2b581644eb8f"; | rev = "ca2ba44cab47767c8127d1c8633e2b581644eb8f"; | ||
Line 61: | Line 70: | ||
pinnedPkgs = hostPkgs.fetchFromGitHub { | pinnedPkgs = hostPkgs.fetchFromGitHub { | ||
owner = "NixOS"; | owner = "NixOS"; | ||
repo = "nixpkgs | repo = "nixpkgs"; | ||
# nixos-unstable as of 2017-11-13T08:53:10-00:00 | # nixos-unstable as of 2017-11-13T08:53:10-00:00 | ||
rev = "ac355040656de04f59406ba2380a96f4124ebdad"; | rev = "ac355040656de04f59406ba2380a96f4124ebdad"; | ||
Line 81: | Line 90: | ||
$ nix-shell -p nix-prefetch-git | $ nix-shell -p nix-prefetch-git | ||
[nix-shell:~]$ nix-prefetch-git https://github.com/nixos/nixpkgs | [nix-shell:~]$ nix-prefetch-git https://github.com/nixos/nixpkgs.git refs/heads/nixos-unstable > nixpkgs-version.json | ||
... | ... | ||
Line 87: | Line 96: | ||
[nix-shell:~]$ cat nixpkgs-version.json | [nix-shell:~]$ cat nixpkgs-version.json | ||
{ | { | ||
"url": "https://github.com/nixos/nixpkgs | "url": "https://github.com/nixos/nixpkgs.git", | ||
"rev": "f607771d0f5e4fa905afff1c772febd9f3103e1a", | "rev": "f607771d0f5e4fa905afff1c772febd9f3103e1a", | ||
"date": "2018-01-09T11:18:25-05:00", | "date": "2018-01-09T11:18:25-05:00", | ||
Line 103: | Line 112: | ||
pinnedPkgs = hostPkgs.fetchFromGitHub { | pinnedPkgs = hostPkgs.fetchFromGitHub { | ||
owner = "NixOS"; | owner = "NixOS"; | ||
repo = "nixpkgs | repo = "nixpkgs"; | ||
inherit (pinnedVersion) rev sha256; | inherit (pinnedVersion) rev sha256; | ||
}; | }; | ||
Line 121: | Line 130: | ||
pinnedPkgs = hostPkgs.fetchFromGitHub { | pinnedPkgs = hostPkgs.fetchFromGitHub { | ||
owner = "NixOS"; | owner = "NixOS"; | ||
repo = "nixpkgs | repo = "nixpkgs"; | ||
inherit (pinnedVersion) rev sha256; | inherit (pinnedVersion) rev sha256; | ||
}; | }; | ||
Line 144: | Line 153: | ||
in import patchedPkgs {}; | in import patchedPkgs {}; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Pinning an unstable service == | |||
How to upgrade a single package and service to an unstable version | |||
There is probably a better way, especially once flakes come around. Some packages let you specify which <code>package</code> to run as an option but most don't. The following is a generic way that also works for those which don't. | |||
add to configuration.nix a set allowing unstable packages. | |||
This assumes a channel named <code>nixpkgs-unstable</code> exists, like so: | |||
<syntaxhighlight lang="bash"> | |||
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable | |||
nix-channel --update | |||
</syntaxhighlight> | |||
then in <code>configuration.nix</code> allow unstable packages: | |||
<syntaxhighlight lang="nix"> | |||
# Allow unstable packages. | |||
nixpkgs.config = { | |||
allowUnfree = true; | |||
packageOverrides = pkgs: { | |||
unstable = import <nixpkgs-unstable> { | |||
config = config.nixpkgs.config; | |||
}; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
This means you can now refer to unstable packages as <code>pkgs.unstable.nameofpackage</code> which is great. | |||
For example: | |||
<syntaxhighlight lang="nix"> | |||
environment.systemPackages = with pkgs; [ | |||
unstable.bind | |||
unstable.dnsutils | |||
vim | |||
]; | |||
</syntaxhighlight> | |||
This will use unstable bind and dnsutils, but the stable vim. | |||
Except bind is a service, and if you want a service....usually you just do something like: | |||
<syntaxhighlight lang="nix"> | |||
services.bind.enable = true; | |||
... | |||
</syntaxhighlight> | |||
Except services will refer to <code>pkgs.bind</code>, not <code>pkgs.unstable.bind</code> | |||
so disable services.bind and create your own: | |||
<syntaxhighlight lang="nix"> | |||
users.users.named = | |||
{ uid = config.ids.uids.bind; | |||
description = "BIND daemon user"; | |||
}; | |||
systemd.services.mybind = { | |||
description = "BIND Domain Name Server"; | |||
unitConfig.Documentation = "man:named(8)"; | |||
after = [ "network.target" ]; | |||
wantedBy = [ "multi-user.target" ]; | |||
preStart = '' | |||
mkdir -m 0755 -p /etc/bind | |||
if ! [ -f "/etc/bind/rndc.key" ]; then | |||
${pkgs.unstable.bind.out}/sbin/rndc-confgen -c /etc/bind/rndc.key -u named -a -A hmac-sha256 2>/dev/null | |||
fi | |||
${pkgs.coreutils}/bin/mkdir -p /run/named | |||
chown named /run/named | |||
''; | |||
serviceConfig = { | |||
ExecStart = "${pkgs.unstable.bind.out}/sbin/named -u named -4 -c /etc/bind/named.conf -f"; | |||
ExecReload = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' reload"; | |||
ExecStop = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' stop"; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
where all the stuff just comes from the bind services definition(which you can get from the source link on the nixos options page.) | |||
Just replace named variables, and replace <code>${pkgs.bind.out</code> with <code>${pkgs.unstable.bind.out}</code> | |||
== See also == | |||
- [https://nix.dev/reference/pinning-nixpkgs Pinning Nixpkgs] | |||
- [https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs Towards Reproducibility: Pinning Nixpkgs] | |||
- [https://nix.dev/guides/recipes/dependency-management.html Dependency Management] |