FAQ/Pinning Nixpkgs: Difference between revisions

(2 intermediate revisions by 2 users not shown)

Line 1:

It is possible (and indeed, fairly easy) to pin a specific version of

Nixpkgs. This can be used to upgrade individual applications

Line 183:

Line 184:

environment.systemPackages = with pkgs; [

unstable.bind

unstable.dnsutils

vim

];

</syntaxhighlight>

Line 195:

Line 196:

services.bind.enable = true;

...

</syntaxhighlight>

Line 204:

Line 205:

users.users.named =

users.users.named = {

{ uid = config.ids.uids.bind;

uid = config.ids.uids.bind;

description = "BIND daemon user";

};

systemd.services.mybind = {

description = "BIND Domain Name Server";

unitConfig.Documentation = "man:named(8)";

after = [ "network.target" ];

wantedBy = [ "multi-user.target" ];

preStart = ''

mkdir -m 0755 -p /etc/bind

if ! [ -f "/etc/bind/rndc.key" ]; then

${pkgs.unstable.bind.out}/sbin/rndc-confgen -c /etc/bind/rndc.key -u named -a -A hmac-sha256 2>/dev/null

fi

${pkgs.coreutils}/bin/mkdir -p /run/named

chown named /run/named

'';

serviceConfig = {

ExecStart = "${pkgs.unstable.bind.out}/sbin/named -u named -4 -c /etc/bind/named.conf -f";

ExecReload = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' reload";

ExecStop = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' stop";

};

</syntaxhighlight>

Line 235:

== See also ==

- [https://nix.dev/reference/pinning-nixpkgs Pinning Nixpkgs]

* [https://nix.dev/reference/pinning-nixpkgs Pinning Nixpkgs]

* [https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs Towards Reproducibility: Pinning Nixpkgs]

- [https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs Towards Reproducibility: Pinning Nixpkgs]

* [https://nix.dev/guides/recipes/dependency-management.html Dependency Management]

- [https://nix.dev/guides/recipes/dependency-management.html Dependency Management]

@@ Line 1: / Line 1: @@
+{{FAQ/breadcrumb}}
 It is possible (and indeed, fairly easy) to pin a specific version of
 Nixpkgs. This can be used to upgrade individual applications
@@ Line 183: / Line 184: @@
 <syntaxhighlight lang="nix">
-  environment.systemPackages = with pkgs; [
+environment.systemPackages = with pkgs; [
-        unstable.bind
+  unstable.bind
-        unstable.dnsutils
+  unstable.dnsutils
-        vim
+  vim
-  ];
+];
 </syntaxhighlight>
@@ Line 195: / Line 196: @@
 <syntaxhighlight lang="nix">
- services.bind.enable = true;
+services.bind.enable = true;
- ...
+...
 </syntaxhighlight>
@@ Line 204: / Line 205: @@
 <syntaxhighlight lang="nix">
-  users.users.named =
+users.users.named = {
-      { uid = config.ids.uids.bind;
+  uid = config.ids.uids.bind;
-        description = "BIND daemon user";
+  description = "BIND daemon user";
-      };
+};
-  systemd.services.mybind = {
+systemd.services.mybind = {
-        description = "BIND Domain Name Server";
+  description = "BIND Domain Name Server";
-        unitConfig.Documentation = "man:named(8)";
+  unitConfig.Documentation = "man:named(8)";
-        after = [ "network.target" ];
+  after = [ "network.target" ];
-        wantedBy = [ "multi-user.target" ];
+  wantedBy = [ "multi-user.target" ];
-        preStart = ''
+  preStart = ''
-        mkdir -m 0755 -p /etc/bind
+    mkdir -m 0755 -p /etc/bind
-        if ! [ -f "/etc/bind/rndc.key" ]; then
+    if ! [ -f "/etc/bind/rndc.key" ]; then
-          ${pkgs.unstable.bind.out}/sbin/rndc-confgen -c /etc/bind/rndc.key -u named -a -A hmac-sha256 2>/dev/null
+      ${pkgs.unstable.bind.out}/sbin/rndc-confgen -c /etc/bind/rndc.key -u named -a -A hmac-sha256 2>/dev/null
-        fi
+    fi
-        ${pkgs.coreutils}/bin/mkdir -p /run/named
+    ${pkgs.coreutils}/bin/mkdir -p /run/named
-        chown named /run/named
+    chown named /run/named
-      '';
+  '';
-        serviceConfig = {
+  serviceConfig = {
-        ExecStart  = "${pkgs.unstable.bind.out}/sbin/named -u named -4 -c /etc/bind/named.conf -f";
+    ExecStart = "${pkgs.unstable.bind.out}/sbin/named -u named -4 -c /etc/bind/named.conf -f";
-        ExecReload = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' reload";
+    ExecReload = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' reload";
-        ExecStop   = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' stop";
+    ExecStop = "${pkgs.unstable.bind.out}/sbin/rndc -k '/etc/bind/rndc.key' stop";
-      };
+  };
 };
 </syntaxhighlight>
@@ Line 235: / Line 235: @@
 == See also ==
-- [https://nix.dev/reference/pinning-nixpkgs Pinning Nixpkgs]
+* [https://nix.dev/reference/pinning-nixpkgs Pinning Nixpkgs]
+* [https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs Towards Reproducibility: Pinning Nixpkgs]
-- [https://nix.dev/tutorials/first-steps/towards-reproducibility-pinning-nixpkgs Towards Reproducibility: Pinning Nixpkgs]
+* [https://nix.dev/guides/recipes/dependency-management.html Dependency Management]
-- [https://nix.dev/guides/recipes/dependency-management.html Dependency Management]