config: make configurable nixpkgs channel for images

Now we can finally easily declare the nixpkgs channel for individual images. This is nice once I've expanded the images for other purposes such as physical hosts (for homelabbing). Unfortunately, this is where I realized that stable channels are not exactly "Debian-stable" and the best way to handle security is to have an update cadence that is relatively quick.
2025-02-07 06:19:00 +00:00 · 2023-06-22 11:01:41 +08:00 · 2023-06-22 11:01:41 +08:00 · 241e2080f2
commit 241e2080f2
parent a0219f6260
4 changed files with 62 additions and 21 deletions
--- a/flake.lock
+++ b/flake.lock
@ -687,6 +687,54 @@
        "type": "github"
      }
    },
+    "nixos-stable": {
+      "locked": {
+        "lastModified": 1687288566,
+        "narHash": "sha256-VckkiJ88Gzdc2cstm0z5eFcrHbvkm4VjxavHBGssvZI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "b6c73c5fe53bb3afbf65e870541e0645e9145171",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixos-unstable": {
+      "locked": {
+        "lastModified": 1686960236,
+        "narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "04af42f3b31dba0ef742d254456dc4c14eedac86",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixos-unstable-small": {
+      "locked": {
+        "lastModified": 1687369486,
+        "narHash": "sha256-BFXrDo7yuLamfbi53voC2TrHHTKEr/LJ0P+qSP51xkg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "8b0f22dc5155e8a6d329520c27751dfb0f821d63",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1665763903,
@ -771,22 +819,6 @@
      }
    },
    "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1686921029,
-        "narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_3": {
      "locked": {
        "lastModified": 1687031877,
        "narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=",
@ -933,8 +965,10 @@
        "nix-colors": "nix-colors",
        "nix-ld": "nix-ld",
        "nixos-generators": "nixos-generators",
+        "nixos-stable": "nixos-stable",
+        "nixos-unstable": "nixos-unstable",
+        "nixos-unstable-small": "nixos-unstable-small",
        "nixpkgs": "nixpkgs_4",
-        "nixpkgs-stable": "nixpkgs-stable_2",
        "nur": "nur",
        "rust-overlay": "rust-overlay_2",
        "sops-nix": "sops-nix"
@ -988,7 +1022,7 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "nixpkgs-stable": "nixpkgs-stable_3"
+        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
        "lastModified": 1687058111,
--- a/flake.nix
+++ b/flake.nix
@ -13,7 +13,12 @@
    # `nixpkgs-unstable` branch could be faster delivering updates, it is
    # looser when it comes to stability for the entirety of this configuration.
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
+
+    # Here are the nixpkgs variants used for creating the system configuration
+    # in `mkHost`.
+    nixos-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
+    nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixos-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";

    # We're using these libraries for other functions.
    flake-utils.url = "github:numtide/flake-utils";
@ -297,6 +302,7 @@
          mkHost {
            inherit extraModules extraArgs;
            system = metadata.system or defaultSystem;
+            nixpkgs-channel = metadata.nixpkgs-channel or "nixpkgs";
          })
        images;

--- a/images.toml
+++ b/images.toml
@ -25,6 +25,7 @@ format = "vm"
 [bootstrap]
 system = "x86_64-linux"
 format = "install-iso"
+nixpkgs-channel = "nixos-unstable-small"

 [graphical-installer]
 system = "x86_64-linux"
--- a/lib/images.nix
+++ b/lib/images.nix
@ -7,8 +7,8 @@ let
 in
 {
  # A wrapper around the NixOS configuration function.
-  mkHost = { system, extraModules ? [ ], extraArgs ? { } }:
-    (lib.makeOverridable inputs.nixpkgs.lib.nixosSystem) {
+  mkHost = { system, extraModules ? [ ], extraArgs ? { }, nixpkgs-channel ? "nixpkgs" }:
+    (lib.makeOverridable inputs."${nixpkgs-channel}".lib.nixosSystem) {
      # The system of the NixOS system.
      inherit system lib;
      specialArgs = extraArgs;