nixos/nixpkgs: add option to specify Nixpkgs source path

[rnhmjoj]

A non-breaking and (IMHO) simpler alternative to #333788 for setting the Nixpkgs versions declaratively from configuration.nix.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change (nixos-rebuild, nixos-rebuild-ng)
• Tested basic functionality of all binary files
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[thiagokokada]

I think it is better to do a scoped patch here instead:

Suggested change

	@patch(get_qualified_name(nr.process.subprocess.run), autospec=True)
	def test_build_attr_from_arg(mock_run: Any, tmp_path: Path) -> None:
	nixpkgs_path = tmp_path / "nixpkgs"
	mock_run.side_effect = [
	# with config.nixpkgs.source
	subprocess.CompletedProcess([], 0, f"\"{nixpkgs_path}\"\n"),
	# without config.nixpkgs.source
	subprocess.CompletedProcess([], 1, ""),
	]
	assert m.BuildAttr.from_arg(None, None) == m.BuildAttr(str(nixpkgs_path / "nixos"), None)
	assert m.BuildAttr.from_arg(None, None) == m.BuildAttr("<nixpkgs/nixos>", None)
	def test_build_attr_from_arg(tmp_path: Path) -> None:
	nixpkgs_path = tmp_path / "nixpkgs"
	with patch(get_qualified_name(nr.process.subprocess.run), autospec=True, return_value=subprocess.CompletedProcess([], 0, f"\"{nixpkgs_path}\"\n")):
	assert m.BuildAttr.from_arg(None, None) == m.BuildAttr(str(nixpkgs_path / "nixos"), None)
	with patch(get_qualified_name(nr.process.subprocess.run), autospec=True, return_value=subprocess.CompletedProcess([], 1, "")):
	assert m.BuildAttr.from_arg(None, None) == m.BuildAttr("<nixpkgs/nixos>", None)

[rnhmjoj]

Done, thank you!

[thiagokokada]

Can't comment too much about the change itself since I use Flakes, but at least the nixos-rebuild-ng changes looks good to me.

Left a comment about the tests mocks but this is not a merge blocker.

[amozeo]

Hey, nixpkgs.source option in nixos is an interesting approach to pin nixpkgs for a given nixos configuration. I found several issues with your implementation of it.

I cannot review changes in nixos-rebuild-ng because I am not familiar with its code.

in nixos-rebuild.sh, there is also one more instance of getting nixpkgs from nix path in line 646 (after changes). I think you forgot about that occurence.

[amozeo]

current type allows to point to a path outside of the nix store.
I don't think this was intended to allow out of store paths or any string here. Consider using lib.types.derivation, which checks if the path, or string, is a store path.

[amozeo]

it is not sufficiently described for/if flakes are used. I would remove defaultText.

[rnhmjoj]

Uhm, I'm actually not sure what happens if you use flakes. I guess it will be completely ignored.

[amozeo]

it is not sufficiently described for/if flakes are used. Consider adding what the default is, when flakes are used.

Suggested change

	is to use the `<nixpkgs>` channel.
	is to use the nixpkgs NIX_PATH, or the flake input from where you're
	using 'lib.nixosSystem'.

[amozeo]

I don't think it is necessary to link nixpkgs to system derivation. You can directly use config.nixpkgs.source in config.nix.nixPath option definition.

What if I don't want to have nixpkgs in nixPath? there is no enable/disable option for that.

config.nixpkgs ? source is not how you check if option is set or not, use options.nixpkgs.source.isDefined

Suggested change

	# Link the Nixpkgs source to the system closure
	system.extraSystemBuilderCmds = lib.mkIf (
	config.nixpkgs ? source
	) "ln -s ${config.nixpkgs.source} $out/nixpkgs";
	# Set nixpkgs in NIX_PATH if nix-channel is disabled
	nix.nixPath = lib.optional (
	config.nixpkgs ? source && !config.nix.channel.enable
	) "nixpkgs=/run/current-system/nixpkgs";
	# Set nixpkgs in NIX_PATH if nix-channel is disabled
	nix.nixPath = lib.optional (
	options.nixpkgs.source.isDefined && !config.nix.channel.enable
	) "nixpkgs=${config.nixpkgs.source}";

[amozeo]

$nixpkgsPath used here is set from an environment variable, because function that set that variable is ran after this line.

this is also true for $nixpkgsPath in line 579, 580, 582 (after changes).

[amozeo]

this function should be ran at least before the first use of $nixpkgsPath. Consider moving this and the function itself at least before the first use in line 492

[amozeo]

I don't think it is necessary to move that code from line 517 (before changes) here.
What is the purpose of moving it?

[amozeo]

I just noticed that there is option nixpkgs.flake.sources that tries to hold similar information as the option that you want to add, nixpkgs.source, maybe we want to deprecate it/change it/reuse it? doesn't look like it's used anywhere else in nixos module system except that file where is declared.

[rnhmjoj]

Hey, nixpkgs.source option in nixos is an interesting approach to pin nixpkgs for a given nixos configuration.
I found several issues with your implementation of it.

Thank you for reviewing!

in nixos-rebuild.sh, there is also one more instance of getting nixpkgs from nix path in line 646 (after changes). I think you forgot about that occurence.

Yes, I missed it because I was looking only for the angle brackets syntax.