Decouple channels

channels.nix

@@ -0,0 +1,13 @@
+let
+  nixos-20-09 = {
+    nixpkgs-channel = "nixos-20.09";
+    home-manager-channel = "home-manager-20.09";
+  };
+  unstable = {
+    nixpkgs-channel = "nixos-unstable";
+    home-manager-channel = "home-manager-master";
+  };
+in {
+  hera = nixos-20-09;
+  apollo = unstable;
+}

home-manager/machines.nix

@@ -1,9 +1,10 @@
 let
-  inherit (import (import ../nix/sources.nix).nixpkgs { }) lib;
+  inherit (import (import ../nix/sources.nix).nixos-unstable { }) lib;
   makeConfig = hostName: imports:
     { ... }: {
       imports = imports ++ [ ./roles/default.nix ];
       m-0.hostName = hostName;
+      nixpkgs.overlays = [ (_: _: (import ../channels.nix).${hostName}) ];
     };
 in {
   apollo = let

home-manager/target.nix

@@ -1,16 +1,16 @@
 let
   sources = import ../nix/sources.nix;
-  inherit (import sources.nixpkgs { }) lib pkgs;
+  inherit (import sources.nixos-unstable { }) lib pkgs;
   modes = import ./machines.nix;
-  home-manager = import "${sources.home-manager}/home-manager/home-manager.nix";
-  buildHomeManager = attr:
-    (home-manager {
+  home-manager = channel: import "${sources.${channel}}/home-manager/home-manager.nix";
+  buildHomeManager = host: mode:
+    (home-manager (import ../channels.nix).${host}.home-manager-channel {
       confPath = ../home.nix;
-      confAttr = attr;
+      confAttr = "${host}-${mode}";
     }).activationPackage;
   buildModesForHost = host: modes:
     pkgs.runCommandLocal "${host}-modes" { } ''
       mkdir $out
       ${lib.concatStringsSep "\n" (lib.mapAttrsToList (mode: config:
-        "ln -s ${buildHomeManager "${host}-${mode}"} $out/${mode}") modes)}'';
+        "ln -s ${buildHomeManager host mode} $out/${mode}") modes)}'';
 in lib.mapAttrs buildModesForHost modes

home.nix

@@ -1,5 +1,5 @@
 let
-  inherit (import (import ./nix/sources.nix).nixpkgs { }) lib;
+  inherit (import (import ./nix/sources.nix).nixos-unstable { }) lib;
   modes = import home-manager/machines.nix;
 in lib.listToAttrs (lib.flatten (lib.mapAttrsToList (host: configs:
   lib.mapAttrsToList (mode: config: {

nix/sources.json

@@ -1,5 +1,5 @@
 {
-    "home-manager": {
+    "home-manager-20.09": {
         "branch": "release-20.09",
         "description": "Manage a user environment using Nix",
         "homepage": "",
@@ -11,52 +11,76 @@
         "url": "https://github.com/nix-community/home-manager/archive/63f299b3347aea183fc5088e4d6c4a193b334a41.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
+    "home-manager-master": {
+        "branch": "master",
+        "description": "Manage a user environment using Nix",
+        "homepage": "",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "275d1b52126674764f0f3d15c73c2add511bd310",
+        "sha256": "0ci6llimysmshs6zi8nq0ynzw07g8w43avh21s1hci78mlvbf6xd",
+        "type": "tarball",
+        "url": "https://github.com/nix-community/home-manager/archive/275d1b52126674764f0f3d15c73c2add511bd310.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "kassandra": {
-        "ref": "master",
+        "branch": "master",
         "repo": "https://git.darmstadt.ccc.de/maralorn/kassandra",
         "rev": "1a0d19ce5d384e15ca64f7f043e5817cbaaf9f6d",
         "type": "git"
     },
     "kassandra2": {
-        "ref": "master",
+        "branch": "master",
         "repo": "git@hera.m-0.eu:kassandra2",
         "rev": "312a8bc1fd1ed04c6564be4db4d08b7bcdc64764",
         "type": "git"
     },
     "nix-output-monitor": {
-        "ref": "master",
+        "branch": "master",
         "repo": "git@hera.m-0.eu:nix-output-monitor",
         "rev": "5bf7534a9992d5b3f08b16b1a389d869f6f4c835",
         "type": "git"
     },
+    "nixos-20.09": {
+        "branch": "nixos-20.09",
+        "description": "Nixpkgs/NixOS branches that track the Nixpkgs/NixOS channels",
+        "homepage": null,
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "99f8282a65821f148df596ba389606e732eaf99d",
+        "sha256": "1mm4j1vjs875yzv03plng43ivny0qm09hxpn0if8g9vc849rwc2g",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/99f8282a65821f148df596ba389606e732eaf99d.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "nixos-hardware": {
         "branch": "master",
         "description": "A collection of NixOS modules covering hardware quirks.",
         "homepage": "",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "025c7a2a7efd9edf341879dbd46988d3a65a76dc",
-        "sha256": "0y7ybybsa91ny5zp1p1r1yq8i2ibsmf1p831zqyb5k4kdijw2dra",
+        "rev": "87522b29a276a4cab5718e5309aa7d74bc7de75a",
+        "sha256": "1zdky8vv7aznvmkkf53f5bm73n19a7728m33hhs8dg1psrb9lkx1",
         "type": "tarball",
-        "url": "https://github.com/nixos/nixos-hardware/archive/025c7a2a7efd9edf341879dbd46988d3a65a76dc.tar.gz",
+        "url": "https://github.com/nixos/nixos-hardware/archive/87522b29a276a4cab5718e5309aa7d74bc7de75a.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixos-mailserver": {
-        "ref": "master",
+        "branch": "master",
         "repo": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver",
         "rev": "7c06f610f15642e3664f01a51c08c64cc8835f51",
         "type": "git"
     },
-    "nixpkgs": {
-        "branch": "nixos-20.09",
+    "nixos-unstable": {
+        "branch": "nixos-unstable-small",
         "description": "Nixpkgs/NixOS branches that track the Nixpkgs/NixOS channels",
         "homepage": null,
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e34208e10033315fddf6909d3ff68e2d3cf48a23",
-        "sha256": "0ngkx5ny7bschmiwc5q9yza8fdwlc3zg47avsywwp8yn96k2cpmg",
+        "rev": "bb2a7b943917aba1c9c86f049e75a4a594040746",
+        "sha256": "10h82dl959klx3fhwvhxi5pk42jfl4ar0w7v7mbl537af916qxnw",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/e34208e10033315fddf6909d3ff68e2d3cf48a23.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/bb2a7b943917aba1c9c86f049e75a4a594040746.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs-master": {
@@ -65,10 +89,10 @@
         "homepage": null,
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "18493dab889d8afbefde6380c7b00fae3d376d3e",
-        "sha256": "1pfw1bqi5psjgxym9lf83hh26sam0d0y26n561ayb0cl1035qvrb",
+        "rev": "4d20dc5e87a79e9367b577b9263515932c87f513",
+        "sha256": "06mrwrxvsl4q5r1f534qlszs9g8lmnw3anviv35mgckpg9dml05s",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/18493dab889d8afbefde6380c7b00fae3d376d3e.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/4d20dc5e87a79e9367b577b9263515932c87f513.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "obelisk": {
@@ -94,17 +118,5 @@
         "type": "tarball",
         "url": "https://github.com/maralorn/taskwarrior-git-backend/archive/e29c4335e2cb10d6c73832dcbdf931fdc6872e94.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
-    "unstable": {
-        "branch": "nixos-unstable",
-        "description": "Nixpkgs/NixOS branches that track the Nixpkgs/NixOS channels",
-        "homepage": null,
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "296793637b22bdb4d23b479879eba0a71c132a66",
-        "sha256": "0j09yih9693w5vjx64ikfxyja1ha7pisygrwrpg3wfz3sssglg69",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/296793637b22bdb4d23b479879eba0a71c132a66.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }

nix/sources.nix

@@ -6,25 +6,33 @@ let
   # The fetchers. fetch_<type> fetches specs of type <type>.
   #
 
-  fetch_file = pkgs: spec:
-    if spec.builtin or true then
-      builtins_fetchurl { inherit (spec) url sha256; }
-    else
-      pkgs.fetchurl { inherit (spec) url sha256; };
+  fetch_file = pkgs: name: spec:
+    let
+      name' = sanitizeName name + "-src";
+    in
+      if spec.builtin or true then
+        builtins_fetchurl { inherit (spec) url sha256; name = name'; }
+      else
+        pkgs.fetchurl { inherit (spec) url sha256; name = name'; };
 
   fetch_tarball = pkgs: name: spec:
     let
-      ok = str: ! builtins.isNull (builtins.match "[a-zA-Z0-9+-._?=]" str);
-      # sanitize the name, though nix will still fail if name starts with period
-      name' = stringAsChars (x: if ! ok x then "-" else x) "${name}-src";
+      name' = sanitizeName name + "-src";
     in
       if spec.builtin or true then
         builtins_fetchTarball { name = name'; inherit (spec) url sha256; }
       else
         pkgs.fetchzip { name = name'; inherit (spec) url sha256; };
 
-  fetch_git = spec:
-    builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; };
+  fetch_git = name: spec:
+    let
+      ref =
+        if spec ? ref then spec.ref else
+          if spec ? branch then "refs/heads/${spec.branch}" else
+            if spec ? tag then "refs/tags/${spec.tag}" else
+              abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!";
+    in
+      builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; };
 
   fetch_local = spec: spec.path;
 
@@ -40,11 +48,21 @@ let
   # Various helpers
   #
 
+  # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695
+  sanitizeName = name:
+    (
+      concatMapStrings (s: if builtins.isList s then "-" else s)
+        (
+          builtins.split "[^[:alnum:]+._?=-]+"
+            ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name)
+        )
+    );
+
   # The set of packages used when specs are fetched using non-builtins.
-  mkPkgs = sources:
+  mkPkgs = sources: system:
     let
       sourcesNixpkgs =
-        import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {};
+        import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; };
       hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
       hasThisAsNixpkgsPath = <nixpkgs> == ./.;
     in
@@ -64,9 +82,9 @@ let
 
     if ! builtins.hasAttr "type" spec then
       abort "ERROR: niv spec ${name} does not have a 'type' attribute"
-    else if spec.type == "file" then fetch_file pkgs spec
+    else if spec.type == "file" then fetch_file pkgs name spec
     else if spec.type == "tarball" then fetch_tarball pkgs name spec
-    else if spec.type == "git" then fetch_git spec
+    else if spec.type == "git" then fetch_git name spec
     else if spec.type == "local" then fetch_local spec
     else if spec.type == "builtin-tarball" then fetch_builtin-tarball name
     else if spec.type == "builtin-url" then fetch_builtin-url name
@@ -98,25 +116,29 @@ let
 
   # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
   stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+  concatMapStrings = f: list: concatStrings (map f list);
   concatStrings = builtins.concatStringsSep "";
 
+  # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331
+  optionalAttrs = cond: as: if cond then as else {};
+
   # fetchTarball version that is compatible between all the versions of Nix
-  builtins_fetchTarball = { url, name, sha256 }@attrs:
+  builtins_fetchTarball = { url, name ? null, sha256 }@attrs:
     let
       inherit (builtins) lessThan nixVersion fetchTarball;
     in
       if lessThan nixVersion "1.12" then
-        fetchTarball { inherit name url; }
+        fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
       else
         fetchTarball attrs;
 
   # fetchurl version that is compatible between all the versions of Nix
-  builtins_fetchurl = { url, sha256 }@attrs:
+  builtins_fetchurl = { url, name ? null, sha256 }@attrs:
     let
       inherit (builtins) lessThan nixVersion fetchurl;
     in
       if lessThan nixVersion "1.12" then
-        fetchurl { inherit url; }
+        fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; }))
       else
         fetchurl attrs;
 
@@ -135,7 +157,8 @@ let
   mkConfig =
     { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null
     , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile)
-    , pkgs ? mkPkgs sources
+    , system ? builtins.currentSystem
+    , pkgs ? mkPkgs sources system
     }: rec {
       # The sources, i.e. the attribute set of spec name to spec
       inherit sources;

nixos/roles/admin.nix

@@ -5,7 +5,6 @@ let
 in {
   users.users = {
     maralorn = {
-      linger = true;
       description = "maralorn";
       isNormalUser = true;
       uid = 1000;

nixos/roles/default.nix

@@ -1,16 +1,15 @@
 { pkgs, config, lib, ... }: {
-  imports = [
-    ../../common
-    ./modules/laptop.nix
-    ./modules/loginctl-linger.nix
-    ./admin.nix
-  ];
+  imports = [ ../../common ./modules/laptop.nix ./admin.nix ];
 
   i18n.defaultLocale = "en_US.UTF-8";
 
   # For nixos-rebuild
-  nixpkgs.overlays = [ (_: _: { withSecrets = false; }) ]
-    ++ import ../../overlays { inherit lib; };
+  nixpkgs.overlays = [
+    (_: _:
+      {
+        withSecrets = false;
+      } // (import ../../channels.nix).${config.networking.hostName})
+  ] ++ import ../../overlays { inherit lib; };
 
   time.timeZone = "Europe/Berlin";
 
@@ -36,7 +35,9 @@
     etc = lib.mapAttrs'
       (name: value: lib.nameValuePair "nix-path/${name}" { source = value; })
       (lib.filterAttrs (name: value: name != "__functor") pkgs.sources) // {
-        "nix-path/nixos".source = pkgs.sources.nixpkgs;
+        "nix-path/nixos".source = pkgs.sources.${pkgs.nixpkgs-channel};
+        "nix-path/nixpkgs".source = pkgs.sources.${pkgs.nixpkgs-channel};
+        "nix-path/home-manager".source = pkgs.sources.${pkgs.home-manager-channel};
       };
     variables =
       lib.genAttrs [ "CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE" ]

nixos/roles/modules/loginctl-linger.nix

@@ -1,43 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# A temporary hack to `loginctl enable-linger $somebody` (for
-# multiplexer sessions to last), until this one is unresolved:
-# https://github.com/NixOS/nixpkgs/issues/3702
-#
-# Usage: `users.extraUsers.somebody.linger = true` or slt.
-
-with lib;
-
-let
-
-  dataDir = "/var/lib/systemd/linger";
-
-  lingeringUsers = map (u: u.name)
-    (attrValues (flip filterAttrs config.users.users (n: u: u.linger)));
-
-  lingeringUsersFile = builtins.toFile "lingering-users" (concatStrings (map
-    (s: ''
-      ${s}
-    '') (sort (a: b: a < b)
-    lingeringUsers))); # this sorting is important for `comm` to work correctly
-
-  updateLingering = pkgs.writeScript "update-lingering" ''
-    # Stop when the system is not running, e.g. during nixos-install
-    [[ -e /run/booted-system ]] || exit 0
-    lingering=$(ls ${dataDir} 2> /dev/null | sort)
-    echo "$lingering" | comm -3 -1 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl disable-linger
-    echo "$lingering" | comm -3 -2 ${lingeringUsersFile} - | xargs -r ${pkgs.systemd}/bin/loginctl enable-linger
-  '';
-
-in {
-  options = {
-    users.users = mkOption {
-      options = [{ linger = mkEnableOption "lingering for the user"; }];
-    };
-  };
-
-  config = {
-    system.activationScripts.update-lingering =
-      stringAfter [ "users" ] updateLingering;
-  };
-}

overlays/10-previews.nix

@@ -1,7 +1,2 @@
 self: super:
-let
-  unstable = import self.sources.unstable { };
-  nixpkgs-master = import self.sources.nixpkgs-master { };
-in {
-  inherit (unstable) gomuks syncplay;
-}
+{}

overlays/20-unfree.nix

@@ -1,7 +1,8 @@
 self: super:
 let
-  unfree = import self.sources.nixpkgs { config.allowUnfree = true; };
-  unstableUnfree = import self.sources.unstable { config.allowUnfree = true; };
-  releaseUnfree =
-    import self.sources.nixpkgs-release { config.allowUnfree = true; };
-in { inherit (unfree) discord factorio steam zoom-us skypeforlinux google-chrome; }
+  unfree = import self.sources."${self.nixpkgs-channel}" { config.allowUnfree = true; };
+  unstableUnfree =
+    import self.sources.nixos-unstable { config.allowUnfree = true; };
+in {
+  inherit (unfree) discord factorio steam zoom-us skypeforlinux google-chrome;
+}

overlays/pkgSets.nix

@@ -53,7 +53,7 @@ self: super: {
   system-pkgs = self.core-system-pkgs // self.extra-system-pkgs // {
     inherit (self) test-system-config test-home-config test-config;
     home-manager =
-      self.callPackage "${self.sources.home-manager}/home-manager" { };
+      self.callPackage "${self.sources.${self.home-manager-channel}}/home-manager" { };
   };
   foreign-home-pkgs = self.extra-system-pkgs;
 }

overlays/writeHaskellScript.nix

@@ -51,10 +51,12 @@ self: super: {
         pure . Text.dropAround ('"' ==) . decodeUtf8 . trim $ escaped
 
       myNixPath :: Text -> IO [String]
-      myNixPath path = concat <$> mapM getNivAssign ["home-manager", "nixpkgs", "unstable"]
+      myNixPath path = concat <$> mapM getNivAssign [("home-manager", "${self.home-manager-channel}"),
+                                                     ("nixpkgs", "${self.nixpkgs-channel}"),
+                                                     ("nixos-unstable", "nixos-unstable")]
         where
          tag name str = ["-I", [i|#{name :: Text}=#{str :: Text}|]] :: [String]
-         getNivAssign name = tag name <$> getNivPath path name
+         getNivAssign (name, repo) = tag name <$> getNivPath path repo
 
       buildSystemParams :: [String]
       buildSystemParams = ["<nixpkgs/nixos>", "-A", "system"]