2 files changed, 41 insertions, 12 deletions

diff --git a/nix2/driver.go b/nix2/driver.go
index 833e515..610baab 100644
--- a/nix2/driver.go
+++ b/nix2/driver.go
@@ -68,6 +68,10 @@ var (
 			hclspec.NewAttr("default_ipc_mode", "string", false),
 			hclspec.NewLiteral(`"private"`),
 		),
+		"default_nixpkgs": hclspec.NewDefault(
+			hclspec.NewAttr("default_nixpkgs", "string", false),
+			hclspec.NewLiteral(`"github:nixos/nixpkgs/nixos-22.05"`),
+		),
 		"allow_caps": hclspec.NewDefault(
 			hclspec.NewAttr("allow_caps", "list(string)", false),
 			hclspec.NewLiteral(capabilities.HCLSpecLiteral),
@@ -89,6 +93,7 @@ var (
 		"ipc_mode":       hclspec.NewAttr("ipc_mode", "string", false),
 		"cap_add":        hclspec.NewAttr("cap_add", "list(string)", false),
 		"cap_drop":       hclspec.NewAttr("cap_drop", "list(string)", false),
+		"nixpkgs":        hclspec.NewAttr("nixpkgs", "string", false),
 		"packages":       hclspec.NewAttr("packages", "list(string)", false),
 	})
 
@@ -153,6 +158,9 @@ type Config struct {
 	// exec-based task drivers.
 	DefaultModeIPC string `codec:"default_ipc_mode"`
 
+	// Nixpkgs flake to use
+	DefaultNixpkgs string `codec:"default_nixpkgs"`
+
 	// AllowCaps configures which Linux Capabilities are enabled for tasks
 	// running on this node.
 	AllowCaps []string `codec:"allow_caps"`
@@ -204,6 +212,9 @@ type TaskConfig struct {
 	// Must be "private" or "host" if set.
 	ModeIPC string `codec:"ipc_mode"`
 
+	// Nixpkgs flake to use
+	Nixpkgs string `codec:"nixpkgs"`
+
 	// CapAdd is a set of linux capabilities to enable.
 	CapAdd []string `codec:"cap_add"`
 
@@ -488,7 +499,19 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
 
 	user := cfg.User
 	if user == "" {
-		user = "0"
+		user = "nobody"
+	}
+
+	// Determine the nixpkgs version to use.
+	nixpkgs := driverConfig.Nixpkgs
+	if nixpkgs == "" {
+		nixpkgs = d.config.DefaultNixpkgs
+	}
+	// Use that repo for all packages not specified from a flake already.
+	for i := range driverConfig.Packages {
+		if !strings.Contains(driverConfig.Packages[i], "#") {
+			driverConfig.Packages[i] = nixpkgs + "#" + driverConfig.Packages[i]
+		}
 	}
 
 	// Prepare NixOS packages and setup a bunch of read-only mounts
@@ -498,19 +521,27 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
 		AllocID:   cfg.AllocID,
 		TaskName:  cfg.Name,
 		Timestamp: time.Now(),
-		Message:   "Building Nix packages and preparing NixOS state",
+		Message: fmt.Sprintf(
+			"Building Nix packages and preparing NixOS state (using nixpkgs from flake: %s)",
+			nixpkgs,
+		),
 		Annotations: map[string]string{
 			"packages": strings.Join(driverConfig.Packages, " "),
 		},
 	})
 	taskDirs := cfg.TaskDir()
-	systemMounts, err := prepareNixPackages(taskDirs.Dir, driverConfig.Packages)
+	systemMounts, err := prepareNixPackages(taskDirs.Dir, driverConfig.Packages, nixpkgs)
 	if err != nil {
 		return nil, nil, err
 	}
 
 	// Some files are necessary and should be taken from outside if not present already
-	for _, f := range []string{ "/etc/resolv.conf", "/etc/passwd", "/etc/nsswitch.conf" } {
+	etcpaths := []string{
+		"/etc/nsswitch.conf", // Necessary for most things
+		"/etc/passwd",        // Necessary for username/UID lookup
+		"/etc/resolv.conf",   // Necessary for DNS resolution
+	}
+	for _, f := range etcpaths {
 		if _, ok := systemMounts[f]; !ok {
 			systemMounts[f] = f
 		}
diff --git a/nix2/nix.go b/nix2/nix.go
index 7a86934..5b94065 100644
--- a/nix2/nix.go
+++ b/nix2/nix.go
@@ -2,11 +2,11 @@ package nix2
 
 import (
 	"bytes"
-	"path/filepath"
 	"encoding/json"
 	"fmt"
 	"os"
 	"os/exec"
+	"path/filepath"
 
 	"github.com/hashicorp/nomad/helper/pluginutils/hclutils"
 )
@@ -15,13 +15,13 @@ const (
 	closureNix = `
 { path }:
 let
-  nixpkgs = builtins.getFlake "github:nixos/nixpkgs/nixos-22.05";
+  nixpkgs = builtins.getFlake "%s";
   inherit (nixpkgs.legacyPackages.x86_64-linux) buildPackages;
 in buildPackages.closureInfo { rootPaths = builtins.storePath path; }
 `
 )
 
-func prepareNixPackages(taskDir string, packages []string) (hclutils.MapStrStr, error) {
+func prepareNixPackages(taskDir string, packages []string, nixpkgs string) (hclutils.MapStrStr, error) {
 	mounts := make(hclutils.MapStrStr)
 
 	profileLink := filepath.Join(taskDir, "current-profile")
@@ -31,7 +31,7 @@ func prepareNixPackages(taskDir string, packages []string) (hclutils.MapStrStr,
 	}
 
 	closureLink := filepath.Join(taskDir, "current-closure")
-	closure, err := nixBuildClosure(profileLink, closureLink)
+	closure, err := nixBuildClosure(profileLink, closureLink, nixpkgs)
 	if err != nil {
 		return nil, fmt.Errorf("Build of the flakes failed: %v", err)
 	}
@@ -59,8 +59,6 @@ func prepareNixPackages(taskDir string, packages []string) (hclutils.MapStrStr,
 		}
 	}
 
-	mounts[filepath.Join(closure, "registration")] = "/registration"
-
 	requisites, err := nixRequisites(closure)
 	if err != nil {
 		return nil, fmt.Errorf("Couldn't determine flake requisites: %v", err)
@@ -98,14 +96,14 @@ func nixBuildProfile(flakes []string, link string) (string, error) {
 	}
 }
 
-func nixBuildClosure(profile string, link string) (string, error) {
+func nixBuildClosure(profile string, link string, nixpkgs string) (string, error) {
 	cmd := exec.Command(
 		"nix",
 		"--extra-experimental-features", "nix-command",
 		"--extra-experimental-features", "flakes",
 		"build",
 		"--out-link", link,
-		"--expr", closureNix,
+		"--expr", fmt.Sprintf(closureNix, nixpkgs),
 		"--impure",
 		"--no-write-lock-file",
 		"--argstr", "path", profile)