feat ✨: ci pin nixpkgs

Signed-off-by: Victor Hang <vhvictorhang@gmail.com>

.github/workflows/build-anya.yaml

@@ -20,15 +20,20 @@ jobs:
           large-packages: true
           docker-images: true
           swap-storage: true
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Get Nixpkgs revision for nixfmt
+        run: |
+          # This should not be a URL, because it would allow PRs to run arbitrary code in CI!
+          url=$(jq -r .pins.nixpkgs.url npins/sources.json)
+          echo "url=$url" >> "$GITHUB_ENV"
       - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
         with:
-          nix_path: nixpkgs=channel:nixos-24.05
+          nix_path: nixpkgs=${{ env.url }}
       - uses: cachix/cachix-action@v15
         with:
           name: didactiklabs
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-      - name: Checkout code
-        uses: actions/checkout@v3
       - name: Create /etc/nixos and copy hardware config
         run: |
           sudo mkdir -p /etc/nixos

.github/workflows/build-nishinoya.yaml

@@ -20,15 +20,20 @@ jobs:
           large-packages: true
           docker-images: true
           swap-storage: true
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Get Nixpkgs revision for nixfmt
+        run: |
+          # This should not be a URL, because it would allow PRs to run arbitrary code in CI!
+          url=$(jq -r .pins.nixpkgs.url npins/sources.json)
+          echo "url=$url" >> "$GITHUB_ENV"
       - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
         with:
-          nix_path: nixpkgs=channel:nixos-24.05
+          nix_path: nixpkgs=${{ env.url }}
       - uses: cachix/cachix-action@v15
         with:
           name: didactiklabs
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-      - name: Checkout code
-        uses: actions/checkout@v3
       - name: Create /etc/nixos and copy hardware config
         run: |
           sudo mkdir -p /etc/nixos

.github/workflows/build-totoro.yaml

@@ -20,15 +20,20 @@ jobs:
           large-packages: true
           docker-images: true
           swap-storage: true
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Get Nixpkgs revision for nixfmt
+        run: |
+          # This should not be a URL, because it would allow PRs to run arbitrary code in CI!
+          url=$(jq -r .pins.nixpkgs.url npins/sources.json)
+          echo "url=$url" >> "$GITHUB_ENV"
       - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
         with:
-          nix_path: nixpkgs=channel:nixos-24.05
+          nix_path: nixpkgs=${{ env.url }}
       - uses: cachix/cachix-action@v15
         with:
           name: didactiklabs
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-      - name: Checkout code
-        uses: actions/checkout@v3
       - name: Create /etc/nixos and copy hardware config
         run: |
           sudo mkdir -p /etc/nixos

base.nix

@@ -16,7 +16,6 @@ let
       allowUnfree = true;
     };
   };
-  inherit (sources) lix-module lix;
   hostProfile = import ./profiles/${hostname} {
     inherit
       lib
@@ -41,7 +40,6 @@ in
     (import ./nixosModules/networkManager.nix { inherit lib config pkgs; })
     (import ./nixosModules/sunshine.nix { inherit lib config pkgs; })
     (import "${sources.home-manager}/nixos")
-    (import "${lix-module}/module.nix" { inherit lix; })
     hostProfile
   ];
   # Bootloader.
@@ -180,6 +178,7 @@ in
     inherit pkgs;
   };
   nix = {
+    package = pkgs.lix;
     gc = {
       automatic = true;
       dates = "weekly";