This is great! I wish I had something like this when we were rolling out our first use of Nix a few months ago.

I haven’t read through the whole tutorial, but one thing I wanted to share that we did with regards to pinning nixpkgs , we decided to pin a particular branch from the nixpkgs-channels repo, rather than a single commit:

builtins.fetchGit { url = https://github.com/NixOS/nixpkgs-channels; ref = "nixos-19.03"; }

Our reasoning for using this approach is that you get the relative stability of a single channel while addressing the cache issue that Gabriel Gonzalez mentions in his haskell-nix guide:

However, if you choose to go this route then you will need to set up an internal Hydra server to build and cache your project. Without an internal cache your developers will likely need to build these tools from scratch whenever your pinned nixpkgs drifts too far from the publicly cached channels. ghc in particular is very expensive to rebuild.

So, our assumption was that if you pin a specific channel, you get the benefit of the public cache for a lot longer than if you pin a specific commit. This feels like a trade-off between the stability of a specific commit and the cache of a public channel. This assumption may be incorrect, however, so if I am wrong please correct me.