diff --git a/flake.nix b/flake.nix
index 69829dee..2bee64b7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -215,7 +215,7 @@
         meta = {
           nixpkgs = pkgsFor defaultSystem;
           nodeNixpkgs = nixpkgs.lib.mapAttrs (name: pkgsFor) overrideSystem;
-          specialArgs = { inherit inputs; };
+          specialArgs = { inherit self inputs; };
         };
       });
 
diff --git a/profiles/base.nix b/profiles/base.nix
index 568b9091..62aaa0b7 100644
--- a/profiles/base.nix
+++ b/profiles/base.nix
@@ -1,11 +1,29 @@
-{ pkgs, lib, inputs, config, ... }:
+{ self, pkgs, lib, inputs, config, ... }:
 
 let
   secretsDir = inputs.self + "/secrets";
   hostKeyFile = secretsDir + "/host-keys/${config.networking.hostName}.pub";
+  variant_id =
+    if config.system.nixos.variant_id != null then
+      config.system.nixos.variant_id
+    else
+      "ocf";
+  gitRev =
+    if (self ? shortRev ) then
+      self.shortRev
+    else if (self ? dirtyShortRev) then
+      self.dirtyShortRev
+    else "nullrev";
 in
 
 {
+  system.configurationRevision = gitRev;
+  # we do not include self.lastModifiedDate since:
+  # - the bootloader menu already includes "built on"
+  # - date can be checked from the revision hash with an extra step
+  # - label is much shorter without the date
+  system.nixos.label = "${variant_id}.${gitRev}.${config.system.nixos.version}";
+
   nix = {
     channel.enable = false;
     registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
diff --git a/profiles/desktop.nix b/profiles/desktop.nix
index 9fdb88be..0cf44725 100644
--- a/profiles/desktop.nix
+++ b/profiles/desktop.nix
@@ -17,6 +17,7 @@ in
 
   # Colmena tagging
   deployment.tags = [ "desktop" ];
+  system.nixos.variant_id = "ocf-desktop";
 
   ocf = {
     # TODO: need ensure host keys can't be stolen by booting an external drive...