diff --git a/.forgejo/workflows/eval-nodes.yaml b/.forgejo/workflows/eval-nodes.yaml index 87ed659..6fad666 100644 --- a/.forgejo/workflows/eval-nodes.yaml +++ b/.forgejo/workflows/eval-nodes.yaml @@ -7,6 +7,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: Jaccess01 + NIX_SHOW_STATS: 1 name: Eval Jaccess01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -26,6 +27,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: Jaccess04 + NIX_SHOW_STATS: 1 name: Eval Jaccess04 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -45,6 +47,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: ap01 + NIX_SHOW_STATS: 1 name: Eval ap01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -64,6 +67,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: bridge01 + NIX_SHOW_STATS: 1 name: Eval bridge01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -83,6 +87,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: build01 + NIX_SHOW_STATS: 1 name: Eval build01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -102,6 +107,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: cof02 + NIX_SHOW_STATS: 1 name: Eval cof02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -121,6 +127,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: compute01 + NIX_SHOW_STATS: 1 name: Eval compute01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -140,6 +147,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: geo01 + NIX_SHOW_STATS: 1 name: Eval geo01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -159,6 +167,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: geo02 + NIX_SHOW_STATS: 1 name: Eval geo02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -178,6 +187,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor01 + NIX_SHOW_STATS: 1 name: Eval hypervisor01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -197,6 +207,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor02 + NIX_SHOW_STATS: 1 name: Eval hypervisor02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -216,6 +227,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor03 + NIX_SHOW_STATS: 1 name: Eval hypervisor03 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -235,6 +247,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: iso + NIX_SHOW_STATS: 1 name: Eval iso run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -254,6 +267,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: krz01 + NIX_SHOW_STATS: 1 name: Eval krz01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -273,6 +287,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: lab-router01 + NIX_SHOW_STATS: 1 name: Eval lab-router01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -292,6 +307,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: netcore01 + NIX_SHOW_STATS: 1 name: Eval netcore01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -311,6 +327,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: netcore02 + NIX_SHOW_STATS: 1 name: Eval netcore02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -330,6 +347,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: rescue01 + NIX_SHOW_STATS: 1 name: Eval rescue01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -349,6 +367,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: storage01 + NIX_SHOW_STATS: 1 name: Eval storage01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -368,6 +387,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: tower01 + NIX_SHOW_STATS: 1 name: Eval tower01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -387,6 +407,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: vault01 + NIX_SHOW_STATS: 1 name: Eval vault01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -406,6 +427,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: web01 + NIX_SHOW_STATS: 1 name: Eval web01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -425,6 +447,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: web02 + NIX_SHOW_STATS: 1 name: Eval web02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -444,6 +467,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: web03 + NIX_SHOW_STATS: 1 name: Eval web03 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -463,6 +487,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: zulip01 + NIX_SHOW_STATS: 1 name: Eval zulip01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" diff --git a/REUSE.toml b/REUSE.toml index c25eb47..bd72fbd 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -38,7 +38,7 @@ precedence = "closest" [[annotations]] SPDX-FileCopyrightText = "2024 Lubin Bailly " SPDX-License-Identifier = "EUPL-1.2" -path = ["modules/nixos/extranix/0001-revert-don-t-parse-md-in-js.patch", "modules/nixos/extranix/0002-chore-remove-useless-dependencies.patch", "modules/nixos/extranix/0003-feat-separate-HTML-description-of-MD-description.patch", "modules/nixos/extranix/0004-fix-indentation-of-ul.patch", "modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch", "patches/nixpkgs/02-action-validator.patch", "machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch"] +path = ["modules/nixos/extranix/0001-revert-don-t-parse-md-in-js.patch", "modules/nixos/extranix/0002-chore-remove-useless-dependencies.patch", "modules/nixos/extranix/0003-feat-separate-HTML-description-of-MD-description.patch", "modules/nixos/extranix/0004-fix-indentation-of-ul.patch", "modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch", "patches/nixpkgs/02-action-validator.patch", "machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch", "patches/nixpkgs/06-netbird-dashboard.patch"] precedence = "closest" [[annotations]] diff --git a/default.nix b/default.nix index 8e71ffc..9ffad4c 100644 --- a/default.nix +++ b/default.nix @@ -154,6 +154,7 @@ let "modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch" "patches/nixpkgs/02-action-validator.patch" "machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch" + "patches/nixpkgs/06-netbird-dashboard.patch" ]; copyright = "2024 Lubin Bailly "; } diff --git a/lon.lock b/lon.lock index ce5a97d..abd1235 100644 --- a/lon.lock +++ b/lon.lock @@ -135,20 +135,20 @@ "type": "Git", "fetchType": "git", "branch": "main", - "revision": "d169c092fc28838a253be136d17fe7de1292c728", + "revision": "ee0655240270480d7f6063dcf12ec47f04d2ded6", "url": "https://git.lix.systems/lix-project/lix.git", - "hash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=", - "lastModified": 1743274305, + "hash": "sha256-DDhns3NS6L5OlYR0mSX03I5D7uGLyyd3MZegd1wTCyc=", + "lastModified": 1749682763, "submodules": false }, "lix-module": { "type": "Git", "fetchType": "git", "branch": "main", - "revision": "fa69ae26cc32dda178117b46487c2165c0e08316", + "revision": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700", "url": "https://git.lix.systems/lix-project/nixos-module.git", - "hash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=", - "lastModified": 1742945498, + "hash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=", + "lastModified": 1747667424, "submodules": false }, "lon": { @@ -195,10 +195,10 @@ "type": "Git", "fetchType": "git", "branch": "dgnum", - "revision": "0cdf222c07b9cbd49857ae046fb41ae9f651cc3f", + "revision": "44ccf96bd73c1bbbbcc849cb0f2e0d1f5f75f934", "url": "https://git.hubrecht.ovh/hubrecht/nix-modules", - "hash": "sha256-VHlkJny+t1AhZ61JOeyYM1rLa4cPEoEt/5+vqAqAJgA=", - "lastModified": 1746016692, + "hash": "sha256-mkrCWowrCje3/TuAG0eAJplrtlz1hYmusSFn93/Ccok=", + "lastModified": 1749629064, "submodules": false }, "nix-pkgs": { @@ -227,8 +227,8 @@ "owner": "NixOS", "repo": "nixpkgs", "branch": "nixos-24.05", - "revision": "b134951a4c9f", - "url": "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f.tar.gz", + "revision": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "url": "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f3c995fd7be05f3243f8ecd65d798.tar.gz", "hash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=" }, "nixos-24.11": { diff --git a/machines/nixos/build01/nix-builder.nix b/machines/nixos/build01/nix-builder.nix index 53dce67..79ff63e 100644 --- a/machines/nixos/build01/nix-builder.nix +++ b/machines/nixos/build01/nix-builder.nix @@ -69,7 +69,6 @@ # "ca-derivations" this feature is really extremely broken. "cgroups" "fetch-closure" - "impure-derivations" ]; }; }; diff --git a/patches/default.nix b/patches/default.nix index 0aeb365..0e1fce8 100644 --- a/patches/default.nix +++ b/patches/default.nix @@ -18,7 +18,6 @@ with { lix = [ (local ./lix/01-disable-installChecks.patch) - (local ./lix/02-fetchGit-locked.patch) ]; lon = [ @@ -54,7 +53,7 @@ with { (local ./nixpkgs/05-netbird-relay.patch) # netbird-dashboard: 2.9.0 -> 2.12.0 - (npr 403844 "sha256-oQUc/UEvWOdZ5IyemnZeFS5dVysblqdV9fm6t790Kms=") + (local ./nixpkgs/06-netbird-dashboard.patch) ]; "agenix" = [ diff --git a/patches/lix/02-fetchGit-locked.patch b/patches/lix/02-fetchGit-locked.patch deleted file mode 100644 index 9f97117..0000000 --- a/patches/lix/02-fetchGit-locked.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff --git i/lix/libexpr/primops/fetchTree.cc w/lix/libexpr/primops/fetchTree.cc -index 93b08ecc9..6d04ce24b 100644 ---- i/lix/libexpr/primops/fetchTree.cc -+++ w/lix/libexpr/primops/fetchTree.cc -@@ -168,6 +168,11 @@ static void fetchTree( - "attribute 'name' isn’t supported in call to 'fetchTree'" - ).atPos(pos).debugThrow(); - -+ // HACK: When using `fetchGit`, locking with only the hash should happen -+ // as we don't care about flake hallucinations about `lastModified` -+ if (type == "git" && attrs.contains("narHash")) -+ attrs["type"] = "git-locked"; -+ - input = fetchers::Input::fromAttrs(std::move(attrs)); - } else { - auto url = state.coerceToString(pos, *args[0], context, -diff --git i/lix/libfetchers/builtin-fetchers.hh w/lix/libfetchers/builtin-fetchers.hh -index d3be7f7f2..d1389b8ba 100644 ---- i/lix/libfetchers/builtin-fetchers.hh -+++ w/lix/libfetchers/builtin-fetchers.hh -@@ -10,6 +10,7 @@ std::unique_ptr makePathInputScheme(); - std::unique_ptr makeFileInputScheme(); - std::unique_ptr makeTarballInputScheme(); - std::unique_ptr makeGitInputScheme(); -+std::unique_ptr makeGitLockedInputScheme(); - std::unique_ptr makeMercurialInputScheme(); - std::unique_ptr makeGitHubInputScheme(); - std::unique_ptr makeGitLabInputScheme(); -diff --git i/lix/libfetchers/fetchers.cc w/lix/libfetchers/fetchers.cc -index 0dc9f5e0c..91cd9332d 100644 ---- i/lix/libfetchers/fetchers.cc -+++ w/lix/libfetchers/fetchers.cc -@@ -22,6 +22,7 @@ void initLibFetchers() - registerInputScheme(makeTarballInputScheme()); - registerInputScheme(makeFileInputScheme()); - registerInputScheme(makeGitInputScheme()); -+ registerInputScheme(makeGitLockedInputScheme()); - registerInputScheme(makeMercurialInputScheme()); - registerInputScheme(makeGitHubInputScheme()); - registerInputScheme(makeGitLabInputScheme()); -diff --git i/lix/libfetchers/git.cc w/lix/libfetchers/git.cc -index 21fa1904d..f9573eacd 100644 ---- i/lix/libfetchers/git.cc -+++ w/lix/libfetchers/git.cc -@@ -812,4 +812,40 @@ std::unique_ptr makeGitInputScheme() - return std::make_unique(); - } - -+struct GitLockedInputScheme : GitInputScheme { -+ -+ std::optional inputFromAttrs(const Attrs & attrs) const override -+ { -+ if (maybeGetStrAttr(attrs, "type") != "git-locked") return {}; -+ -+ for (auto & [name, value] : attrs) -+ if (name != "type" && name != "url" && name != "ref" && name != "rev" && name != "shallow" && name != "submodules" && name != "lastModified" && name != "revCount" && name != "narHash" && name != "allRefs" && name != "name" && name != "dirtyRev" && name != "dirtyShortRev") -+ throw Error("unsupported Git input attribute '%s'", name); -+ -+ parseURL(getStrAttr(attrs, "url")); -+ maybeGetBoolAttr(attrs, "shallow"); -+ maybeGetBoolAttr(attrs, "submodules"); -+ maybeGetBoolAttr(attrs, "allRefs"); -+ -+ if (auto ref = maybeGetStrAttr(attrs, "ref")) { -+ if (std::regex_search(*ref, badGitRefRegex)) -+ throw BadURL("invalid Git branch/tag name '%s'", *ref); -+ } -+ -+ Input input; -+ input.attrs = attrs; -+ return input; -+ } -+ -+ bool hasAllInfo(const Input & input) const override { -+ return true; -+ } -+ -+}; -+ -+std::unique_ptr makeGitLockedInputScheme() -+{ -+ return std::make_unique(); -+} -+ - } - diff --git a/patches/nixpkgs/06-netbird-dashboard.patch b/patches/nixpkgs/06-netbird-dashboard.patch new file mode 100644 index 0000000..35ede48 --- /dev/null +++ b/patches/nixpkgs/06-netbird-dashboard.patch @@ -0,0 +1,35 @@ +diff --git a/pkgs/by-name/ne/netbird-dashboard/package.nix b/pkgs/by-name/ne/netbird-dashboard/package.nix +index 0670d3333e6bce..fcd2f4df65fce9 100644 +--- a/pkgs/by-name/ne/netbird-dashboard/package.nix ++++ b/pkgs/by-name/ne/netbird-dashboard/package.nix +@@ -6,16 +6,16 @@ + + buildNpmPackage rec { + pname = "netbird-dashboard"; +- version = "2.9.0"; ++ version = "2.12.0"; + + src = fetchFromGitHub { + owner = "netbirdio"; + repo = "dashboard"; + rev = "v${version}"; +- hash = "sha256-PY/jK96FK6Y0++Ie4Yg/7GrGoLtLcgCSzXIkqySxe2M="; ++ hash = "sha256-AZ8vrDtpVADW8NMq/MBpYd6VSMcuFzk67UXoXdPeiPk="; + }; + +- npmDepsHash = "sha256-TELyc62l/8IaX9eL2lxRFth0AAZ4LXsV2WNzXSHRnTw="; ++ npmDepsHash = "sha256-XNAphh1zNi4enf0Mz9TUgWyZHezTuctMPTBswKO4eW8="; + npmFlags = [ "--legacy-peer-deps" ]; + + installPhase = '' +@@ -30,6 +30,9 @@ buildNpmPackage rec { + description = "NetBird Management Service Web UI Panel"; + homepage = "https://github.com/netbirdio/dashboard"; + license = licenses.bsd3; +- maintainers = with maintainers; [ ]; ++ maintainers = with maintainers; [ ++ vrifox ++ patrickdag ++ ]; + }; + } diff --git a/workflows/eval-nodes.nix b/workflows/eval-nodes.nix index acbe3f4..94f585f 100644 --- a/workflows/eval-nodes.nix +++ b/workflows/eval-nodes.nix @@ -30,7 +30,10 @@ in ''; shell = "eval-nodes"; }; - env.BUILD_NODE = node; + env = { + BUILD_NODE = node; + NIX_SHOW_STATS = 1; + }; } { name = "Build ${node}";