diff --git a/.forgejo/workflows/eval-nodes.yaml b/.forgejo/workflows/eval-nodes.yaml index 87ed659..6fad666 100644 --- a/.forgejo/workflows/eval-nodes.yaml +++ b/.forgejo/workflows/eval-nodes.yaml @@ -7,6 +7,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: Jaccess01 + NIX_SHOW_STATS: 1 name: Eval Jaccess01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -26,6 +27,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: Jaccess04 + NIX_SHOW_STATS: 1 name: Eval Jaccess04 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -45,6 +47,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: ap01 + NIX_SHOW_STATS: 1 name: Eval ap01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -64,6 +67,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: bridge01 + NIX_SHOW_STATS: 1 name: Eval bridge01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -83,6 +87,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: build01 + NIX_SHOW_STATS: 1 name: Eval build01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -102,6 +107,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: cof02 + NIX_SHOW_STATS: 1 name: Eval cof02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -121,6 +127,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: compute01 + NIX_SHOW_STATS: 1 name: Eval compute01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -140,6 +147,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: geo01 + NIX_SHOW_STATS: 1 name: Eval geo01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -159,6 +167,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: geo02 + NIX_SHOW_STATS: 1 name: Eval geo02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -178,6 +187,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor01 + NIX_SHOW_STATS: 1 name: Eval hypervisor01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -197,6 +207,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor02 + NIX_SHOW_STATS: 1 name: Eval hypervisor02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -216,6 +227,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: hypervisor03 + NIX_SHOW_STATS: 1 name: Eval hypervisor03 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -235,6 +247,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: iso + NIX_SHOW_STATS: 1 name: Eval iso run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -254,6 +267,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: krz01 + NIX_SHOW_STATS: 1 name: Eval krz01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -273,6 +287,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: lab-router01 + NIX_SHOW_STATS: 1 name: Eval lab-router01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -292,6 +307,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: netcore01 + NIX_SHOW_STATS: 1 name: Eval netcore01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -311,6 +327,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: netcore02 + NIX_SHOW_STATS: 1 name: Eval netcore02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -330,6 +347,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: rescue01 + NIX_SHOW_STATS: 1 name: Eval rescue01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -349,6 +367,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: storage01 + NIX_SHOW_STATS: 1 name: Eval storage01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -368,6 +387,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: tower01 + NIX_SHOW_STATS: 1 name: Eval tower01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -387,6 +407,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: vault01 + NIX_SHOW_STATS: 1 name: Eval vault01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -406,6 +427,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: web01 + NIX_SHOW_STATS: 1 name: Eval web01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -425,6 +447,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: web02 + NIX_SHOW_STATS: 1 name: Eval web02 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -444,6 +467,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: web03 + NIX_SHOW_STATS: 1 name: Eval web03 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" @@ -463,6 +487,7 @@ jobs: - uses: actions/checkout@v3 - env: BUILD_NODE: zulip01 + NIX_SHOW_STATS: 1 name: Eval zulip01 run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'" diff --git a/.forgejo/workflows/lon-update.yaml b/.forgejo/workflows/lon-update.yaml index 22bfd66..f0e0ade 100644 --- a/.forgejo/workflows/lon-update.yaml +++ b/.forgejo/workflows/lon-update.yaml @@ -8,6 +8,7 @@ jobs: with: token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - env: + LON_LABELS: bot LON_LIST_COMMITS: true LON_TOKEN: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} LON_USER_EMAIL: admins+lon-bot@dgnum.eu diff --git a/REUSE.toml b/REUSE.toml index c25eb47..bd72fbd 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -38,7 +38,7 @@ precedence = "closest" [[annotations]] SPDX-FileCopyrightText = "2024 Lubin Bailly " SPDX-License-Identifier = "EUPL-1.2" -path = ["modules/nixos/extranix/0001-revert-don-t-parse-md-in-js.patch", "modules/nixos/extranix/0002-chore-remove-useless-dependencies.patch", "modules/nixos/extranix/0003-feat-separate-HTML-description-of-MD-description.patch", "modules/nixos/extranix/0004-fix-indentation-of-ul.patch", "modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch", "patches/nixpkgs/02-action-validator.patch", "machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch"] +path = ["modules/nixos/extranix/0001-revert-don-t-parse-md-in-js.patch", "modules/nixos/extranix/0002-chore-remove-useless-dependencies.patch", "modules/nixos/extranix/0003-feat-separate-HTML-description-of-MD-description.patch", "modules/nixos/extranix/0004-fix-indentation-of-ul.patch", "modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch", "patches/nixpkgs/02-action-validator.patch", "machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch", "patches/nixpkgs/06-netbird-dashboard.patch"] precedence = "closest" [[annotations]] diff --git a/default.nix b/default.nix index 8e71ffc..9ffad4c 100644 --- a/default.nix +++ b/default.nix @@ -154,6 +154,7 @@ let "modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch" "patches/nixpkgs/02-action-validator.patch" "machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch" + "patches/nixpkgs/06-netbird-dashboard.patch" ]; copyright = "2024 Lubin Bailly "; } diff --git a/hive.nix b/hive.nix index 03e7843..896e667 100644 --- a/hive.nix +++ b/hive.nix @@ -191,9 +191,11 @@ in # Deployment config is specified in meta.nodes.${node}.deployment inherit (nodeMeta) deployment; + # Set NIX_PATH to the patched version of nixpkgs + environment.etc.nixpkgs.source = builtins.storePath sourcePkgs.path; + nix.nixPath = [ "nixpkgs=/etc/nixpkgs" ]; + nix = { - # Set NIX_PATH to the patched version of nixpkgs - nixPath = [ "nixpkgs=${builtins.storePath sourcePkgs.path}" ]; optimise.automatic = true; gc = { diff --git a/lib/nix-patches/default.nix b/lib/nix-patches/default.nix index 5bb723e..0080942 100644 --- a/lib/nix-patches/default.nix +++ b/lib/nix-patches/default.nix @@ -71,12 +71,31 @@ rec { src, name, patches ? mkPatches name, - }: - pkgs.applyPatches { - inherit patches src; + prePatch ? null, + postPatch ? null, + ... + }@args: + if patches == [ ] && prePatch == null && postPatch == null then + src + else + pkgs.stdenvNoCC.mkDerivation ( + args + // { + name = "${name}-patched"; - name = "${name}-patched"; - }; + inherit patches prePatch postPatch; + + preferLocalBuild = true; + allowSubstitutes = true; + phases = [ + "unpackPhase" + "patchPhase" + "installPhase" + ]; + + installPhase = "cp -R . $out"; + } + ); applyPatches' = name: src: applyPatches { inherit name src; }; }; diff --git a/lon.lock b/lon.lock index 9e7b203..089e164 100644 --- a/lon.lock +++ b/lon.lock @@ -7,9 +7,9 @@ "owner": "ryantm", "repo": "agenix", "branch": "main", - "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d", - "url": "https://github.com/ryantm/agenix/archive/564595d0ad4be7277e07fa63b5a991b3c645655d.tar.gz", - "hash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=" + "revision": "4835b1dc898959d8547a871ef484930675cb47f1", + "url": "https://github.com/ryantm/agenix/archive/4835b1dc898959d8547a871ef484930675cb47f1.tar.gz", + "hash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=" }, "arkheon": { "type": "GitHub", @@ -77,9 +77,9 @@ "owner": "nix-community", "repo": "dns.nix", "branch": "master", - "revision": "a3196708a56dee76186a9415c187473b94e6cbae", - "url": "https://github.com/nix-community/dns.nix/archive/a3196708a56dee76186a9415c187473b94e6cbae.tar.gz", - "hash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=" + "revision": "96e548ae8bd44883afc5bddb9dacd0502542276d", + "url": "https://github.com/nix-community/dns.nix/archive/96e548ae8bd44883afc5bddb9dacd0502542276d.tar.gz", + "hash": "sha256-qTbv8Pm9WWF63M5Fj0Od9E54/lsbMSQUBHw/s30eFok=" }, "git-hooks": { "type": "GitHub", @@ -87,9 +87,9 @@ "owner": "cachix", "repo": "git-hooks.nix", "branch": "master", - "revision": "fa466640195d38ec97cf0493d6d6882bc4d14969", - "url": "https://github.com/cachix/git-hooks.nix/archive/fa466640195d38ec97cf0493d6d6882bc4d14969.tar.gz", - "hash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=" + "revision": "623c56286de5a3193aa38891a6991b28f9bab056", + "url": "https://github.com/cachix/git-hooks.nix/archive/623c56286de5a3193aa38891a6991b28f9bab056.tar.gz", + "hash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=" }, "kadenios": { "type": "Git", @@ -135,20 +135,20 @@ "type": "Git", "fetchType": "git", "branch": "main", - "revision": "d169c092fc28838a253be136d17fe7de1292c728", + "revision": "1e34c3747779a82d59ef27b351d4ed02fb372a2a", "url": "https://git.lix.systems/lix-project/lix.git", - "hash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=", - "lastModified": 1743274305, + "hash": "sha256-4qJy0n+6P13/XAHPlcjcWK6MDNYd38PkFdI8iCiJYYo=", + "lastModified": 1749838547, "submodules": false }, "lix-module": { "type": "Git", "fetchType": "git", "branch": "main", - "revision": "fa69ae26cc32dda178117b46487c2165c0e08316", + "revision": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700", "url": "https://git.lix.systems/lix-project/nixos-module.git", - "hash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=", - "lastModified": 1742945498, + "hash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=", + "lastModified": 1747667424, "submodules": false }, "lon": { @@ -157,9 +157,9 @@ "owner": "nikstur", "repo": "lon", "branch": "main", - "revision": "c29151c0adefbf2eef904a3435350356cef98da2", - "url": "https://github.com/nikstur/lon/archive/c29151c0adefbf2eef904a3435350356cef98da2.tar.gz", - "hash": "sha256-1oQ4uLI92Ih2rmNyP4wzP9xZrQp48FHirOhV/aerZPc=" + "revision": "f9693fae910a8e58ae059d5a02afba07e9e583bb", + "url": "https://github.com/nikstur/lon/archive/f9693fae910a8e58ae059d5a02afba07e9e583bb.tar.gz", + "hash": "sha256-iVJvsF4SqvS8tSM2vN8ynzeQdDlED1qipf/ihqKCJMk=" }, "metis": { "type": "Git", @@ -195,10 +195,10 @@ "type": "Git", "fetchType": "git", "branch": "dgnum", - "revision": "0cdf222c07b9cbd49857ae046fb41ae9f651cc3f", + "revision": "44ccf96bd73c1bbbbcc849cb0f2e0d1f5f75f934", "url": "https://git.hubrecht.ovh/hubrecht/nix-modules", - "hash": "sha256-VHlkJny+t1AhZ61JOeyYM1rLa4cPEoEt/5+vqAqAJgA=", - "lastModified": 1746016692, + "hash": "sha256-mkrCWowrCje3/TuAG0eAJplrtlz1hYmusSFn93/Ccok=", + "lastModified": 1749629064, "submodules": false }, "nix-pkgs": { @@ -227,8 +227,8 @@ "owner": "NixOS", "repo": "nixpkgs", "branch": "nixos-24.05", - "revision": "b134951a4c9f", - "url": "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f.tar.gz", + "revision": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", + "url": "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f3c995fd7be05f3243f8ecd65d798.tar.gz", "hash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=" }, "nixos-24.11": { @@ -247,9 +247,9 @@ "owner": "NixOS", "repo": "nixpkgs", "branch": "nixos-25.05", - "revision": "70c74b02eac4", - "url": "https://github.com/NixOS/nixpkgs/archive/70c74b02eac4.tar.gz", - "hash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=" + "revision": "88331c17ba434359491e8d5889cce872464052c2", + "url": "https://github.com/NixOS/nixpkgs/archive/88331c17ba434359491e8d5889cce872464052c2.tar.gz", + "hash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=" }, "nixos-unstable": { "type": "GitHub", @@ -257,9 +257,9 @@ "owner": "NixOS", "repo": "nixpkgs", "branch": "nixos-unstable", - "revision": "d89fc19e405c", - "url": "https://github.com/NixOS/nixpkgs/archive/d89fc19e405c.tar.gz", - "hash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=" + "revision": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "url": "https://github.com/NixOS/nixpkgs/archive/3e3afe5174c561dee0df6f2c2b2236990146329f.tar.gz", + "hash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=" }, "proxmox-nixos": { "type": "Git", diff --git a/machines/nixos/build01/nix-builder.nix b/machines/nixos/build01/nix-builder.nix index 53dce67..79ff63e 100644 --- a/machines/nixos/build01/nix-builder.nix +++ b/machines/nixos/build01/nix-builder.nix @@ -69,7 +69,6 @@ # "ca-derivations" this feature is really extremely broken. "cgroups" "fetch-closure" - "impure-derivations" ]; }; }; diff --git a/machines/nixos/storage01/victorialogs.nix b/machines/nixos/storage01/victorialogs.nix index bd63b3a..4fe6c71 100644 --- a/machines/nixos/storage01/victorialogs.nix +++ b/machines/nixos/storage01/victorialogs.nix @@ -19,5 +19,10 @@ in }; }; + fileSystems."/var/lib/victorialogs" = { + device = "/data/fast/victorialogs"; + options = [ "bind" ]; + }; + networking.firewall.interfaces.wt0.allowedTCPPorts = [ port ]; } diff --git a/meta/dns.nix b/meta/dns.nix index fa3fd56..f9aa64e 100644 --- a/meta/dns.nix +++ b/meta/dns.nix @@ -82,6 +82,7 @@ let "gist" # Opengist "grafana" # Grafana "netbox-v2" # Netbox + "nimbolus" # Nimbolus Terraform Backend "nms" # LibreNMS "pads" # Hedgedoc "pass" # Vaultwarden diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 0485145..c3900ed 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -39,6 +39,7 @@ "extranix" "openbao" "forgejo-multiuser-nix-runners" + "systemd-notify" ]) ++ [ "${sources.agenix}/modules/age.nix" @@ -52,7 +53,6 @@ "services/forgejo-nix-runners" "services/nginx-sni" "services/reaction" - "services/systemd-notify" "services/victorialogs" "services/victoriametrics" ] diff --git a/modules/nixos/dgn-console.nix b/modules/nixos/dgn-console.nix index 237e46d..4dc9d5f 100644 --- a/modules/nixos/dgn-console.nix +++ b/modules/nixos/dgn-console.nix @@ -92,7 +92,6 @@ in environment.systemPackages = (with pkgs; [ - neovim wget kitty.terminfo diff --git a/modules/nixos/dgn-notify/default.nix b/modules/nixos/dgn-notify/default.nix index d9818db..5c83242 100644 --- a/modules/nixos/dgn-notify/default.nix +++ b/modules/nixos/dgn-notify/default.nix @@ -54,19 +54,16 @@ in }; services.systemd-notify = { - enable = true; - command = builtins.toString ( - pkgs.writeShellScript "sendmail" '' - ${pkgs.msmtp}/bin/sendmail -i -t < +# +# SPDX-License-Identifier: EUPL-1.2 + +{ config, lib, ... }: + +let + inherit (lib) + getExe + mapAttrs' + mapAttrsToList + mkOption + mkForce + nameValuePair + ; + inherit (lib.types) attrsOf package submodule; + + cfg = config.services.systemd-notify; +in + +{ + options.services.systemd-notify = mkOption { + type = attrsOf package; + description = '' + Commands to execute when a systemd unit fails. + Attrs keys will be the unit name and attrs value is the command that + will be run with the name of the failed unit as an argument. + ''; + default = { }; + }; + + options.systemd.services = mkOption { + type = attrsOf (submodule { + config.onFailure = mapAttrsToList (name: _: "${name}@%n.service") cfg; + }); + }; + + config.systemd.services = mapAttrs' ( + name: script: + nameValuePair "${name}@" { + description = "Run ${name} script on service failures."; + onFailure = mkForce [ ]; # Avoid recursive failures + serviceConfig = { + ExecStart = "${getExe script} %i"; + Type = "oneshot"; + }; + } + ) cfg; +} diff --git a/patches/default.nix b/patches/default.nix index 0aeb365..326daa0 100644 --- a/patches/default.nix +++ b/patches/default.nix @@ -18,11 +18,6 @@ with { lix = [ (local ./lix/01-disable-installChecks.patch) - (local ./lix/02-fetchGit-locked.patch) - ]; - - lon = [ - (local ./lon/01-npins-import.patch) ]; "nixos-25.05" = [ @@ -54,14 +49,14 @@ with { (local ./nixpkgs/05-netbird-relay.patch) # netbird-dashboard: 2.9.0 -> 2.12.0 - (npr 403844 "sha256-oQUc/UEvWOdZ5IyemnZeFS5dVysblqdV9fm6t790Kms=") + (local ./nixpkgs/06-netbird-dashboard.patch) ]; "agenix" = [ { _type = "url"; - url = "https://github.com/ryantm/agenix/commit/48b60f7c1c7023af52212555bdb6d07472402863.patch"; - hash = "sha256-e45hiHF0HbCYb+3RRhy+8nNIFvefb6SZSN3xcl1mpvI="; + url = "https://github.com/ryantm/agenix/commit/0a2bcfb77b1d89764b1c654b44b781b110038d0f.patch"; + hash = "sha256-dO7Lvf2mdCIN6MjNcE+OS7ibaSunJ84Krqlk8ywMtwo="; } ]; } diff --git a/patches/lix/02-fetchGit-locked.patch b/patches/lix/02-fetchGit-locked.patch deleted file mode 100644 index 9f97117..0000000 --- a/patches/lix/02-fetchGit-locked.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff --git i/lix/libexpr/primops/fetchTree.cc w/lix/libexpr/primops/fetchTree.cc -index 93b08ecc9..6d04ce24b 100644 ---- i/lix/libexpr/primops/fetchTree.cc -+++ w/lix/libexpr/primops/fetchTree.cc -@@ -168,6 +168,11 @@ static void fetchTree( - "attribute 'name' isn’t supported in call to 'fetchTree'" - ).atPos(pos).debugThrow(); - -+ // HACK: When using `fetchGit`, locking with only the hash should happen -+ // as we don't care about flake hallucinations about `lastModified` -+ if (type == "git" && attrs.contains("narHash")) -+ attrs["type"] = "git-locked"; -+ - input = fetchers::Input::fromAttrs(std::move(attrs)); - } else { - auto url = state.coerceToString(pos, *args[0], context, -diff --git i/lix/libfetchers/builtin-fetchers.hh w/lix/libfetchers/builtin-fetchers.hh -index d3be7f7f2..d1389b8ba 100644 ---- i/lix/libfetchers/builtin-fetchers.hh -+++ w/lix/libfetchers/builtin-fetchers.hh -@@ -10,6 +10,7 @@ std::unique_ptr makePathInputScheme(); - std::unique_ptr makeFileInputScheme(); - std::unique_ptr makeTarballInputScheme(); - std::unique_ptr makeGitInputScheme(); -+std::unique_ptr makeGitLockedInputScheme(); - std::unique_ptr makeMercurialInputScheme(); - std::unique_ptr makeGitHubInputScheme(); - std::unique_ptr makeGitLabInputScheme(); -diff --git i/lix/libfetchers/fetchers.cc w/lix/libfetchers/fetchers.cc -index 0dc9f5e0c..91cd9332d 100644 ---- i/lix/libfetchers/fetchers.cc -+++ w/lix/libfetchers/fetchers.cc -@@ -22,6 +22,7 @@ void initLibFetchers() - registerInputScheme(makeTarballInputScheme()); - registerInputScheme(makeFileInputScheme()); - registerInputScheme(makeGitInputScheme()); -+ registerInputScheme(makeGitLockedInputScheme()); - registerInputScheme(makeMercurialInputScheme()); - registerInputScheme(makeGitHubInputScheme()); - registerInputScheme(makeGitLabInputScheme()); -diff --git i/lix/libfetchers/git.cc w/lix/libfetchers/git.cc -index 21fa1904d..f9573eacd 100644 ---- i/lix/libfetchers/git.cc -+++ w/lix/libfetchers/git.cc -@@ -812,4 +812,40 @@ std::unique_ptr makeGitInputScheme() - return std::make_unique(); - } - -+struct GitLockedInputScheme : GitInputScheme { -+ -+ std::optional inputFromAttrs(const Attrs & attrs) const override -+ { -+ if (maybeGetStrAttr(attrs, "type") != "git-locked") return {}; -+ -+ for (auto & [name, value] : attrs) -+ if (name != "type" && name != "url" && name != "ref" && name != "rev" && name != "shallow" && name != "submodules" && name != "lastModified" && name != "revCount" && name != "narHash" && name != "allRefs" && name != "name" && name != "dirtyRev" && name != "dirtyShortRev") -+ throw Error("unsupported Git input attribute '%s'", name); -+ -+ parseURL(getStrAttr(attrs, "url")); -+ maybeGetBoolAttr(attrs, "shallow"); -+ maybeGetBoolAttr(attrs, "submodules"); -+ maybeGetBoolAttr(attrs, "allRefs"); -+ -+ if (auto ref = maybeGetStrAttr(attrs, "ref")) { -+ if (std::regex_search(*ref, badGitRefRegex)) -+ throw BadURL("invalid Git branch/tag name '%s'", *ref); -+ } -+ -+ Input input; -+ input.attrs = attrs; -+ return input; -+ } -+ -+ bool hasAllInfo(const Input & input) const override { -+ return true; -+ } -+ -+}; -+ -+std::unique_ptr makeGitLockedInputScheme() -+{ -+ return std::make_unique(); -+} -+ - } - diff --git a/patches/lon/01-npins-import.patch b/patches/lon/01-npins-import.patch deleted file mode 100644 index 55306a2..0000000 --- a/patches/lon/01-npins-import.patch +++ /dev/null @@ -1,625 +0,0 @@ -From 70877569a4ce8f5274c5e6208469c240a34993a0 Mon Sep 17 00:00:00 2001 -From: Tom Hubrecht -Date: Tue, 10 Jun 2025 15:26:22 +0200 -Subject: [PATCH 1/2] sources: Find default branch when none is supplied - ---- - rust/lon/Cargo.lock | 33 +++++++++++++++++++++++++++++++++ - rust/lon/Cargo.toml | 1 + - rust/lon/src/cli.rs | 8 ++++---- - rust/lon/src/git.rs | 29 +++++++++++++++++++++++++++++ - rust/lon/src/init/niv.rs | 4 ++-- - rust/lon/src/sources.rs | 18 +++++++++++++++--- - 6 files changed, 84 insertions(+), 9 deletions(-) - -diff --git a/rust/lon/Cargo.lock b/rust/lon/Cargo.lock -index 62f6176..b9e7944 100644 ---- a/rust/lon/Cargo.lock -+++ b/rust/lon/Cargo.lock -@@ -17,6 +17,15 @@ version = "2.0.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" - -+[[package]] -+name = "aho-corasick" -+version = "1.1.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" -+dependencies = [ -+ "memchr", -+] -+ - [[package]] - name = "android-tzdata" - version = "0.1.1" -@@ -847,6 +856,7 @@ dependencies = [ - "expect-test", - "indoc", - "log", -+ "regex", - "reqwest", - "serde", - "serde_json", -@@ -1073,11 +1083,34 @@ dependencies = [ - "getrandom 0.3.2", - ] - -+[[package]] -+name = "regex" -+version = "1.11.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" -+dependencies = [ -+ "aho-corasick", -+ "memchr", -+ "regex-automata", -+ "regex-syntax", -+] -+ - [[package]] - name = "regex-automata" - version = "0.4.9" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" -+dependencies = [ -+ "aho-corasick", -+ "memchr", -+ "regex-syntax", -+] -+ -+[[package]] -+name = "regex-syntax" -+version = "0.8.5" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" - - [[package]] - name = "reqwest" -diff --git a/rust/lon/Cargo.toml b/rust/lon/Cargo.toml -index a60c24e..d7dd633 100644 ---- a/rust/lon/Cargo.toml -+++ b/rust/lon/Cargo.toml -@@ -13,6 +13,7 @@ serde_json = "1.0.140" - sha2 = "0.10.9" - tempfile = "3.20.0" - reqwest = { version = "0.12", default-features = false, features = ["blocking","http2","rustls-tls","json"] } -+regex = "1.11.1" - - [dev-dependencies] - expect-test = "1.5.1" -diff --git a/rust/lon/src/cli.rs b/rust/lon/src/cli.rs -index eb850d7..5806b1d 100644 ---- a/rust/lon/src/cli.rs -+++ b/rust/lon/src/cli.rs -@@ -105,7 +105,7 @@ struct AddGitArgs { - /// URL to the repository - url: String, - /// Branch to track -- branch: String, -+ branch: Option, - /// Revision to lock - #[arg(short, long)] - revision: Option, -@@ -122,7 +122,7 @@ struct AddGitHubArgs { - /// An identifier made up of {owner}/{repo}, e.g. nixos/nixpkgs - identifier: String, - /// Branch to track -- branch: String, -+ branch: Option, - /// Name of the source - /// - /// If you do not supply this, the repository name is used as the source name. -@@ -283,7 +283,7 @@ fn add_git(directory: impl AsRef, args: &AddGitArgs) -> Result<()> { - - let source = GitSource::new( - &args.url, -- &args.branch, -+ args.branch.as_ref(), - args.revision.as_ref(), - args.submodules, - args.frozen, -@@ -314,7 +314,7 @@ fn add_github(directory: impl AsRef, args: &AddGitHubArgs) -> Result<()> { - let source = GitHubSource::new( - owner, - repo, -- &args.branch, -+ args.branch.as_ref(), - args.revision.as_ref(), - args.frozen, - )?; -diff --git a/rust/lon/src/git.rs b/rust/lon/src/git.rs -index cb5b4df..381c337 100644 ---- a/rust/lon/src/git.rs -+++ b/rust/lon/src/git.rs -@@ -5,6 +5,7 @@ use std::{ - }; - - use anyhow::{Context, Result, bail}; -+use regex::Regex; - use tempfile::TempDir; - - #[derive(Clone, Debug)] -@@ -129,6 +130,34 @@ fn find_newest_revision_for_ref(url: &str, reference: &str) -> Result - Ok(Revision(references.remove(0).revision)) - } - -+/// Find the default branch for a git repository -+pub fn find_default_branch(url: &str) -> Result { -+ let output = Command::new("git") -+ .arg("ls-remote") -+ .args(["--symref", url, "HEAD"]) -+ .output() -+ .context("Failed to execute git ls-remote. Most likely it's not on PATH")?; -+ -+ if !output.status.success() { -+ bail!( -+ "Failed to find the default branch for {}\n{}", -+ url, -+ String::from_utf8_lossy(&output.stderr) -+ ) -+ } -+ -+ let re = Regex::new(r"ref:.*refs/heads/(?.*)\tHEAD")?; -+ -+ let Some(branch) = String::from_utf8_lossy(&output.stdout) -+ .lines() -+ .find_map(|x| re.captures(x).map(|matched| matched["branch"].into())) -+ else { -+ bail!("Failed to find the default branch for {url}",) -+ }; -+ -+ Ok(branch) -+} -+ - /// Call `git ls-remote` with the provided args. - fn ls_remote(args: &[&str]) -> Result> { - let output = Command::new("git") -diff --git a/rust/lon/src/init/niv.rs b/rust/lon/src/init/niv.rs -index 469fdc7..8d41670 100644 ---- a/rust/lon/src/init/niv.rs -+++ b/rust/lon/src/init/niv.rs -@@ -42,7 +42,7 @@ impl Convertible for LockFile { - let source = GitHubSource::new( - owner, - &package.repo, -- &package.branch, -+ Some(&package.branch), - Some(&package.rev), - false, - )?; -@@ -51,7 +51,7 @@ impl Convertible for LockFile { - } else { - let source = GitSource::new( - &package.repo, -- &package.branch, -+ Some(&package.branch), - Some(&package.rev), - false, - false, -diff --git a/rust/lon/src/sources.rs b/rust/lon/src/sources.rs -index 92d8c2b..78bdbdb 100644 ---- a/rust/lon/src/sources.rs -+++ b/rust/lon/src/sources.rs -@@ -170,11 +170,16 @@ pub struct GitSource { - impl GitSource { - pub fn new( - url: &str, -- branch: &str, -+ branch: Option<&String>, - revision: Option<&String>, - submodules: bool, - frozen: bool, - ) -> Result { -+ let branch = match branch { -+ Some(branch) => branch, -+ None => &git::find_default_branch(url)?, -+ }; -+ - let rev = match revision { - Some(rev) => rev, - None => &git::find_newest_revision(url, branch)?.to_string(), -@@ -283,13 +288,20 @@ impl GitHubSource { - pub fn new( - owner: &str, - repo: &str, -- branch: &str, -+ branch: Option<&String>, - revision: Option<&String>, - frozen: bool, - ) -> Result { -+ let repo_url = &Self::git_url(owner, repo); -+ -+ let branch = match branch { -+ Some(branch) => branch, -+ None => &git::find_default_branch(repo_url)?, -+ }; -+ - let rev = match revision { - Some(rev) => rev, -- None => &git::find_newest_revision(&Self::git_url(owner, repo), branch)?.to_string(), -+ None => &git::find_newest_revision(repo_url, branch)?.to_string(), - }; - log::info!("Locked revision: {rev}"); - - -From eee3871a246605a7ab60714bb193846160ac8e64 Mon Sep 17 00:00:00 2001 -From: Tom Hubrecht -Date: Tue, 10 Jun 2025 17:25:52 +0200 -Subject: [PATCH 2/2] cli: init from npins - -We convert three types of pins: `Git`, `GitRelease` and `Channel` ---- - rust/lon/src/cli.rs | 13 ++- - rust/lon/src/init.rs | 1 + - rust/lon/src/init/npins.rs | 218 +++++++++++++++++++++++++++++++++++++ - rust/lon/tests/npins.json | 86 +++++++++++++++ - 4 files changed, 312 insertions(+), 6 deletions(-) - create mode 100644 rust/lon/src/init/npins.rs - create mode 100644 rust/lon/tests/npins.json - -diff --git a/rust/lon/src/cli.rs b/rust/lon/src/cli.rs -index 5806b1d..57dcc50 100644 ---- a/rust/lon/src/cli.rs -+++ b/rust/lon/src/cli.rs -@@ -11,7 +11,7 @@ use crate::{ - bot::{Forge, Forgejo, GitHub, GitLab}, - commit_message::CommitMessage, - git, -- init::{Convertible, niv}, -+ init::{Convertible, niv, npins}, - lock::Lock, - lon_nix::LonNix, - sources::{GitHubSource, GitSource, Source, Sources}, -@@ -82,6 +82,7 @@ struct InitArgs { - #[derive(Clone, ValueEnum)] - enum LockFileType { - Niv, -+ Npins, - } - - #[derive(Subcommand)] -@@ -261,13 +262,13 @@ fn init(directory: impl AsRef, args: &InitArgs) -> Result<()> { - bail!("No lock file type is provided"); - }; - -- let lock_file = match lock_file_type { -- LockFileType::Niv => niv::LockFile::from_file(path)?, -- }; -- - log::info!("Initializing lon.lock from {path:?}"); - -- let sources = lock_file.convert()?; -+ let sources = match lock_file_type { -+ LockFileType::Niv => niv::LockFile::from_file(path)?.convert()?, -+ LockFileType::Npins => npins::LockFile::from_file(path)?.convert()?, -+ }; -+ - sources.write(&directory)?; - - Ok(()) -diff --git a/rust/lon/src/init.rs b/rust/lon/src/init.rs -index ec87afa..06e63f2 100644 ---- a/rust/lon/src/init.rs -+++ b/rust/lon/src/init.rs -@@ -1,4 +1,5 @@ - pub mod niv; -+pub mod npins; - - use anyhow::Result; - -diff --git a/rust/lon/src/init/npins.rs b/rust/lon/src/init/npins.rs -new file mode 100644 -index 0000000..8a38139 ---- /dev/null -+++ b/rust/lon/src/init/npins.rs -@@ -0,0 +1,218 @@ -+use std::{collections::BTreeMap, fs::File, io::Read, path::Path}; -+ -+use anyhow::{Context, Result, bail}; -+use regex::Regex; -+use serde::Deserialize; -+ -+use crate::{ -+ init::Convertible, -+ sources::{GitHubSource, GitSource, Source, Sources}, -+}; -+ -+#[derive(Debug, Deserialize)] -+pub struct LockFile { -+ pins: BTreeMap, -+ version: u64, -+} -+ -+#[derive(Debug, Deserialize)] -+#[serde(tag = "type")] -+pub enum Repository { -+ Git { -+ /// URL to the Git repository -+ url: String, -+ }, -+ Forgejo { -+ server: String, -+ owner: String, -+ repo: String, -+ }, -+ GitHub { -+ /// "owner/repo" -+ owner: String, -+ repo: String, -+ }, -+ GitLab { -+ /// usually "owner/repo" or "group/owner/repo" (without leading or trailing slashes) -+ repo_path: String, -+ /// Of the kind -+ /// -+ /// It must fit into the schema `//` to get a repository's URL. -+ server: String, -+ /// access token for private repositories -+ #[serde(skip_serializing_if = "Option::is_none")] -+ #[serde(default)] -+ private_token: Option, -+ }, -+} -+ -+// HACK: We know that a Git pin has a branch associated to it and GitRelease has none, -+// but to unify the behaviour, we set them bot to `Option`s -+#[derive(Debug, Deserialize)] -+#[serde(tag = "type")] -+pub enum Pin { -+ Git { -+ repository: Repository, -+ branch: Option, -+ revision: String, -+ submodules: bool, -+ #[serde(default)] -+ frozen: bool, -+ }, -+ GitRelease { -+ repository: Repository, -+ branch: Option, -+ revision: String, -+ submodules: bool, -+ #[serde(default)] -+ frozen: bool, -+ }, -+ Channel { -+ #[serde(rename = "name")] -+ channel: String, -+ url: String, -+ #[serde(default)] -+ frozen: bool, -+ }, -+} -+ -+impl LockFile { -+ pub fn from_file(path: impl AsRef) -> Result { -+ let file = File::open(path.as_ref()) -+ .with_context(|| format!("Failed to open {:?}", path.as_ref()))?; -+ Self::from_reader(file) -+ } -+ -+ fn from_reader(rdr: impl Read) -> Result { -+ serde_json::from_reader(rdr).context("Failed to deserialize npins lock file") -+ } -+} -+ -+impl Convertible for LockFile { -+ fn convert(&self) -> Result { -+ let mut sources = Sources::default(); -+ -+ if self.version == 1 { -+ bail!("Unsupported npins lockfile version: {}", &self.version) -+ } -+ -+ let re = Regex::new( -+ r"https://releases\.nixos\.org/.*\.(?[a-f0-9]+)/nixexprs\.tar\.xz", -+ )?; -+ -+ for (name, pin) in &self.pins { -+ log::info!("Converting {name}..."); -+ -+ let source = match pin { -+ Pin::Channel { -+ channel, -+ url, -+ frozen, -+ } => { -+ let Some(matched) = re.captures(url) else { -+ bail!("Cannot extract revision from the channel url: {url}") -+ }; -+ -+ Source::GitHub(GitHubSource::new( -+ "NixOS", -+ "nixpkgs", -+ Some(channel), -+ Some(&matched["shortrev"].into()), -+ *frozen, -+ )?) -+ } -+ Pin::Git { -+ repository, -+ branch, -+ revision, -+ submodules, -+ frozen, -+ } -+ | Pin::GitRelease { -+ repository, -+ branch, -+ revision, -+ submodules, -+ frozen, -+ } => match repository { -+ Repository::Git { url } => Source::Git(GitSource::new( -+ url, -+ branch.as_ref(), -+ Some(revision), -+ *submodules, -+ *frozen, -+ )?), -+ Repository::GitHub { owner, repo } => { -+ if *submodules { -+ Source::Git(GitSource::new( -+ &format!("https://github.com/{owner}/{repo}"), -+ branch.as_ref(), -+ Some(revision), -+ *submodules, -+ *frozen, -+ )?) -+ } else { -+ Source::GitHub(GitHubSource::new( -+ owner, -+ repo, -+ branch.as_ref(), -+ Some(revision), -+ *frozen, -+ )?) -+ } -+ } -+ Repository::Forgejo { -+ server, -+ owner, -+ repo, -+ } => Source::Git(GitSource::new( -+ &format!("{server}/{owner}/{repo}"), -+ branch.as_ref(), -+ Some(revision), -+ *submodules, -+ *frozen, -+ )?), -+ Repository::GitLab { -+ repo_path, -+ server, -+ private_token, -+ } => { -+ if private_token.is_some() { -+ log::warn!( -+ "GitLab source {name} is configured with a PAT, which unsupported in lon" -+ ); -+ } -+ Source::Git(GitSource::new( -+ &format!("{server}/{repo_path}"), -+ branch.as_ref(), -+ Some(revision), -+ *submodules, -+ *frozen, -+ )?) -+ } -+ }, -+ }; -+ -+ sources.add(name, source); -+ } -+ -+ Ok(sources) -+ } -+} -+ -+#[cfg(test)] -+mod tests { -+ use super::*; -+ -+ impl LockFile { -+ fn from_str(s: &str) -> Result { -+ serde_json::from_str(s).context("Failed to deserialize npins lock file") -+ } -+ } -+ -+ #[test] -+ fn parse_npins_lock_file() -> Result<()> { -+ LockFile::from_str(include_str!("../../tests/npins.json"))?; -+ Ok(()) -+ } -+} -diff --git a/rust/lon/tests/npins.json b/rust/lon/tests/npins.json -new file mode 100644 -index 0000000..10ce4e2 ---- /dev/null -+++ b/rust/lon/tests/npins.json -@@ -0,0 +1,86 @@ -+{ -+ "pins": { -+ "agenix": { -+ "type": "GitRelease", -+ "repository": { -+ "type": "GitHub", -+ "owner": "ryantm", -+ "repo": "agenix" -+ }, -+ "pre_releases": false, -+ "version_upper_bound": null, -+ "release_prefix": null, -+ "submodules": false, -+ "version": "0.15.0", -+ "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d", -+ "url": "https://api.github.com/repos/ryantm/agenix/tarball/refs/tags/0.15.0", -+ "hash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=" -+ }, -+ "arkheon": { -+ "type": "Git", -+ "repository": { -+ "type": "GitHub", -+ "owner": "RaitoBezarius", -+ "repo": "arkheon" -+ }, -+ "branch": "main", -+ "submodules": false, -+ "revision": "3eea876b29217d01cf2ef03ea9fdd8779d28ad04", -+ "url": "https://github.com/RaitoBezarius/arkheon/archive/3eea876b29217d01cf2ef03ea9fdd8779d28ad04.tar.gz", -+ "hash": "sha256-+R6MhTXuSzNeGQiL4DQwlP5yNhmnhbf7pQWPUWgcZSM=" -+ }, -+ "colmena": { -+ "type": "Git", -+ "repository": { -+ "type": "Git", -+ "url": "https://git.dgnum.eu/DGNum/colmena" -+ }, -+ "branch": "main", -+ "submodules": false, -+ "revision": "b5135dc8af1d7637b337cc2632990400221da577", -+ "url": null, -+ "hash": "sha256-7gg+K3PEYlN0sGPgDlmnM8zgDDIV505gNcwjFN61Qvk=" -+ }, -+ "nix-actions": { -+ "type": "GitRelease", -+ "repository": { -+ "type": "Git", -+ "url": "https://git.dgnum.eu/DGNum/nix-actions.git" -+ }, -+ "pre_releases": false, -+ "version_upper_bound": null, -+ "release_prefix": null, -+ "submodules": false, -+ "version": "v0.5.1", -+ "revision": "06847b3256df402da0475dccb290832ec92a9f8c", -+ "url": null, -+ "hash": "sha256-2xOZdKiUfcriQFKG37vY96dgCJLndhLa7cGacq8+SA8=" -+ }, -+ "nixos-25.05": { -+ "type": "Channel", -+ "name": "nixos-25.05", -+ "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.803579.70c74b02eac4/nixexprs.tar.xz", -+ "hash": "sha256-0RxtgAd4gHYPFFwICal8k8hvJBOkCeTjFkh4HsqYDbE=" -+ }, -+ "nixos-unstable": { -+ "type": "Channel", -+ "name": "nixos-unstable", -+ "url": "https://releases.nixos.org/nixos/unstable/nixos-25.05pre797896.d89fc19e405c/nixexprs.tar.xz", -+ "hash": "sha256-bFJJ/qwB3VJ0nFuVYYHJXinT4tNJ2jhXTVT6SpYiFOM=" -+ }, -+ "wp4nix": { -+ "type": "Git", -+ "repository": { -+ "type": "GitLab", -+ "repo_path": "helsinki-systems/wp4nix", -+ "server": "https://git.helsinki.tools/" -+ }, -+ "branch": "master", -+ "submodules": false, -+ "revision": "2fc9a0734168cab536e3129efa6397d6cd3ac89f", -+ "url": "https://git.helsinki.tools/api/v4/projects/helsinki-systems%2Fwp4nix/repository/archive.tar.gz?sha=2fc9a0734168cab536e3129efa6397d6cd3ac89f", -+ "hash": "sha256-abwqAZGsWuWqfxou8XlqedBvXsUw1/xanSgljLCJxdM=" -+ } -+ }, -+ "version": 6 -+} diff --git a/patches/lon/01-npins-import.patch.license b/patches/lon/01-npins-import.patch.license deleted file mode 100644 index 12f3979..0000000 --- a/patches/lon/01-npins-import.patch.license +++ /dev/null @@ -1,3 +0,0 @@ -SPDX-FileCopyrightText: 2025 Tom Hubrecht - -SPDX-License-Identifier: MIT diff --git a/patches/nixpkgs/06-netbird-dashboard.patch b/patches/nixpkgs/06-netbird-dashboard.patch new file mode 100644 index 0000000..4f46e8c --- /dev/null +++ b/patches/nixpkgs/06-netbird-dashboard.patch @@ -0,0 +1,34 @@ +diff --git a/pkgs/by-name/ne/netbird-dashboard/package.nix b/pkgs/by-name/ne/netbird-dashboard/package.nix +index 0670d3333e6bce..fcd2f4df65fce9 100644 +--- a/pkgs/by-name/ne/netbird-dashboard/package.nix ++++ b/pkgs/by-name/ne/netbird-dashboard/package.nix +@@ -6,16 +6,16 @@ + + buildNpmPackage rec { + pname = "netbird-dashboard"; +- version = "2.9.0"; ++ version = "2.12.0"; + + src = fetchFromGitHub { + owner = "netbirdio"; + repo = "dashboard"; + rev = "v${version}"; +- hash = "sha256-PY/jK96FK6Y0++Ie4Yg/7GrGoLtLcgCSzXIkqySxe2M="; ++ hash = "sha256-AZ8vrDtpVADW8NMq/MBpYd6VSMcuFzk67UXoXdPeiPk="; + }; + +- npmDepsHash = "sha256-TELyc62l/8IaX9eL2lxRFth0AAZ4LXsV2WNzXSHRnTw="; ++ npmDepsHash = "sha256-XNAphh1zNi4enf0Mz9TUgWyZHezTuctMPTBswKO4eW8="; + npmFlags = [ "--legacy-peer-deps" ]; + + installPhase = '' +@@ -30,6 +30,8 @@ buildNpmPackage rec { + description = "NetBird Management Service Web UI Panel"; + homepage = "https://github.com/netbirdio/dashboard"; + license = licenses.bsd3; +- maintainers = with maintainers; [ ]; ++ maintainers = with maintainers; [ ++ patrickdag ++ ]; + }; + } diff --git a/patches/nixpkgs/08-25.05-kanidm-groups-pkgs.patch b/patches/nixpkgs/08-25.05-kanidm-groups-pkgs.patch index b558080..1938927 100644 --- a/patches/nixpkgs/08-25.05-kanidm-groups-pkgs.patch +++ b/patches/nixpkgs/08-25.05-kanidm-groups-pkgs.patch @@ -93,14 +93,12 @@ diff --git a/pkgs/by-name/ka/kanidm-provision/package.nix b/pkgs/by-name/ka/kani index 63d7e85ba8a8..5ebd69cb91ee 100644 --- a/pkgs/by-name/ka/kanidm-provision/package.nix +++ b/pkgs/by-name/ka/kanidm-provision/package.nix -@@ -14,6 +14,10 @@ rustPlatform.buildRustPackage rec { - hash = "sha256-kwxGrLz59Zk8PSsfQzPUeA/xWQZrV1NWlS5/yuqfIyI="; +@@ -18,4 +18,8 @@ rustPlatform.buildRustPackage rec { + hash = "sha256-m3bF4wFPVRc2E+E/pZc3js9T4rYbTejo/FFpysytWKw="; }; + patches = [ + ./01-memberless.patch + ]; + - postPatch = '' - tomlq -ti '.package.version = "${finalAttrs.version}"' Cargo.toml - ''; + useFetchCargoVendor = true; diff --git a/workflows/eval-nodes.nix b/workflows/eval-nodes.nix index acbe3f4..94f585f 100644 --- a/workflows/eval-nodes.nix +++ b/workflows/eval-nodes.nix @@ -30,7 +30,10 @@ in ''; shell = "eval-nodes"; }; - env.BUILD_NODE = node; + env = { + BUILD_NODE = node; + NIX_SHOW_STATS = 1; + }; } { name = "Build ${node}"; diff --git a/workflows/lon-update.nix b/workflows/lon-update.nix index 3e310b9..497e2b3 100644 --- a/workflows/lon-update.nix +++ b/workflows/lon-update.nix @@ -28,7 +28,7 @@ in LON_TOKEN = secret "TEA_DGNUM_CHORES_TOKEN"; LON_USER_NAME = "DGNum [bot]"; LON_USER_EMAIL = "admins+lon-bot@dgnum.eu"; - # LON_LABELS = "bot"; + LON_LABELS = "bot"; LON_LIST_COMMITS = true; };