Compare commits
28 commits
ecd20923ef
...
c384f800b3
| Author | SHA1 | Date | |
|---|---|---|---|
| c384f800b3 | |||
| 2038a06f21 | |||
| d6300e6e19 | |||
| c1afcb7768 | |||
e1699ba735
|
|||
|
7b596c8886 | ||
0cc1f3a23f
|
|||
| b2cf1c2715 | |||
|
0455ca4175
|
|||
|
6cde27f0aa
|
|||
|
d0731500b3
|
|||
|
cc4bc6e563
|
|||
|
|
08edb60af9 | ||
| 5e7ac52ce7 | |||
|
|
a7377a6afc | ||
|
|
f137ff5e03 | ||
| 0eb9d1c9c2 | |||
| 6df3c70a42 | |||
|
|
eb6b00fce2 | ||
| 1c7f174987 | |||
|
|
a389fb26de | ||
| 124d9b72b0 | |||
|
|
fc6c88543e | ||
|
8c09de1529
|
|||
|
05a7477a8e
|
|||
|
|
07a3435f90
|
||
|
|
ff1920acf6 | ||
|
|
3962ada269 |
22 changed files with 195 additions and 781 deletions
25
.forgejo/workflows/eval-nodes.yaml
generated
25
.forgejo/workflows/eval-nodes.yaml
generated
|
|
@ -7,6 +7,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: Jaccess01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval Jaccess01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -26,6 +27,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: Jaccess04
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval Jaccess04
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -45,6 +47,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: ap01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval ap01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -64,6 +67,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: bridge01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval bridge01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -83,6 +87,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: build01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval build01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -102,6 +107,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: cof02
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval cof02
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -121,6 +127,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: compute01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval compute01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -140,6 +147,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: geo01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval geo01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -159,6 +167,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: geo02
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval geo02
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -178,6 +187,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: hypervisor01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval hypervisor01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -197,6 +207,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: hypervisor02
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval hypervisor02
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -216,6 +227,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: hypervisor03
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval hypervisor03
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -235,6 +247,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: iso
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval iso
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -254,6 +267,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: krz01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval krz01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -273,6 +287,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: lab-router01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval lab-router01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -292,6 +307,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: netcore01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval netcore01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -311,6 +327,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: netcore02
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval netcore02
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -330,6 +347,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: rescue01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval rescue01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -349,6 +367,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: storage01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval storage01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -368,6 +387,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: tower01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval tower01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -387,6 +407,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: vault01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval vault01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -406,6 +427,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: web01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval web01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -425,6 +447,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: web02
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval web02
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -444,6 +467,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: web03
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval web03
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
@ -463,6 +487,7 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- env:
|
||||
BUILD_NODE: zulip01
|
||||
NIX_SHOW_STATS: 1
|
||||
name: Eval zulip01
|
||||
run: "nix-shell -A eval-nodes --run 'set -o pipefail\nset -o nounset\nset -o
|
||||
errexit\nDRV=$(instantiate-node)\necho \"DRV=$DRV\" >> $GITHUB_ENV\n'"
|
||||
|
|
|
|||
1
.forgejo/workflows/lon-update.yaml
generated
1
.forgejo/workflows/lon-update.yaml
generated
|
|
@ -8,6 +8,7 @@ jobs:
|
|||
with:
|
||||
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
|
||||
- env:
|
||||
LON_LABELS: bot
|
||||
LON_LIST_COMMITS: true
|
||||
LON_TOKEN: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
|
||||
LON_USER_EMAIL: admins+lon-bot@dgnum.eu
|
||||
|
|
|
|||
2
REUSE.toml
generated
2
REUSE.toml
generated
|
|
@ -38,7 +38,7 @@ precedence = "closest"
|
|||
[[annotations]]
|
||||
SPDX-FileCopyrightText = "2024 Lubin Bailly <lubin.bailly@dgnum.eu>"
|
||||
SPDX-License-Identifier = "EUPL-1.2"
|
||||
path = ["modules/nixos/extranix/0001-revert-don-t-parse-md-in-js.patch", "modules/nixos/extranix/0002-chore-remove-useless-dependencies.patch", "modules/nixos/extranix/0003-feat-separate-HTML-description-of-MD-description.patch", "modules/nixos/extranix/0004-fix-indentation-of-ul.patch", "modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch", "patches/nixpkgs/02-action-validator.patch", "machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch"]
|
||||
path = ["modules/nixos/extranix/0001-revert-don-t-parse-md-in-js.patch", "modules/nixos/extranix/0002-chore-remove-useless-dependencies.patch", "modules/nixos/extranix/0003-feat-separate-HTML-description-of-MD-description.patch", "modules/nixos/extranix/0004-fix-indentation-of-ul.patch", "modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch", "patches/nixpkgs/02-action-validator.patch", "machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch", "patches/nixpkgs/06-netbird-dashboard.patch"]
|
||||
precedence = "closest"
|
||||
|
||||
[[annotations]]
|
||||
|
|
|
|||
|
|
@ -154,6 +154,7 @@ let
|
|||
"modules/nixos/extranix/0005-feat-match-all-substring-by-default.patch"
|
||||
"patches/nixpkgs/02-action-validator.patch"
|
||||
"machines/nixos/vault01/k-radius/packages/04-request-dgsi-vlan.patch"
|
||||
"patches/nixpkgs/06-netbird-dashboard.patch"
|
||||
];
|
||||
copyright = "2024 Lubin Bailly <lubin.bailly@dgnum.eu>";
|
||||
}
|
||||
|
|
|
|||
6
hive.nix
6
hive.nix
|
|
@ -191,9 +191,11 @@ in
|
|||
# Deployment config is specified in meta.nodes.${node}.deployment
|
||||
inherit (nodeMeta) deployment;
|
||||
|
||||
# Set NIX_PATH to the patched version of nixpkgs
|
||||
environment.etc.nixpkgs.source = builtins.storePath sourcePkgs.path;
|
||||
nix.nixPath = [ "nixpkgs=/etc/nixpkgs" ];
|
||||
|
||||
nix = {
|
||||
# Set NIX_PATH to the patched version of nixpkgs
|
||||
nixPath = [ "nixpkgs=${builtins.storePath sourcePkgs.path}" ];
|
||||
optimise.automatic = true;
|
||||
|
||||
gc = {
|
||||
|
|
|
|||
|
|
@ -71,12 +71,31 @@ rec {
|
|||
src,
|
||||
name,
|
||||
patches ? mkPatches name,
|
||||
}:
|
||||
pkgs.applyPatches {
|
||||
inherit patches src;
|
||||
prePatch ? null,
|
||||
postPatch ? null,
|
||||
...
|
||||
}@args:
|
||||
if patches == [ ] && prePatch == null && postPatch == null then
|
||||
src
|
||||
else
|
||||
pkgs.stdenvNoCC.mkDerivation (
|
||||
args
|
||||
// {
|
||||
name = "${name}-patched";
|
||||
|
||||
name = "${name}-patched";
|
||||
};
|
||||
inherit patches prePatch postPatch;
|
||||
|
||||
preferLocalBuild = true;
|
||||
allowSubstitutes = true;
|
||||
phases = [
|
||||
"unpackPhase"
|
||||
"patchPhase"
|
||||
"installPhase"
|
||||
];
|
||||
|
||||
installPhase = "cp -R . $out";
|
||||
}
|
||||
);
|
||||
|
||||
applyPatches' = name: src: applyPatches { inherit name src; };
|
||||
};
|
||||
|
|
|
|||
58
lon.lock
generated
58
lon.lock
generated
|
|
@ -7,9 +7,9 @@
|
|||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"branch": "main",
|
||||
"revision": "564595d0ad4be7277e07fa63b5a991b3c645655d",
|
||||
"url": "https://github.com/ryantm/agenix/archive/564595d0ad4be7277e07fa63b5a991b3c645655d.tar.gz",
|
||||
"hash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU="
|
||||
"revision": "4835b1dc898959d8547a871ef484930675cb47f1",
|
||||
"url": "https://github.com/ryantm/agenix/archive/4835b1dc898959d8547a871ef484930675cb47f1.tar.gz",
|
||||
"hash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k="
|
||||
},
|
||||
"arkheon": {
|
||||
"type": "GitHub",
|
||||
|
|
@ -77,9 +77,9 @@
|
|||
"owner": "nix-community",
|
||||
"repo": "dns.nix",
|
||||
"branch": "master",
|
||||
"revision": "a3196708a56dee76186a9415c187473b94e6cbae",
|
||||
"url": "https://github.com/nix-community/dns.nix/archive/a3196708a56dee76186a9415c187473b94e6cbae.tar.gz",
|
||||
"hash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ="
|
||||
"revision": "96e548ae8bd44883afc5bddb9dacd0502542276d",
|
||||
"url": "https://github.com/nix-community/dns.nix/archive/96e548ae8bd44883afc5bddb9dacd0502542276d.tar.gz",
|
||||
"hash": "sha256-qTbv8Pm9WWF63M5Fj0Od9E54/lsbMSQUBHw/s30eFok="
|
||||
},
|
||||
"git-hooks": {
|
||||
"type": "GitHub",
|
||||
|
|
@ -87,9 +87,9 @@
|
|||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"branch": "master",
|
||||
"revision": "fa466640195d38ec97cf0493d6d6882bc4d14969",
|
||||
"url": "https://github.com/cachix/git-hooks.nix/archive/fa466640195d38ec97cf0493d6d6882bc4d14969.tar.gz",
|
||||
"hash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo="
|
||||
"revision": "623c56286de5a3193aa38891a6991b28f9bab056",
|
||||
"url": "https://github.com/cachix/git-hooks.nix/archive/623c56286de5a3193aa38891a6991b28f9bab056.tar.gz",
|
||||
"hash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4="
|
||||
},
|
||||
"kadenios": {
|
||||
"type": "Git",
|
||||
|
|
@ -135,20 +135,20 @@
|
|||
"type": "Git",
|
||||
"fetchType": "git",
|
||||
"branch": "main",
|
||||
"revision": "d169c092fc28838a253be136d17fe7de1292c728",
|
||||
"revision": "1e34c3747779a82d59ef27b351d4ed02fb372a2a",
|
||||
"url": "https://git.lix.systems/lix-project/lix.git",
|
||||
"hash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=",
|
||||
"lastModified": 1743274305,
|
||||
"hash": "sha256-4qJy0n+6P13/XAHPlcjcWK6MDNYd38PkFdI8iCiJYYo=",
|
||||
"lastModified": 1749838547,
|
||||
"submodules": false
|
||||
},
|
||||
"lix-module": {
|
||||
"type": "Git",
|
||||
"fetchType": "git",
|
||||
"branch": "main",
|
||||
"revision": "fa69ae26cc32dda178117b46487c2165c0e08316",
|
||||
"revision": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module.git",
|
||||
"hash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=",
|
||||
"lastModified": 1742945498,
|
||||
"hash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=",
|
||||
"lastModified": 1747667424,
|
||||
"submodules": false
|
||||
},
|
||||
"lon": {
|
||||
|
|
@ -157,9 +157,9 @@
|
|||
"owner": "nikstur",
|
||||
"repo": "lon",
|
||||
"branch": "main",
|
||||
"revision": "c29151c0adefbf2eef904a3435350356cef98da2",
|
||||
"url": "https://github.com/nikstur/lon/archive/c29151c0adefbf2eef904a3435350356cef98da2.tar.gz",
|
||||
"hash": "sha256-1oQ4uLI92Ih2rmNyP4wzP9xZrQp48FHirOhV/aerZPc="
|
||||
"revision": "f9693fae910a8e58ae059d5a02afba07e9e583bb",
|
||||
"url": "https://github.com/nikstur/lon/archive/f9693fae910a8e58ae059d5a02afba07e9e583bb.tar.gz",
|
||||
"hash": "sha256-iVJvsF4SqvS8tSM2vN8ynzeQdDlED1qipf/ihqKCJMk="
|
||||
},
|
||||
"metis": {
|
||||
"type": "Git",
|
||||
|
|
@ -195,10 +195,10 @@
|
|||
"type": "Git",
|
||||
"fetchType": "git",
|
||||
"branch": "dgnum",
|
||||
"revision": "0cdf222c07b9cbd49857ae046fb41ae9f651cc3f",
|
||||
"revision": "44ccf96bd73c1bbbbcc849cb0f2e0d1f5f75f934",
|
||||
"url": "https://git.hubrecht.ovh/hubrecht/nix-modules",
|
||||
"hash": "sha256-VHlkJny+t1AhZ61JOeyYM1rLa4cPEoEt/5+vqAqAJgA=",
|
||||
"lastModified": 1746016692,
|
||||
"hash": "sha256-mkrCWowrCje3/TuAG0eAJplrtlz1hYmusSFn93/Ccok=",
|
||||
"lastModified": 1749629064,
|
||||
"submodules": false
|
||||
},
|
||||
"nix-pkgs": {
|
||||
|
|
@ -227,8 +227,8 @@
|
|||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"branch": "nixos-24.05",
|
||||
"revision": "b134951a4c9f",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f.tar.gz",
|
||||
"revision": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f3c995fd7be05f3243f8ecd65d798.tar.gz",
|
||||
"hash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8="
|
||||
},
|
||||
"nixos-24.11": {
|
||||
|
|
@ -247,9 +247,9 @@
|
|||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"branch": "nixos-25.05",
|
||||
"revision": "70c74b02eac4",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/70c74b02eac4.tar.gz",
|
||||
"hash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw="
|
||||
"revision": "88331c17ba434359491e8d5889cce872464052c2",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/88331c17ba434359491e8d5889cce872464052c2.tar.gz",
|
||||
"hash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc="
|
||||
},
|
||||
"nixos-unstable": {
|
||||
"type": "GitHub",
|
||||
|
|
@ -257,9 +257,9 @@
|
|||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"branch": "nixos-unstable",
|
||||
"revision": "d89fc19e405c",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/d89fc19e405c.tar.gz",
|
||||
"hash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ="
|
||||
"revision": "3e3afe5174c561dee0df6f2c2b2236990146329f",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/3e3afe5174c561dee0df6f2c2b2236990146329f.tar.gz",
|
||||
"hash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU="
|
||||
},
|
||||
"proxmox-nixos": {
|
||||
"type": "Git",
|
||||
|
|
|
|||
|
|
@ -69,7 +69,6 @@
|
|||
# "ca-derivations" this feature is really extremely broken.
|
||||
"cgroups"
|
||||
"fetch-closure"
|
||||
"impure-derivations"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -19,5 +19,10 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/victorialogs" = {
|
||||
device = "/data/fast/victorialogs";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
|
||||
networking.firewall.interfaces.wt0.allowedTCPPorts = [ port ];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -82,6 +82,7 @@ let
|
|||
"gist" # Opengist
|
||||
"grafana" # Grafana
|
||||
"netbox-v2" # Netbox
|
||||
"nimbolus" # Nimbolus Terraform Backend
|
||||
"nms" # LibreNMS
|
||||
"pads" # Hedgedoc
|
||||
"pass" # Vaultwarden
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@
|
|||
"extranix"
|
||||
"openbao"
|
||||
"forgejo-multiuser-nix-runners"
|
||||
"systemd-notify"
|
||||
])
|
||||
++ [
|
||||
"${sources.agenix}/modules/age.nix"
|
||||
|
|
@ -52,7 +53,6 @@
|
|||
"services/forgejo-nix-runners"
|
||||
"services/nginx-sni"
|
||||
"services/reaction"
|
||||
"services/systemd-notify"
|
||||
"services/victorialogs"
|
||||
"services/victoriametrics"
|
||||
]
|
||||
|
|
|
|||
|
|
@ -92,7 +92,6 @@ in
|
|||
|
||||
environment.systemPackages =
|
||||
(with pkgs; [
|
||||
neovim
|
||||
wget
|
||||
kitty.terminfo
|
||||
|
||||
|
|
|
|||
|
|
@ -54,19 +54,16 @@ in
|
|||
};
|
||||
|
||||
services.systemd-notify = {
|
||||
enable = true;
|
||||
command = builtins.toString (
|
||||
pkgs.writeShellScript "sendmail" ''
|
||||
${pkgs.msmtp}/bin/sendmail -i -t <<ERRMAIL
|
||||
To: admins+monitoring@dgnum.eu, ${emails}
|
||||
Subject: [$HOSTNAME] Systemd failure: $1
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
mail = pkgs.writeShellScript "sendmail" ''
|
||||
${pkgs.msmtp}/bin/sendmail -i -t <<ERRMAIL
|
||||
To: admins+monitoring@dgnum.eu, ${emails}
|
||||
Subject: [$HOSTNAME] Systemd failure: $1
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
|
||||
$(systemctl status --full "$1")
|
||||
ERRMAIL
|
||||
''
|
||||
);
|
||||
$(systemctl status --full "$1")
|
||||
ERRMAIL
|
||||
'';
|
||||
};
|
||||
age-secrets.sources = [ ./. ];
|
||||
};
|
||||
|
|
|
|||
49
modules/nixos/systemd-notify.nix
Normal file
49
modules/nixos/systemd-notify.nix
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
||||
#
|
||||
# SPDX-License-Identifier: EUPL-1.2
|
||||
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (lib)
|
||||
getExe
|
||||
mapAttrs'
|
||||
mapAttrsToList
|
||||
mkOption
|
||||
mkForce
|
||||
nameValuePair
|
||||
;
|
||||
inherit (lib.types) attrsOf package submodule;
|
||||
|
||||
cfg = config.services.systemd-notify;
|
||||
in
|
||||
|
||||
{
|
||||
options.services.systemd-notify = mkOption {
|
||||
type = attrsOf package;
|
||||
description = ''
|
||||
Commands to execute when a systemd unit fails.
|
||||
Attrs keys will be the unit name and attrs value is the command that
|
||||
will be run with the name of the failed unit as an argument.
|
||||
'';
|
||||
default = { };
|
||||
};
|
||||
|
||||
options.systemd.services = mkOption {
|
||||
type = attrsOf (submodule {
|
||||
config.onFailure = mapAttrsToList (name: _: "${name}@%n.service") cfg;
|
||||
});
|
||||
};
|
||||
|
||||
config.systemd.services = mapAttrs' (
|
||||
name: script:
|
||||
nameValuePair "${name}@" {
|
||||
description = "Run ${name} script on service failures.";
|
||||
onFailure = mkForce [ ]; # Avoid recursive failures
|
||||
serviceConfig = {
|
||||
ExecStart = "${getExe script} %i";
|
||||
Type = "oneshot";
|
||||
};
|
||||
}
|
||||
) cfg;
|
||||
}
|
||||
|
|
@ -18,11 +18,6 @@ with {
|
|||
|
||||
lix = [
|
||||
(local ./lix/01-disable-installChecks.patch)
|
||||
(local ./lix/02-fetchGit-locked.patch)
|
||||
];
|
||||
|
||||
lon = [
|
||||
(local ./lon/01-npins-import.patch)
|
||||
];
|
||||
|
||||
"nixos-25.05" = [
|
||||
|
|
@ -54,14 +49,14 @@ with {
|
|||
(local ./nixpkgs/05-netbird-relay.patch)
|
||||
|
||||
# netbird-dashboard: 2.9.0 -> 2.12.0
|
||||
(npr 403844 "sha256-oQUc/UEvWOdZ5IyemnZeFS5dVysblqdV9fm6t790Kms=")
|
||||
(local ./nixpkgs/06-netbird-dashboard.patch)
|
||||
];
|
||||
|
||||
"agenix" = [
|
||||
{
|
||||
_type = "url";
|
||||
url = "https://github.com/ryantm/agenix/commit/48b60f7c1c7023af52212555bdb6d07472402863.patch";
|
||||
hash = "sha256-e45hiHF0HbCYb+3RRhy+8nNIFvefb6SZSN3xcl1mpvI=";
|
||||
url = "https://github.com/ryantm/agenix/commit/0a2bcfb77b1d89764b1c654b44b781b110038d0f.patch";
|
||||
hash = "sha256-dO7Lvf2mdCIN6MjNcE+OS7ibaSunJ84Krqlk8ywMtwo=";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,86 +0,0 @@
|
|||
diff --git i/lix/libexpr/primops/fetchTree.cc w/lix/libexpr/primops/fetchTree.cc
|
||||
index 93b08ecc9..6d04ce24b 100644
|
||||
--- i/lix/libexpr/primops/fetchTree.cc
|
||||
+++ w/lix/libexpr/primops/fetchTree.cc
|
||||
@@ -168,6 +168,11 @@ static void fetchTree(
|
||||
"attribute 'name' isn’t supported in call to 'fetchTree'"
|
||||
).atPos(pos).debugThrow();
|
||||
|
||||
+ // HACK: When using `fetchGit`, locking with only the hash should happen
|
||||
+ // as we don't care about flake hallucinations about `lastModified`
|
||||
+ if (type == "git" && attrs.contains("narHash"))
|
||||
+ attrs["type"] = "git-locked";
|
||||
+
|
||||
input = fetchers::Input::fromAttrs(std::move(attrs));
|
||||
} else {
|
||||
auto url = state.coerceToString(pos, *args[0], context,
|
||||
diff --git i/lix/libfetchers/builtin-fetchers.hh w/lix/libfetchers/builtin-fetchers.hh
|
||||
index d3be7f7f2..d1389b8ba 100644
|
||||
--- i/lix/libfetchers/builtin-fetchers.hh
|
||||
+++ w/lix/libfetchers/builtin-fetchers.hh
|
||||
@@ -10,6 +10,7 @@ std::unique_ptr<InputScheme> makePathInputScheme();
|
||||
std::unique_ptr<InputScheme> makeFileInputScheme();
|
||||
std::unique_ptr<InputScheme> makeTarballInputScheme();
|
||||
std::unique_ptr<InputScheme> makeGitInputScheme();
|
||||
+std::unique_ptr<InputScheme> makeGitLockedInputScheme();
|
||||
std::unique_ptr<InputScheme> makeMercurialInputScheme();
|
||||
std::unique_ptr<InputScheme> makeGitHubInputScheme();
|
||||
std::unique_ptr<InputScheme> makeGitLabInputScheme();
|
||||
diff --git i/lix/libfetchers/fetchers.cc w/lix/libfetchers/fetchers.cc
|
||||
index 0dc9f5e0c..91cd9332d 100644
|
||||
--- i/lix/libfetchers/fetchers.cc
|
||||
+++ w/lix/libfetchers/fetchers.cc
|
||||
@@ -22,6 +22,7 @@ void initLibFetchers()
|
||||
registerInputScheme(makeTarballInputScheme());
|
||||
registerInputScheme(makeFileInputScheme());
|
||||
registerInputScheme(makeGitInputScheme());
|
||||
+ registerInputScheme(makeGitLockedInputScheme());
|
||||
registerInputScheme(makeMercurialInputScheme());
|
||||
registerInputScheme(makeGitHubInputScheme());
|
||||
registerInputScheme(makeGitLabInputScheme());
|
||||
diff --git i/lix/libfetchers/git.cc w/lix/libfetchers/git.cc
|
||||
index 21fa1904d..f9573eacd 100644
|
||||
--- i/lix/libfetchers/git.cc
|
||||
+++ w/lix/libfetchers/git.cc
|
||||
@@ -812,4 +812,40 @@ std::unique_ptr<InputScheme> makeGitInputScheme()
|
||||
return std::make_unique<GitInputScheme>();
|
||||
}
|
||||
|
||||
+struct GitLockedInputScheme : GitInputScheme {
|
||||
+
|
||||
+ std::optional<Input> inputFromAttrs(const Attrs & attrs) const override
|
||||
+ {
|
||||
+ if (maybeGetStrAttr(attrs, "type") != "git-locked") return {};
|
||||
+
|
||||
+ for (auto & [name, value] : attrs)
|
||||
+ if (name != "type" && name != "url" && name != "ref" && name != "rev" && name != "shallow" && name != "submodules" && name != "lastModified" && name != "revCount" && name != "narHash" && name != "allRefs" && name != "name" && name != "dirtyRev" && name != "dirtyShortRev")
|
||||
+ throw Error("unsupported Git input attribute '%s'", name);
|
||||
+
|
||||
+ parseURL(getStrAttr(attrs, "url"));
|
||||
+ maybeGetBoolAttr(attrs, "shallow");
|
||||
+ maybeGetBoolAttr(attrs, "submodules");
|
||||
+ maybeGetBoolAttr(attrs, "allRefs");
|
||||
+
|
||||
+ if (auto ref = maybeGetStrAttr(attrs, "ref")) {
|
||||
+ if (std::regex_search(*ref, badGitRefRegex))
|
||||
+ throw BadURL("invalid Git branch/tag name '%s'", *ref);
|
||||
+ }
|
||||
+
|
||||
+ Input input;
|
||||
+ input.attrs = attrs;
|
||||
+ return input;
|
||||
+ }
|
||||
+
|
||||
+ bool hasAllInfo(const Input & input) const override {
|
||||
+ return true;
|
||||
+ }
|
||||
+
|
||||
+};
|
||||
+
|
||||
+std::unique_ptr<InputScheme> makeGitLockedInputScheme()
|
||||
+{
|
||||
+ return std::make_unique<GitLockedInputScheme>();
|
||||
+}
|
||||
+
|
||||
}
|
||||
|
||||
|
|
@ -1,625 +0,0 @@
|
|||
From 70877569a4ce8f5274c5e6208469c240a34993a0 Mon Sep 17 00:00:00 2001
|
||||
From: Tom Hubrecht <tom@hubrecht.ovh>
|
||||
Date: Tue, 10 Jun 2025 15:26:22 +0200
|
||||
Subject: [PATCH 1/2] sources: Find default branch when none is supplied
|
||||
|
||||
---
|
||||
rust/lon/Cargo.lock | 33 +++++++++++++++++++++++++++++++++
|
||||
rust/lon/Cargo.toml | 1 +
|
||||
rust/lon/src/cli.rs | 8 ++++----
|
||||
rust/lon/src/git.rs | 29 +++++++++++++++++++++++++++++
|
||||
rust/lon/src/init/niv.rs | 4 ++--
|
||||
rust/lon/src/sources.rs | 18 +++++++++++++++---
|
||||
6 files changed, 84 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/rust/lon/Cargo.lock b/rust/lon/Cargo.lock
|
||||
index 62f6176..b9e7944 100644
|
||||
--- a/rust/lon/Cargo.lock
|
||||
+++ b/rust/lon/Cargo.lock
|
||||
@@ -17,6 +17,15 @@ version = "2.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627"
|
||||
|
||||
+[[package]]
|
||||
+name = "aho-corasick"
|
||||
+version = "1.1.3"
|
||||
+source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
+checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
|
||||
+dependencies = [
|
||||
+ "memchr",
|
||||
+]
|
||||
+
|
||||
[[package]]
|
||||
name = "android-tzdata"
|
||||
version = "0.1.1"
|
||||
@@ -847,6 +856,7 @@ dependencies = [
|
||||
"expect-test",
|
||||
"indoc",
|
||||
"log",
|
||||
+ "regex",
|
||||
"reqwest",
|
||||
"serde",
|
||||
"serde_json",
|
||||
@@ -1073,11 +1083,34 @@ dependencies = [
|
||||
"getrandom 0.3.2",
|
||||
]
|
||||
|
||||
+[[package]]
|
||||
+name = "regex"
|
||||
+version = "1.11.1"
|
||||
+source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
+checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
|
||||
+dependencies = [
|
||||
+ "aho-corasick",
|
||||
+ "memchr",
|
||||
+ "regex-automata",
|
||||
+ "regex-syntax",
|
||||
+]
|
||||
+
|
||||
[[package]]
|
||||
name = "regex-automata"
|
||||
version = "0.4.9"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
|
||||
+dependencies = [
|
||||
+ "aho-corasick",
|
||||
+ "memchr",
|
||||
+ "regex-syntax",
|
||||
+]
|
||||
+
|
||||
+[[package]]
|
||||
+name = "regex-syntax"
|
||||
+version = "0.8.5"
|
||||
+source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
+checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
|
||||
|
||||
[[package]]
|
||||
name = "reqwest"
|
||||
diff --git a/rust/lon/Cargo.toml b/rust/lon/Cargo.toml
|
||||
index a60c24e..d7dd633 100644
|
||||
--- a/rust/lon/Cargo.toml
|
||||
+++ b/rust/lon/Cargo.toml
|
||||
@@ -13,6 +13,7 @@ serde_json = "1.0.140"
|
||||
sha2 = "0.10.9"
|
||||
tempfile = "3.20.0"
|
||||
reqwest = { version = "0.12", default-features = false, features = ["blocking","http2","rustls-tls","json"] }
|
||||
+regex = "1.11.1"
|
||||
|
||||
[dev-dependencies]
|
||||
expect-test = "1.5.1"
|
||||
diff --git a/rust/lon/src/cli.rs b/rust/lon/src/cli.rs
|
||||
index eb850d7..5806b1d 100644
|
||||
--- a/rust/lon/src/cli.rs
|
||||
+++ b/rust/lon/src/cli.rs
|
||||
@@ -105,7 +105,7 @@ struct AddGitArgs {
|
||||
/// URL to the repository
|
||||
url: String,
|
||||
/// Branch to track
|
||||
- branch: String,
|
||||
+ branch: Option<String>,
|
||||
/// Revision to lock
|
||||
#[arg(short, long)]
|
||||
revision: Option<String>,
|
||||
@@ -122,7 +122,7 @@ struct AddGitHubArgs {
|
||||
/// An identifier made up of {owner}/{repo}, e.g. nixos/nixpkgs
|
||||
identifier: String,
|
||||
/// Branch to track
|
||||
- branch: String,
|
||||
+ branch: Option<String>,
|
||||
/// Name of the source
|
||||
///
|
||||
/// If you do not supply this, the repository name is used as the source name.
|
||||
@@ -283,7 +283,7 @@ fn add_git(directory: impl AsRef<Path>, args: &AddGitArgs) -> Result<()> {
|
||||
|
||||
let source = GitSource::new(
|
||||
&args.url,
|
||||
- &args.branch,
|
||||
+ args.branch.as_ref(),
|
||||
args.revision.as_ref(),
|
||||
args.submodules,
|
||||
args.frozen,
|
||||
@@ -314,7 +314,7 @@ fn add_github(directory: impl AsRef<Path>, args: &AddGitHubArgs) -> Result<()> {
|
||||
let source = GitHubSource::new(
|
||||
owner,
|
||||
repo,
|
||||
- &args.branch,
|
||||
+ args.branch.as_ref(),
|
||||
args.revision.as_ref(),
|
||||
args.frozen,
|
||||
)?;
|
||||
diff --git a/rust/lon/src/git.rs b/rust/lon/src/git.rs
|
||||
index cb5b4df..381c337 100644
|
||||
--- a/rust/lon/src/git.rs
|
||||
+++ b/rust/lon/src/git.rs
|
||||
@@ -5,6 +5,7 @@ use std::{
|
||||
};
|
||||
|
||||
use anyhow::{Context, Result, bail};
|
||||
+use regex::Regex;
|
||||
use tempfile::TempDir;
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
@@ -129,6 +130,34 @@ fn find_newest_revision_for_ref(url: &str, reference: &str) -> Result<Revision>
|
||||
Ok(Revision(references.remove(0).revision))
|
||||
}
|
||||
|
||||
+/// Find the default branch for a git repository
|
||||
+pub fn find_default_branch(url: &str) -> Result<String> {
|
||||
+ let output = Command::new("git")
|
||||
+ .arg("ls-remote")
|
||||
+ .args(["--symref", url, "HEAD"])
|
||||
+ .output()
|
||||
+ .context("Failed to execute git ls-remote. Most likely it's not on PATH")?;
|
||||
+
|
||||
+ if !output.status.success() {
|
||||
+ bail!(
|
||||
+ "Failed to find the default branch for {}\n{}",
|
||||
+ url,
|
||||
+ String::from_utf8_lossy(&output.stderr)
|
||||
+ )
|
||||
+ }
|
||||
+
|
||||
+ let re = Regex::new(r"ref:.*refs/heads/(?<branch>.*)\tHEAD")?;
|
||||
+
|
||||
+ let Some(branch) = String::from_utf8_lossy(&output.stdout)
|
||||
+ .lines()
|
||||
+ .find_map(|x| re.captures(x).map(|matched| matched["branch"].into()))
|
||||
+ else {
|
||||
+ bail!("Failed to find the default branch for {url}",)
|
||||
+ };
|
||||
+
|
||||
+ Ok(branch)
|
||||
+}
|
||||
+
|
||||
/// Call `git ls-remote` with the provided args.
|
||||
fn ls_remote(args: &[&str]) -> Result<Vec<RemoteInfo>> {
|
||||
let output = Command::new("git")
|
||||
diff --git a/rust/lon/src/init/niv.rs b/rust/lon/src/init/niv.rs
|
||||
index 469fdc7..8d41670 100644
|
||||
--- a/rust/lon/src/init/niv.rs
|
||||
+++ b/rust/lon/src/init/niv.rs
|
||||
@@ -42,7 +42,7 @@ impl Convertible for LockFile {
|
||||
let source = GitHubSource::new(
|
||||
owner,
|
||||
&package.repo,
|
||||
- &package.branch,
|
||||
+ Some(&package.branch),
|
||||
Some(&package.rev),
|
||||
false,
|
||||
)?;
|
||||
@@ -51,7 +51,7 @@ impl Convertible for LockFile {
|
||||
} else {
|
||||
let source = GitSource::new(
|
||||
&package.repo,
|
||||
- &package.branch,
|
||||
+ Some(&package.branch),
|
||||
Some(&package.rev),
|
||||
false,
|
||||
false,
|
||||
diff --git a/rust/lon/src/sources.rs b/rust/lon/src/sources.rs
|
||||
index 92d8c2b..78bdbdb 100644
|
||||
--- a/rust/lon/src/sources.rs
|
||||
+++ b/rust/lon/src/sources.rs
|
||||
@@ -170,11 +170,16 @@ pub struct GitSource {
|
||||
impl GitSource {
|
||||
pub fn new(
|
||||
url: &str,
|
||||
- branch: &str,
|
||||
+ branch: Option<&String>,
|
||||
revision: Option<&String>,
|
||||
submodules: bool,
|
||||
frozen: bool,
|
||||
) -> Result<Self> {
|
||||
+ let branch = match branch {
|
||||
+ Some(branch) => branch,
|
||||
+ None => &git::find_default_branch(url)?,
|
||||
+ };
|
||||
+
|
||||
let rev = match revision {
|
||||
Some(rev) => rev,
|
||||
None => &git::find_newest_revision(url, branch)?.to_string(),
|
||||
@@ -283,13 +288,20 @@ impl GitHubSource {
|
||||
pub fn new(
|
||||
owner: &str,
|
||||
repo: &str,
|
||||
- branch: &str,
|
||||
+ branch: Option<&String>,
|
||||
revision: Option<&String>,
|
||||
frozen: bool,
|
||||
) -> Result<Self> {
|
||||
+ let repo_url = &Self::git_url(owner, repo);
|
||||
+
|
||||
+ let branch = match branch {
|
||||
+ Some(branch) => branch,
|
||||
+ None => &git::find_default_branch(repo_url)?,
|
||||
+ };
|
||||
+
|
||||
let rev = match revision {
|
||||
Some(rev) => rev,
|
||||
- None => &git::find_newest_revision(&Self::git_url(owner, repo), branch)?.to_string(),
|
||||
+ None => &git::find_newest_revision(repo_url, branch)?.to_string(),
|
||||
};
|
||||
log::info!("Locked revision: {rev}");
|
||||
|
||||
|
||||
From eee3871a246605a7ab60714bb193846160ac8e64 Mon Sep 17 00:00:00 2001
|
||||
From: Tom Hubrecht <tom@hubrecht.ovh>
|
||||
Date: Tue, 10 Jun 2025 17:25:52 +0200
|
||||
Subject: [PATCH 2/2] cli: init from npins
|
||||
|
||||
We convert three types of pins: `Git`, `GitRelease` and `Channel`
|
||||
---
|
||||
rust/lon/src/cli.rs | 13 ++-
|
||||
rust/lon/src/init.rs | 1 +
|
||||
rust/lon/src/init/npins.rs | 218 +++++++++++++++++++++++++++++++++++++
|
||||
rust/lon/tests/npins.json | 86 +++++++++++++++
|
||||
4 files changed, 312 insertions(+), 6 deletions(-)
|
||||
create mode 100644 rust/lon/src/init/npins.rs
|
||||
create mode 100644 rust/lon/tests/npins.json
|
||||
|
||||
diff --git a/rust/lon/src/cli.rs b/rust/lon/src/cli.rs
|
||||
index 5806b1d..57dcc50 100644
|
||||
--- a/rust/lon/src/cli.rs
|
||||
+++ b/rust/lon/src/cli.rs
|
||||
@@ -11,7 +11,7 @@ use crate::{
|
||||
bot::{Forge, Forgejo, GitHub, GitLab},
|
||||
commit_message::CommitMessage,
|
||||
git,
|
||||
- init::{Convertible, niv},
|
||||
+ init::{Convertible, niv, npins},
|
||||
lock::Lock,
|
||||
lon_nix::LonNix,
|
||||
sources::{GitHubSource, GitSource, Source, Sources},
|
||||
@@ -82,6 +82,7 @@ struct InitArgs {
|
||||
#[derive(Clone, ValueEnum)]
|
||||
enum LockFileType {
|
||||
Niv,
|
||||
+ Npins,
|
||||
}
|
||||
|
||||
#[derive(Subcommand)]
|
||||
@@ -261,13 +262,13 @@ fn init(directory: impl AsRef<Path>, args: &InitArgs) -> Result<()> {
|
||||
bail!("No lock file type is provided");
|
||||
};
|
||||
|
||||
- let lock_file = match lock_file_type {
|
||||
- LockFileType::Niv => niv::LockFile::from_file(path)?,
|
||||
- };
|
||||
-
|
||||
log::info!("Initializing lon.lock from {path:?}");
|
||||
|
||||
- let sources = lock_file.convert()?;
|
||||
+ let sources = match lock_file_type {
|
||||
+ LockFileType::Niv => niv::LockFile::from_file(path)?.convert()?,
|
||||
+ LockFileType::Npins => npins::LockFile::from_file(path)?.convert()?,
|
||||
+ };
|
||||
+
|
||||
sources.write(&directory)?;
|
||||
|
||||
Ok(())
|
||||
diff --git a/rust/lon/src/init.rs b/rust/lon/src/init.rs
|
||||
index ec87afa..06e63f2 100644
|
||||
--- a/rust/lon/src/init.rs
|
||||
+++ b/rust/lon/src/init.rs
|
||||
@@ -1,4 +1,5 @@
|
||||
pub mod niv;
|
||||
+pub mod npins;
|
||||
|
||||
use anyhow::Result;
|
||||
|
||||
diff --git a/rust/lon/src/init/npins.rs b/rust/lon/src/init/npins.rs
|
||||
new file mode 100644
|
||||
index 0000000..8a38139
|
||||
--- /dev/null
|
||||
+++ b/rust/lon/src/init/npins.rs
|
||||
@@ -0,0 +1,218 @@
|
||||
+use std::{collections::BTreeMap, fs::File, io::Read, path::Path};
|
||||
+
|
||||
+use anyhow::{Context, Result, bail};
|
||||
+use regex::Regex;
|
||||
+use serde::Deserialize;
|
||||
+
|
||||
+use crate::{
|
||||
+ init::Convertible,
|
||||
+ sources::{GitHubSource, GitSource, Source, Sources},
|
||||
+};
|
||||
+
|
||||
+#[derive(Debug, Deserialize)]
|
||||
+pub struct LockFile {
|
||||
+ pins: BTreeMap<String, Pin>,
|
||||
+ version: u64,
|
||||
+}
|
||||
+
|
||||
+#[derive(Debug, Deserialize)]
|
||||
+#[serde(tag = "type")]
|
||||
+pub enum Repository {
|
||||
+ Git {
|
||||
+ /// URL to the Git repository
|
||||
+ url: String,
|
||||
+ },
|
||||
+ Forgejo {
|
||||
+ server: String,
|
||||
+ owner: String,
|
||||
+ repo: String,
|
||||
+ },
|
||||
+ GitHub {
|
||||
+ /// "owner/repo"
|
||||
+ owner: String,
|
||||
+ repo: String,
|
||||
+ },
|
||||
+ GitLab {
|
||||
+ /// usually "owner/repo" or "group/owner/repo" (without leading or trailing slashes)
|
||||
+ repo_path: String,
|
||||
+ /// Of the kind <https://gitlab.example.org/>
|
||||
+ ///
|
||||
+ /// It must fit into the schema `<server>/<owner>/<repo>` to get a repository's URL.
|
||||
+ server: String,
|
||||
+ /// access token for private repositories
|
||||
+ #[serde(skip_serializing_if = "Option::is_none")]
|
||||
+ #[serde(default)]
|
||||
+ private_token: Option<String>,
|
||||
+ },
|
||||
+}
|
||||
+
|
||||
+// HACK: We know that a Git pin has a branch associated to it and GitRelease has none,
|
||||
+// but to unify the behaviour, we set them bot to `Option`s
|
||||
+#[derive(Debug, Deserialize)]
|
||||
+#[serde(tag = "type")]
|
||||
+pub enum Pin {
|
||||
+ Git {
|
||||
+ repository: Repository,
|
||||
+ branch: Option<String>,
|
||||
+ revision: String,
|
||||
+ submodules: bool,
|
||||
+ #[serde(default)]
|
||||
+ frozen: bool,
|
||||
+ },
|
||||
+ GitRelease {
|
||||
+ repository: Repository,
|
||||
+ branch: Option<String>,
|
||||
+ revision: String,
|
||||
+ submodules: bool,
|
||||
+ #[serde(default)]
|
||||
+ frozen: bool,
|
||||
+ },
|
||||
+ Channel {
|
||||
+ #[serde(rename = "name")]
|
||||
+ channel: String,
|
||||
+ url: String,
|
||||
+ #[serde(default)]
|
||||
+ frozen: bool,
|
||||
+ },
|
||||
+}
|
||||
+
|
||||
+impl LockFile {
|
||||
+ pub fn from_file(path: impl AsRef<Path>) -> Result<Self> {
|
||||
+ let file = File::open(path.as_ref())
|
||||
+ .with_context(|| format!("Failed to open {:?}", path.as_ref()))?;
|
||||
+ Self::from_reader(file)
|
||||
+ }
|
||||
+
|
||||
+ fn from_reader(rdr: impl Read) -> Result<Self> {
|
||||
+ serde_json::from_reader(rdr).context("Failed to deserialize npins lock file")
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+impl Convertible for LockFile {
|
||||
+ fn convert(&self) -> Result<Sources> {
|
||||
+ let mut sources = Sources::default();
|
||||
+
|
||||
+ if self.version == 1 {
|
||||
+ bail!("Unsupported npins lockfile version: {}", &self.version)
|
||||
+ }
|
||||
+
|
||||
+ let re = Regex::new(
|
||||
+ r"https://releases\.nixos\.org/.*\.(?<shortrev>[a-f0-9]+)/nixexprs\.tar\.xz",
|
||||
+ )?;
|
||||
+
|
||||
+ for (name, pin) in &self.pins {
|
||||
+ log::info!("Converting {name}...");
|
||||
+
|
||||
+ let source = match pin {
|
||||
+ Pin::Channel {
|
||||
+ channel,
|
||||
+ url,
|
||||
+ frozen,
|
||||
+ } => {
|
||||
+ let Some(matched) = re.captures(url) else {
|
||||
+ bail!("Cannot extract revision from the channel url: {url}")
|
||||
+ };
|
||||
+
|
||||
+ Source::GitHub(GitHubSource::new(
|
||||
+ "NixOS",
|
||||
+ "nixpkgs",
|
||||
+ Some(channel),
|
||||
+ Some(&matched["shortrev"].into()),
|
||||
+ *frozen,
|
||||
+ )?)
|
||||
+ }
|
||||
+ Pin::Git {
|
||||
+ repository,
|
||||
+ branch,
|
||||
+ revision,
|
||||
+ submodules,
|
||||
+ frozen,
|
||||
+ }
|
||||
+ | Pin::GitRelease {
|
||||
+ repository,
|
||||
+ branch,
|
||||
+ revision,
|
||||
+ submodules,
|
||||
+ frozen,
|
||||
+ } => match repository {
|
||||
+ Repository::Git { url } => Source::Git(GitSource::new(
|
||||
+ url,
|
||||
+ branch.as_ref(),
|
||||
+ Some(revision),
|
||||
+ *submodules,
|
||||
+ *frozen,
|
||||
+ )?),
|
||||
+ Repository::GitHub { owner, repo } => {
|
||||
+ if *submodules {
|
||||
+ Source::Git(GitSource::new(
|
||||
+ &format!("https://github.com/{owner}/{repo}"),
|
||||
+ branch.as_ref(),
|
||||
+ Some(revision),
|
||||
+ *submodules,
|
||||
+ *frozen,
|
||||
+ )?)
|
||||
+ } else {
|
||||
+ Source::GitHub(GitHubSource::new(
|
||||
+ owner,
|
||||
+ repo,
|
||||
+ branch.as_ref(),
|
||||
+ Some(revision),
|
||||
+ *frozen,
|
||||
+ )?)
|
||||
+ }
|
||||
+ }
|
||||
+ Repository::Forgejo {
|
||||
+ server,
|
||||
+ owner,
|
||||
+ repo,
|
||||
+ } => Source::Git(GitSource::new(
|
||||
+ &format!("{server}/{owner}/{repo}"),
|
||||
+ branch.as_ref(),
|
||||
+ Some(revision),
|
||||
+ *submodules,
|
||||
+ *frozen,
|
||||
+ )?),
|
||||
+ Repository::GitLab {
|
||||
+ repo_path,
|
||||
+ server,
|
||||
+ private_token,
|
||||
+ } => {
|
||||
+ if private_token.is_some() {
|
||||
+ log::warn!(
|
||||
+ "GitLab source {name} is configured with a PAT, which unsupported in lon"
|
||||
+ );
|
||||
+ }
|
||||
+ Source::Git(GitSource::new(
|
||||
+ &format!("{server}/{repo_path}"),
|
||||
+ branch.as_ref(),
|
||||
+ Some(revision),
|
||||
+ *submodules,
|
||||
+ *frozen,
|
||||
+ )?)
|
||||
+ }
|
||||
+ },
|
||||
+ };
|
||||
+
|
||||
+ sources.add(name, source);
|
||||
+ }
|
||||
+
|
||||
+ Ok(sources)
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+#[cfg(test)]
|
||||
+mod tests {
|
||||
+ use super::*;
|
||||
+
|
||||
+ impl LockFile {
|
||||
+ fn from_str(s: &str) -> Result<Self> {
|
||||
+ serde_json::from_str(s).context("Failed to deserialize npins lock file")
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ #[test]
|
||||
+ fn parse_npins_lock_file() -> Result<()> {
|
||||
+ LockFile::from_str(include_str!("../../tests/npins.json"))?;
|
||||
+ Ok(())
|
||||
+ }
|
||||
+}
|
||||
diff --git a/rust/lon/tests/npins.json b/rust/lon/tests/npins.json
|
||||
new file mode 100644
|
||||
index 0000000..10ce4e2
|
||||
--- /dev/null
|
||||
+++ b/rust/lon/tests/npins.json
|
||||
@@ -0,0 +1,86 @@
|
||||
+{
|
||||
+ "pins": {
|
||||
+ "agenix": {
|
||||
+ "type": "GitRelease",
|
||||
+ "repository": {
|
||||
+ "type": "GitHub",
|
||||
+ "owner": "ryantm",
|
||||
+ "repo": "agenix"
|
||||
+ },
|
||||
+ "pre_releases": false,
|
||||
+ "version_upper_bound": null,
|
||||
+ "release_prefix": null,
|
||||
+ "submodules": false,
|
||||
+ "version": "0.15.0",
|
||||
+ "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d",
|
||||
+ "url": "https://api.github.com/repos/ryantm/agenix/tarball/refs/tags/0.15.0",
|
||||
+ "hash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU="
|
||||
+ },
|
||||
+ "arkheon": {
|
||||
+ "type": "Git",
|
||||
+ "repository": {
|
||||
+ "type": "GitHub",
|
||||
+ "owner": "RaitoBezarius",
|
||||
+ "repo": "arkheon"
|
||||
+ },
|
||||
+ "branch": "main",
|
||||
+ "submodules": false,
|
||||
+ "revision": "3eea876b29217d01cf2ef03ea9fdd8779d28ad04",
|
||||
+ "url": "https://github.com/RaitoBezarius/arkheon/archive/3eea876b29217d01cf2ef03ea9fdd8779d28ad04.tar.gz",
|
||||
+ "hash": "sha256-+R6MhTXuSzNeGQiL4DQwlP5yNhmnhbf7pQWPUWgcZSM="
|
||||
+ },
|
||||
+ "colmena": {
|
||||
+ "type": "Git",
|
||||
+ "repository": {
|
||||
+ "type": "Git",
|
||||
+ "url": "https://git.dgnum.eu/DGNum/colmena"
|
||||
+ },
|
||||
+ "branch": "main",
|
||||
+ "submodules": false,
|
||||
+ "revision": "b5135dc8af1d7637b337cc2632990400221da577",
|
||||
+ "url": null,
|
||||
+ "hash": "sha256-7gg+K3PEYlN0sGPgDlmnM8zgDDIV505gNcwjFN61Qvk="
|
||||
+ },
|
||||
+ "nix-actions": {
|
||||
+ "type": "GitRelease",
|
||||
+ "repository": {
|
||||
+ "type": "Git",
|
||||
+ "url": "https://git.dgnum.eu/DGNum/nix-actions.git"
|
||||
+ },
|
||||
+ "pre_releases": false,
|
||||
+ "version_upper_bound": null,
|
||||
+ "release_prefix": null,
|
||||
+ "submodules": false,
|
||||
+ "version": "v0.5.1",
|
||||
+ "revision": "06847b3256df402da0475dccb290832ec92a9f8c",
|
||||
+ "url": null,
|
||||
+ "hash": "sha256-2xOZdKiUfcriQFKG37vY96dgCJLndhLa7cGacq8+SA8="
|
||||
+ },
|
||||
+ "nixos-25.05": {
|
||||
+ "type": "Channel",
|
||||
+ "name": "nixos-25.05",
|
||||
+ "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.803579.70c74b02eac4/nixexprs.tar.xz",
|
||||
+ "hash": "sha256-0RxtgAd4gHYPFFwICal8k8hvJBOkCeTjFkh4HsqYDbE="
|
||||
+ },
|
||||
+ "nixos-unstable": {
|
||||
+ "type": "Channel",
|
||||
+ "name": "nixos-unstable",
|
||||
+ "url": "https://releases.nixos.org/nixos/unstable/nixos-25.05pre797896.d89fc19e405c/nixexprs.tar.xz",
|
||||
+ "hash": "sha256-bFJJ/qwB3VJ0nFuVYYHJXinT4tNJ2jhXTVT6SpYiFOM="
|
||||
+ },
|
||||
+ "wp4nix": {
|
||||
+ "type": "Git",
|
||||
+ "repository": {
|
||||
+ "type": "GitLab",
|
||||
+ "repo_path": "helsinki-systems/wp4nix",
|
||||
+ "server": "https://git.helsinki.tools/"
|
||||
+ },
|
||||
+ "branch": "master",
|
||||
+ "submodules": false,
|
||||
+ "revision": "2fc9a0734168cab536e3129efa6397d6cd3ac89f",
|
||||
+ "url": "https://git.helsinki.tools/api/v4/projects/helsinki-systems%2Fwp4nix/repository/archive.tar.gz?sha=2fc9a0734168cab536e3129efa6397d6cd3ac89f",
|
||||
+ "hash": "sha256-abwqAZGsWuWqfxou8XlqedBvXsUw1/xanSgljLCJxdM="
|
||||
+ }
|
||||
+ },
|
||||
+ "version": 6
|
||||
+}
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
SPDX-FileCopyrightText: 2025 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
||||
|
||||
SPDX-License-Identifier: MIT
|
||||
34
patches/nixpkgs/06-netbird-dashboard.patch
Normal file
34
patches/nixpkgs/06-netbird-dashboard.patch
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
diff --git a/pkgs/by-name/ne/netbird-dashboard/package.nix b/pkgs/by-name/ne/netbird-dashboard/package.nix
|
||||
index 0670d3333e6bce..fcd2f4df65fce9 100644
|
||||
--- a/pkgs/by-name/ne/netbird-dashboard/package.nix
|
||||
+++ b/pkgs/by-name/ne/netbird-dashboard/package.nix
|
||||
@@ -6,16 +6,16 @@
|
||||
|
||||
buildNpmPackage rec {
|
||||
pname = "netbird-dashboard";
|
||||
- version = "2.9.0";
|
||||
+ version = "2.12.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "netbirdio";
|
||||
repo = "dashboard";
|
||||
rev = "v${version}";
|
||||
- hash = "sha256-PY/jK96FK6Y0++Ie4Yg/7GrGoLtLcgCSzXIkqySxe2M=";
|
||||
+ hash = "sha256-AZ8vrDtpVADW8NMq/MBpYd6VSMcuFzk67UXoXdPeiPk=";
|
||||
};
|
||||
|
||||
- npmDepsHash = "sha256-TELyc62l/8IaX9eL2lxRFth0AAZ4LXsV2WNzXSHRnTw=";
|
||||
+ npmDepsHash = "sha256-XNAphh1zNi4enf0Mz9TUgWyZHezTuctMPTBswKO4eW8=";
|
||||
npmFlags = [ "--legacy-peer-deps" ];
|
||||
|
||||
installPhase = ''
|
||||
@@ -30,6 +30,8 @@ buildNpmPackage rec {
|
||||
description = "NetBird Management Service Web UI Panel";
|
||||
homepage = "https://github.com/netbirdio/dashboard";
|
||||
license = licenses.bsd3;
|
||||
- maintainers = with maintainers; [ ];
|
||||
+ maintainers = with maintainers; [
|
||||
+ patrickdag
|
||||
+ ];
|
||||
};
|
||||
}
|
||||
|
|
@ -93,14 +93,12 @@ diff --git a/pkgs/by-name/ka/kanidm-provision/package.nix b/pkgs/by-name/ka/kani
|
|||
index 63d7e85ba8a8..5ebd69cb91ee 100644
|
||||
--- a/pkgs/by-name/ka/kanidm-provision/package.nix
|
||||
+++ b/pkgs/by-name/ka/kanidm-provision/package.nix
|
||||
@@ -14,6 +14,10 @@ rustPlatform.buildRustPackage rec {
|
||||
hash = "sha256-kwxGrLz59Zk8PSsfQzPUeA/xWQZrV1NWlS5/yuqfIyI=";
|
||||
@@ -18,4 +18,8 @@ rustPlatform.buildRustPackage rec {
|
||||
hash = "sha256-m3bF4wFPVRc2E+E/pZc3js9T4rYbTejo/FFpysytWKw=";
|
||||
};
|
||||
|
||||
+ patches = [
|
||||
+ ./01-memberless.patch
|
||||
+ ];
|
||||
+
|
||||
postPatch = ''
|
||||
tomlq -ti '.package.version = "${finalAttrs.version}"' Cargo.toml
|
||||
'';
|
||||
useFetchCargoVendor = true;
|
||||
|
|
|
|||
|
|
@ -30,7 +30,10 @@ in
|
|||
'';
|
||||
shell = "eval-nodes";
|
||||
};
|
||||
env.BUILD_NODE = node;
|
||||
env = {
|
||||
BUILD_NODE = node;
|
||||
NIX_SHOW_STATS = 1;
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "Build ${node}";
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ in
|
|||
LON_TOKEN = secret "TEA_DGNUM_CHORES_TOKEN";
|
||||
LON_USER_NAME = "DGNum [bot]";
|
||||
LON_USER_EMAIL = "admins+lon-bot@dgnum.eu";
|
||||
# LON_LABELS = "bot";
|
||||
LON_LABELS = "bot";
|
||||
LON_LIST_COMMITS = true;
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue