This commit is contained in:
Robert Hensing 2020-09-05 23:00:30 +02:00
parent 7609d3a88d
commit 90c2637947
6 changed files with 151 additions and 121 deletions

View file

@ -30,7 +30,8 @@
echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group
echo 'nobody:x:65534:65534:Unprivileged account do not use:/var/empty:/run/current-system/sw/bin/nologin' >>/etc/passwd echo 'nobody:x:65534:65534:Unprivileged account do not use:/var/empty:/run/current-system/sw/bin/nologin' >>/etc/passwd
echo 'nogroup:x:65534:' >>/etc/group echo 'nogroup:x:65534:' >>/etc/group
mkdir -p /run/nginx/ /var/spool/nginx/logs/ mkdir -p /var/log/nginx /run/nginx/ /var/cache/nginx
chown nginx /var/log/nginx /run/nginx/ /var/cache/nginx
${config.systemd.services.nginx.runner} ${config.systemd.services.nginx.runner}
''; '';
}; };

View file

@ -1,6 +1,6 @@
let let
sources = import ./sources.nix; sources = import ./sources.nix;
lib = import (sources."nixpkgs" + "/lib"); lib = import (sources."nixos-20.03" + "/lib");
inherit (import (sources."project.nix" + "/lib/dimension.nix") { inherit lib; }) dimension; inherit (import (sources."project.nix" + "/lib/dimension.nix") { inherit lib; }) dimension;
in in
@ -24,10 +24,10 @@ dimension "Nixpkgs version" {
isReferenceNixpkgs = true; isReferenceNixpkgs = true;
enableDoc = true; enableDoc = true;
}; };
# "nixos-unstable" = { "nixos-unstable" = {
# nixpkgsSource = "nixos-unstable"; nixpkgsSource = "nixos-unstable";
# enableDoc = true; enableDoc = true;
# }; };
} ( } (
_name: { nixpkgsSource, isReferenceNixpkgs ? false, enableDoc ? true, nixosTestIsPerl ? false }: _name: { nixpkgsSource, isReferenceNixpkgs ? false, enableDoc ? true, nixosTestIsPerl ? false }:

View file

@ -1,5 +1,5 @@
{ sources ? import ./sources.nix { sources ? import ./sources.nix
, nixpkgsName ? "nixos-20.03" , nixpkgsName ? "nixos-unstable"
, nixpkgsSrc ? sources.${nixpkgsName} , nixpkgsSrc ? sources.${nixpkgsName}
, system ? builtins.currentSystem , system ? builtins.currentSystem
, nixosTestIsPerl ? false , nixosTestIsPerl ? false

View file

@ -48,7 +48,7 @@ in
haskellPkgs.ghcid haskellPkgs.ghcid
super.docker-compose super.docker-compose
self.niv self.niv
self.releaser # self.releaser
]; ];
}; };
}; };

View file

@ -5,10 +5,10 @@
"homepage": "https://github.com/nmattia/niv", "homepage": "https://github.com/nmattia/niv",
"owner": "nmattia", "owner": "nmattia",
"repo": "niv", "repo": "niv",
"rev": "98c74a80934123cb4c3bf3314567f67311eb711a", "rev": "fad2a6cbfb2e7cdebb7cb0ad2f5cc91e2c9bc06b",
"sha256": "1w8n54hapd4x9f1am33icvngkqns7m3hl9yair38yqq08ffwg0kn", "sha256": "0mghc1j0rd15spdjx81bayjqr0khc062cs25y5dcfzlxk4ynyc6m",
"type": "tarball", "type": "tarball",
"url": "https://github.com/nmattia/niv/archive/98c74a80934123cb4c3bf3314567f67311eb711a.tar.gz", "url": "https://github.com/nmattia/niv/archive/fad2a6cbfb2e7cdebb7cb0ad2f5cc91e2c9bc06b.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixos-19.03": { "nixos-19.03": {
@ -29,10 +29,10 @@
"homepage": "https://github.com/NixOS/nixpkgs", "homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs-channels", "repo": "nixpkgs-channels",
"rev": "3ba0d9f75ccffd41e32cfea4046805f8bbab12f5", "rev": "289466dd6a11c65a7de4a954d6ebf66c1ad07652",
"sha256": "0w20drs4mwlq12k1sss1x8adyf5ph5jd52n8wdcgmn4sm60qjmki", "sha256": "0r5ja052s86fr54fm1zlhld3fwawz2w1d1gd6vbvpjrpjfyajibn",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs-channels/archive/3ba0d9f75ccffd41e32cfea4046805f8bbab12f5.tar.gz", "url": "https://github.com/NixOS/nixpkgs-channels/archive/289466dd6a11c65a7de4a954d6ebf66c1ad07652.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixos-20.03": { "nixos-20.03": {
@ -41,10 +41,10 @@
"homepage": "https://github.com/NixOS/nixpkgs", "homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d6e406ddaea2e690c2f9f1a283e44c3d1c588ba3", "rev": "ba0c64775b4fdb8d37b0943e8fbb6cb7a1d64094",
"sha256": "1m8gyrp8cpmnmxv3g2pv1460nz10bb88zqzvj6wmnhqkjgwwj3hm", "sha256": "0vhdyh9v16axibf879fl61mb9d5n3s0qd7c56szzcrf3nfhg5d2g",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/d6e406ddaea2e690c2f9f1a283e44c3d1c588ba3.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/ba0c64775b4fdb8d37b0943e8fbb6cb7a1d64094.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"nixos-unstable": { "nixos-unstable": {
@ -52,36 +52,24 @@
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to", "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
"homepage": "https://github.com/NixOS/nixpkgs", "homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs-channels", "repo": "nixpkgs",
"rev": "a2e06fc3423c4be53181b15c28dfbe0bcf67dd73", "rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
"sha256": "0bjx4iq6nyhj47q5zkqsbfgng445xwprrslj1xrv56142jn8n5r9", "sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs-channels/archive/a2e06fc3423c4be53181b15c28dfbe0bcf67dd73.tar.gz", "url": "https://github.com/NixOS/nixpkgs/archive/c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
"version": "" "version": ""
}, },
"nixpkgs": {
"branch": "nixos-20.03",
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
"homepage": "https://github.com/NixOS/nixpkgs",
"owner": "NixOS",
"repo": "nixpkgs-channels",
"rev": "99a3d7a86fce9e9c9f23b3e304d7d2b1270a12b8",
"sha256": "0i40cl3n6600z2lkwrpiy28dcnv2r63fcgfswj91aaf1xfn2chql",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs-channels/archive/99a3d7a86fce9e9c9f23b3e304d7d2b1270a12b8.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"project.nix": { "project.nix": {
"branch": "master", "branch": "master",
"description": "A configuration manager for your projects", "description": "A configuration manager for your projects",
"homepage": null, "homepage": null,
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "project.nix", "repo": "project.nix",
"rev": "95f26b1cca0414f080172721ab7996ab65b8d968", "rev": "2e598501e7fda6993d2a1a281aa296b26d01e10c",
"sha256": "1fbpvidq3bdvinxdkk2vvvfjhxmbf45hgy2sgv2pbml4zrckbfdj", "sha256": "1rkzpzxpg69px6qwchdlg4xf5irv0snrzk2l6vrs9rsx48gqax9j",
"type": "tarball", "type": "tarball",
"url": "https://github.com/hercules-ci/project.nix/archive/95f26b1cca0414f080172721ab7996ab65b8d968.tar.gz", "url": "https://github.com/hercules-ci/project.nix/archive/2e598501e7fda6993d2a1a281aa296b26d01e10c.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}, },
"releaser": { "releaser": {
@ -90,10 +78,10 @@
"homepage": null, "homepage": null,
"owner": "domenkozar", "owner": "domenkozar",
"repo": "releaser", "repo": "releaser",
"rev": "0be40041273bd93891dd2be300d1f21f9e9a121b", "rev": "52a2bb0b2ce0bc15d4e7b11d8761a28d82c0c083",
"sha256": "0ckgcliyi37hvpfp40nmk6r0q5irinkc2cpqs0l85z2a7si66hzh", "sha256": "178lv0a0qxd8six0rm83j7wjwlsad1hysdrk4mb38fagbb8csagb",
"type": "tarball", "type": "tarball",
"url": "https://github.com/domenkozar/releaser/archive/0be40041273bd93891dd2be300d1f21f9e9a121b.tar.gz", "url": "https://github.com/domenkozar/releaser/archive/52a2bb0b2ce0bc15d4e7b11d8761a28d82c0c083.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
} }
} }

View file

@ -1,93 +1,134 @@
# This file has been generated by Niv. # This file has been generated by Niv.
# A record, from name to path, of the third-party packages let
with rec
{
pkgs =
if hasNixpkgsPath
then
if hasThisAsNixpkgsPath
then import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}
else import <nixpkgs> {}
else
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {};
sources_nixpkgs = #
if builtins.hasAttr "nixpkgs" sources # The fetchers. fetch_<type> fetches specs of type <type>.
then sources.nixpkgs #
else abort
'' fetch_file = pkgs: spec:
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or if spec.builtin or true then
add a package called "nixpkgs" to your sources.json. builtins_fetchurl { inherit (spec) url sha256; }
''; else
pkgs.fetchurl { inherit (spec) url sha256; };
fetch_tarball = pkgs: spec:
if spec.builtin or true then
builtins_fetchTarball { inherit (spec) url sha256; }
else
pkgs.fetchzip { inherit (spec) url sha256; };
fetch_git = spec:
builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; };
fetch_builtin-tarball = spec:
builtins.trace
''
WARNING:
The niv type "builtin-tarball" will soon be deprecated. You should
instead use `builtin = true`.
$ niv modify <package> -a type=tarball -a builtin=true
''
builtins_fetchTarball { inherit (spec) url sha256; };
fetch_builtin-url = spec:
builtins.trace
''
WARNING:
The niv type "builtin-url" will soon be deprecated. You should
instead use `builtin = true`.
$ niv modify <package> -a type=file -a builtin=true
''
(builtins_fetchurl { inherit (spec) url sha256; });
#
# Various helpers
#
# The set of packages used when specs are fetched using non-builtins.
mkPkgs = sources:
let
sourcesNixpkgs =
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {};
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
in
if builtins.hasAttr "nixpkgs" sources
then sourcesNixpkgs
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
import <nixpkgs> {}
else
abort
''
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
add a package called "nixpkgs" to your sources.json.
'';
# The actual fetching function.
fetch = pkgs: name: spec:
if ! builtins.hasAttr "type" spec then
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
else if spec.type == "file" then fetch_file pkgs spec
else if spec.type == "tarball" then fetch_tarball pkgs spec
else if spec.type == "git" then fetch_git spec
else if spec.type == "builtin-tarball" then fetch_builtin-tarball spec
else if spec.type == "builtin-url" then fetch_builtin-url spec
else
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
# Ports of functions for older nix versions
# a Nix version of mapAttrs if the built-in doesn't exist
mapAttrs = builtins.mapAttrs or (
f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
);
# fetchTarball version that is compatible between all the versions of Nix # fetchTarball version that is compatible between all the versions of Nix
builtins_fetchTarball = builtins_fetchTarball = { url, sha256 }@attrs:
{ url, sha256 }@attrs: let
let inherit (builtins) lessThan nixVersion fetchTarball;
inherit (builtins) lessThan nixVersion fetchTarball; in
in if lessThan nixVersion "1.12" then
if lessThan nixVersion "1.12" then fetchTarball { inherit url; }
fetchTarball { inherit url; } else
else fetchTarball attrs;
fetchTarball attrs;
# fetchurl version that is compatible between all the versions of Nix # fetchurl version that is compatible between all the versions of Nix
builtins_fetchurl = builtins_fetchurl = { url, sha256 }@attrs:
{ url, sha256 }@attrs: let
let inherit (builtins) lessThan nixVersion fetchurl;
inherit (builtins) lessThan nixVersion fetchurl; in
in if lessThan nixVersion "1.12" then
if lessThan nixVersion "1.12" then fetchurl { inherit url; }
fetchurl { inherit url; } else
fetchurl attrs;
# Create the final "sources" from the config
mkSources = config:
mapAttrs (
name: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else else
fetchurl attrs; spec // { outPath = fetch config.pkgs name spec; }
) config.sources;
# A wrapper around pkgs.fetchzip that has inspectable arguments, # The "config" used by the fetchers
# annoyingly this means we have to specify them mkConfig =
fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs; { sourcesFile ? ./sources.json
, sources ? builtins.fromJSON (builtins.readFile sourcesFile)
, pkgs ? mkPkgs sources
}: rec {
# The sources, i.e. the attribute set of spec name to spec
inherit sources;
# A wrapper around pkgs.fetchurl that has inspectable arguments, # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
# annoyingly this means we have to specify them inherit pkgs;
fetchurl = { url, sha256 }@attrs: pkgs.fetchurl attrs;
hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success;
hasThisAsNixpkgsPath =
(builtins.tryEval <nixpkgs>).success && <nixpkgs> == ./.;
sources = builtins.fromJSON (builtins.readFile ./sources.json);
mapAttrs = builtins.mapAttrs or
(f: set: with builtins;
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)));
# borrowed from nixpkgs
functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
callFunctionWith = autoArgs: f: args:
let auto = builtins.intersectAttrs (functionArgs f) autoArgs;
in f (auto // args);
getFetcher = spec:
let fetcherName =
if builtins.hasAttr "type" spec
then builtins.getAttr "type" spec
else "builtin-tarball";
in builtins.getAttr fetcherName {
"tarball" = fetchzip;
"builtin-tarball" = builtins_fetchTarball;
"file" = fetchurl;
"builtin-url" = builtins_fetchurl;
}; };
}; in
# NOTE: spec must _not_ have an "outPath" attribute mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
mapAttrs (_: spec:
if builtins.hasAttr "outPath" spec
then abort
"The values in sources.json should not have an 'outPath' attribute"
else
if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec
then
spec //
{ outPath = callFunctionWith spec (getFetcher spec) { }; }
else spec
) sources