Skip to content

flake: add private inputs & defer locking #164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nrdxp wants to merge 3 commits into
base: master
Choose a base branch
from
Open

flake: add private inputs & defer locking #164

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8a32471
flake: remove lock file
nrdxp Aug 26, 2022
26d01ff
flake: add `nixConfig` section
nrdxp Jul 10, 2022
a56fa09
add concept of private flake inputs
nrdxp Aug 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .envrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@
[ -f .envrc.local ] && source_env .envrc.local
DEVSHELL_TARGET=${DEVSHELL_TARGET:-default}

. "$(nix eval .#__std.direnv_lib)"
. "$(nix eval --no-write-lock-file --no-update-lock-file .#__std.direnv_lib)"
use std nix "//automation/devshells:${DEVSHELL_TARGET}"
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
.std

# nixos/nix
flake.lock
Copy link
Contributor

@gytis-ivaskevicius gytis-ivaskevicius Aug 29, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, this does not do much. nix by default force adds the lock file

result*

# cargo
Expand Down
81 changes: 34 additions & 47 deletions flake.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,61 +1,37 @@
{
description = "Flake containing Bitte clusters";
inputs.std.url = "github:divnix/std";
# 21.11 doesn't yet fullfill all contracts that std consumes
# inputs.std.inputs.nixpkgs.follows = "nixpkgs";
inputs.n2c.url = "github:nlewo/nix2container";
inputs.data-merge.url = "github:divnix/data-merge";
inputs.capsules.url = "github:input-output-hk/devshell-capsules";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11";
nixpkgs-docker.url = "github:nixos/nixpkgs/ff691ed9ba21528c1b4e034f36a04027e4522c58";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";

nix.url = "github:nixos/nix/2.8.1";
agenix.url = "github:ryantm/agenix";
agenix-cli.url = "github:cole-h/agenix-cli";
ragenix.url = "github:yaxitech/ragenix";
deploy.url = "github:input-output-hk/deploy-rs";

terranix.url = "github:terranix/terranix";
terranix.inputs.nixpkgs.follows = "blank";

utils.url = "github:numtide/flake-utils";
blank.url = "github:divnix/blank";

nomad-driver-nix.url = "github:input-output-hk/nomad-driver-nix";

# Vector >= 0.20.0 versions require nomad-follower watch-config format fix
nomad-follower.url = "github:input-output-hk/nomad-follower";

fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# --- Public Inputs --------
# intended to defer locking to the consumer
inputs = {
nixpkgs.url = "nixos-21_11";
nixpkgs-unstable.url = "nixpkgs-unstable";
nix.url = "nix-2_10";

ops-lib = {
url = "github:input-output-hk/ops-lib";
url = "ops-lib";
flake = false;
};

# DEPRECATED: will be replaces by cicero soon
hydra.url = "github:kreisys/hydra/hydra-server-includes";
hydra.inputs.nix.follows = "nix";
hydra.inputs.nixpkgs.follows = "nixpkgs";
};

outputs = {
self,
hydra,
nixpkgs,
nixpkgs-unstable,
utils,
deploy,
ragenix,
nix,
fenix,
...
} @ inputs:
} @ pub: let
inherit (inputs) std utils;

priv = (import ./lib/call-flake.nix) {
type = "path";
path = ./private;
# needs to be updated any time private inputs are touched
narHash = "sha256-WpyvDOGanWmgh1bk/KF8L0SL/wkJq9oB6aswlIDtNRs=";
} {};

inputs = priv.inputs // pub;
in
inputs.std.growOn {
inherit inputs;
cellsFrom = ./nix;
Expand Down Expand Up @@ -86,10 +62,8 @@
# soil -- TODO: remove soil
(let
overlays = [
fenix.overlay
nix.overlay
hydra.overlay
deploy.overlay
inputs.hydra.overlay
# inputs.deploy.overlay
localPkgsOverlay
terraformProvidersOverlay
(_: prev: {inherit (self.packages."${prev.system}") bitte;})
Expand Down Expand Up @@ -171,4 +145,17 @@
nixosModule.imports = builtins.attrValues self.nixosModules;
devshellModule = import ./devshellModule.nix;
});

nixConfig = {
flake-registry = "https://raw.githubusercontent.com/input-output-hk/flake-registry/iog/flake-registry.json";

extra-substituters = [
"https://nix-community.cachix.org"
"https://cache.iog.io"
];
extra-trusted-public-keys = [
"hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
}
17 changes: 17 additions & 0 deletions lib/call-flake.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
let
url = "https://raw.githubusercontent.com/NixOS/nix/0c62b4ad0f80d2801a7e7caabf20cc8e50182540/src/libexpr/flake/call-flake.nix";
callFlake = import (builtins.fetchurl {
inherit url;
sha256 = "sha256:1dmi01s1g3mnvb098iik3w38fxmkwg1q1ajk7mwk83kc5z13v2r7";
});
in
# flake can either be a flake ref expressed as an attribute set or a path to source tree
flake: {
# subdir of source root containing the flake.nix
dir ? "",
}: let
src = builtins.fetchTree flake;
in
if dir == ""
then callFlake (builtins.readFile "${src}/flake.lock") src dir
else callFlake (builtins.readFile "${src}/${dir}/flake.lock") src dir
6 changes: 5 additions & 1 deletion lib/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
inherit (inputs) nixpkgs deploy;
bitte = inputs.self;
in rec {
callFlake = scopedImport {inherit (inputs) nix;} ./call-flake.nix;
terralib = import ./terralib.nix {inherit lib nixpkgs;};

warningsModule = import ./warnings.nix;
Expand All @@ -19,7 +20,10 @@ in rec {
mkBitteStack =
import ./mk-bitte-stack.nix {inherit mkCluster mkDeploy lib nixpkgs bitte;};
mkDeploy = import ./mk-deploy.nix {inherit deploy lib;};
mkSystem = import ./mk-system.nix {inherit nixpkgs bitte;};
mkSystem = import ./mk-system.nix {
inherit nixpkgs bitte;
priv = inputs;
};
mkVaultResources = kv.mkVaultResources;
mkConsulResources = kv.mkConsulResources;

Expand Down
3 changes: 2 additions & 1 deletion lib/mk-system.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
nixpkgs,
bitte,
priv,
}: {
pkgs,
# Different mkSystem service levels:
Expand All @@ -26,7 +27,7 @@
++ modules;
specialArgs = {
inherit nodeName self inputs;
inherit (bitte.inputs) terranix nomad-driver-nix nomad-follower;
inherit (priv) terranix nomad-driver-nix nomad-follower;
bittelib = bitte.lib;
inherit (bitte.lib) terralib;
};
Expand Down
1 change: 0 additions & 1 deletion nix/automation/devshells.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ in {
capsules.base
capsules.tools
capsules.integrations
capsules.hooks
];
};
cli = std.lib.mkShell {
Expand Down
1 change: 1 addition & 0 deletions overlay.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ in
rec {
nixFlakes = nixUnstable;
nixUnstable = builtins.throw "use pkgs.nix directly";
inherit (inputs.nix.packages.${prev.system}) nix;

# Packages specifically needing an unstable nixpkgs pinned latest available version
inherit
Expand Down
Loading