mirror of
https://github.com/hercules-ci/arion.git
synced 2024-11-26 10:05:39 +03:00
Update
This commit is contained in:
parent
7609d3a88d
commit
90c2637947
@ -30,7 +30,8 @@
|
|||||||
echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group
|
echo nginx:x:${toString config.users.groups.nginx.gid}:nginx >>/etc/group
|
||||||
echo 'nobody:x:65534:65534:Unprivileged account do not use:/var/empty:/run/current-system/sw/bin/nologin' >>/etc/passwd
|
echo 'nobody:x:65534:65534:Unprivileged account do not use:/var/empty:/run/current-system/sw/bin/nologin' >>/etc/passwd
|
||||||
echo 'nogroup:x:65534:' >>/etc/group
|
echo 'nogroup:x:65534:' >>/etc/group
|
||||||
mkdir -p /run/nginx/ /var/spool/nginx/logs/
|
mkdir -p /var/log/nginx /run/nginx/ /var/cache/nginx
|
||||||
|
chown nginx /var/log/nginx /run/nginx/ /var/cache/nginx
|
||||||
${config.systemd.services.nginx.runner}
|
${config.systemd.services.nginx.runner}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
10
nix/ci.nix
10
nix/ci.nix
@ -1,6 +1,6 @@
|
|||||||
let
|
let
|
||||||
sources = import ./sources.nix;
|
sources = import ./sources.nix;
|
||||||
lib = import (sources."nixpkgs" + "/lib");
|
lib = import (sources."nixos-20.03" + "/lib");
|
||||||
inherit (import (sources."project.nix" + "/lib/dimension.nix") { inherit lib; }) dimension;
|
inherit (import (sources."project.nix" + "/lib/dimension.nix") { inherit lib; }) dimension;
|
||||||
in
|
in
|
||||||
|
|
||||||
@ -24,10 +24,10 @@ dimension "Nixpkgs version" {
|
|||||||
isReferenceNixpkgs = true;
|
isReferenceNixpkgs = true;
|
||||||
enableDoc = true;
|
enableDoc = true;
|
||||||
};
|
};
|
||||||
# "nixos-unstable" = {
|
"nixos-unstable" = {
|
||||||
# nixpkgsSource = "nixos-unstable";
|
nixpkgsSource = "nixos-unstable";
|
||||||
# enableDoc = true;
|
enableDoc = true;
|
||||||
# };
|
};
|
||||||
} (
|
} (
|
||||||
_name: { nixpkgsSource, isReferenceNixpkgs ? false, enableDoc ? true, nixosTestIsPerl ? false }:
|
_name: { nixpkgsSource, isReferenceNixpkgs ? false, enableDoc ? true, nixosTestIsPerl ? false }:
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{ sources ? import ./sources.nix
|
{ sources ? import ./sources.nix
|
||||||
, nixpkgsName ? "nixos-20.03"
|
, nixpkgsName ? "nixos-unstable"
|
||||||
, nixpkgsSrc ? sources.${nixpkgsName}
|
, nixpkgsSrc ? sources.${nixpkgsName}
|
||||||
, system ? builtins.currentSystem
|
, system ? builtins.currentSystem
|
||||||
, nixosTestIsPerl ? false
|
, nixosTestIsPerl ? false
|
||||||
|
@ -48,7 +48,7 @@ in
|
|||||||
haskellPkgs.ghcid
|
haskellPkgs.ghcid
|
||||||
super.docker-compose
|
super.docker-compose
|
||||||
self.niv
|
self.niv
|
||||||
self.releaser
|
# self.releaser
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -5,10 +5,10 @@
|
|||||||
"homepage": "https://github.com/nmattia/niv",
|
"homepage": "https://github.com/nmattia/niv",
|
||||||
"owner": "nmattia",
|
"owner": "nmattia",
|
||||||
"repo": "niv",
|
"repo": "niv",
|
||||||
"rev": "98c74a80934123cb4c3bf3314567f67311eb711a",
|
"rev": "fad2a6cbfb2e7cdebb7cb0ad2f5cc91e2c9bc06b",
|
||||||
"sha256": "1w8n54hapd4x9f1am33icvngkqns7m3hl9yair38yqq08ffwg0kn",
|
"sha256": "0mghc1j0rd15spdjx81bayjqr0khc062cs25y5dcfzlxk4ynyc6m",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/nmattia/niv/archive/98c74a80934123cb4c3bf3314567f67311eb711a.tar.gz",
|
"url": "https://github.com/nmattia/niv/archive/fad2a6cbfb2e7cdebb7cb0ad2f5cc91e2c9bc06b.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixos-19.03": {
|
"nixos-19.03": {
|
||||||
@ -29,10 +29,10 @@
|
|||||||
"homepage": "https://github.com/NixOS/nixpkgs",
|
"homepage": "https://github.com/NixOS/nixpkgs",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs-channels",
|
"repo": "nixpkgs-channels",
|
||||||
"rev": "3ba0d9f75ccffd41e32cfea4046805f8bbab12f5",
|
"rev": "289466dd6a11c65a7de4a954d6ebf66c1ad07652",
|
||||||
"sha256": "0w20drs4mwlq12k1sss1x8adyf5ph5jd52n8wdcgmn4sm60qjmki",
|
"sha256": "0r5ja052s86fr54fm1zlhld3fwawz2w1d1gd6vbvpjrpjfyajibn",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs-channels/archive/3ba0d9f75ccffd41e32cfea4046805f8bbab12f5.tar.gz",
|
"url": "https://github.com/NixOS/nixpkgs-channels/archive/289466dd6a11c65a7de4a954d6ebf66c1ad07652.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixos-20.03": {
|
"nixos-20.03": {
|
||||||
@ -41,10 +41,10 @@
|
|||||||
"homepage": "https://github.com/NixOS/nixpkgs",
|
"homepage": "https://github.com/NixOS/nixpkgs",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d6e406ddaea2e690c2f9f1a283e44c3d1c588ba3",
|
"rev": "ba0c64775b4fdb8d37b0943e8fbb6cb7a1d64094",
|
||||||
"sha256": "1m8gyrp8cpmnmxv3g2pv1460nz10bb88zqzvj6wmnhqkjgwwj3hm",
|
"sha256": "0vhdyh9v16axibf879fl61mb9d5n3s0qd7c56szzcrf3nfhg5d2g",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/d6e406ddaea2e690c2f9f1a283e44c3d1c588ba3.tar.gz",
|
"url": "https://github.com/NixOS/nixpkgs/archive/ba0c64775b4fdb8d37b0943e8fbb6cb7a1d64094.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"nixos-unstable": {
|
"nixos-unstable": {
|
||||||
@ -52,36 +52,24 @@
|
|||||||
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
||||||
"homepage": "https://github.com/NixOS/nixpkgs",
|
"homepage": "https://github.com/NixOS/nixpkgs",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs-channels",
|
"repo": "nixpkgs",
|
||||||
"rev": "a2e06fc3423c4be53181b15c28dfbe0bcf67dd73",
|
"rev": "c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38",
|
||||||
"sha256": "0bjx4iq6nyhj47q5zkqsbfgng445xwprrslj1xrv56142jn8n5r9",
|
"sha256": "1ak7jqx94fjhc68xh1lh35kh3w3ndbadprrb762qgvcfb8351x8v",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs-channels/archive/a2e06fc3423c4be53181b15c28dfbe0bcf67dd73.tar.gz",
|
"url": "https://github.com/NixOS/nixpkgs/archive/c59ea8b8a0e7f927e7291c14ea6cd1bd3a16ff38.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz",
|
||||||
"version": ""
|
"version": ""
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
|
||||||
"branch": "nixos-20.03",
|
|
||||||
"description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
|
|
||||||
"homepage": "https://github.com/NixOS/nixpkgs",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs-channels",
|
|
||||||
"rev": "99a3d7a86fce9e9c9f23b3e304d7d2b1270a12b8",
|
|
||||||
"sha256": "0i40cl3n6600z2lkwrpiy28dcnv2r63fcgfswj91aaf1xfn2chql",
|
|
||||||
"type": "tarball",
|
|
||||||
"url": "https://github.com/NixOS/nixpkgs-channels/archive/99a3d7a86fce9e9c9f23b3e304d7d2b1270a12b8.tar.gz",
|
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
|
||||||
},
|
|
||||||
"project.nix": {
|
"project.nix": {
|
||||||
"branch": "master",
|
"branch": "master",
|
||||||
"description": "A configuration manager for your projects",
|
"description": "A configuration manager for your projects",
|
||||||
"homepage": null,
|
"homepage": null,
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "project.nix",
|
"repo": "project.nix",
|
||||||
"rev": "95f26b1cca0414f080172721ab7996ab65b8d968",
|
"rev": "2e598501e7fda6993d2a1a281aa296b26d01e10c",
|
||||||
"sha256": "1fbpvidq3bdvinxdkk2vvvfjhxmbf45hgy2sgv2pbml4zrckbfdj",
|
"sha256": "1rkzpzxpg69px6qwchdlg4xf5irv0snrzk2l6vrs9rsx48gqax9j",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/hercules-ci/project.nix/archive/95f26b1cca0414f080172721ab7996ab65b8d968.tar.gz",
|
"url": "https://github.com/hercules-ci/project.nix/archive/2e598501e7fda6993d2a1a281aa296b26d01e10c.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
},
|
},
|
||||||
"releaser": {
|
"releaser": {
|
||||||
@ -90,10 +78,10 @@
|
|||||||
"homepage": null,
|
"homepage": null,
|
||||||
"owner": "domenkozar",
|
"owner": "domenkozar",
|
||||||
"repo": "releaser",
|
"repo": "releaser",
|
||||||
"rev": "0be40041273bd93891dd2be300d1f21f9e9a121b",
|
"rev": "52a2bb0b2ce0bc15d4e7b11d8761a28d82c0c083",
|
||||||
"sha256": "0ckgcliyi37hvpfp40nmk6r0q5irinkc2cpqs0l85z2a7si66hzh",
|
"sha256": "178lv0a0qxd8six0rm83j7wjwlsad1hysdrk4mb38fagbb8csagb",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/domenkozar/releaser/archive/0be40041273bd93891dd2be300d1f21f9e9a121b.tar.gz",
|
"url": "https://github.com/domenkozar/releaser/archive/52a2bb0b2ce0bc15d4e7b11d8761a28d82c0c083.tar.gz",
|
||||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
205
nix/sources.nix
205
nix/sources.nix
@ -1,93 +1,134 @@
|
|||||||
# This file has been generated by Niv.
|
# This file has been generated by Niv.
|
||||||
|
|
||||||
# A record, from name to path, of the third-party packages
|
let
|
||||||
with rec
|
|
||||||
{
|
|
||||||
pkgs =
|
|
||||||
if hasNixpkgsPath
|
|
||||||
then
|
|
||||||
if hasThisAsNixpkgsPath
|
|
||||||
then import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {}
|
|
||||||
else import <nixpkgs> {}
|
|
||||||
else
|
|
||||||
import (builtins_fetchTarball { inherit (sources_nixpkgs) url sha256; }) {};
|
|
||||||
|
|
||||||
sources_nixpkgs =
|
#
|
||||||
if builtins.hasAttr "nixpkgs" sources
|
# The fetchers. fetch_<type> fetches specs of type <type>.
|
||||||
then sources.nixpkgs
|
#
|
||||||
else abort
|
|
||||||
''
|
fetch_file = pkgs: spec:
|
||||||
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
if spec.builtin or true then
|
||||||
add a package called "nixpkgs" to your sources.json.
|
builtins_fetchurl { inherit (spec) url sha256; }
|
||||||
'';
|
else
|
||||||
|
pkgs.fetchurl { inherit (spec) url sha256; };
|
||||||
|
|
||||||
|
fetch_tarball = pkgs: spec:
|
||||||
|
if spec.builtin or true then
|
||||||
|
builtins_fetchTarball { inherit (spec) url sha256; }
|
||||||
|
else
|
||||||
|
pkgs.fetchzip { inherit (spec) url sha256; };
|
||||||
|
|
||||||
|
fetch_git = spec:
|
||||||
|
builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; };
|
||||||
|
|
||||||
|
fetch_builtin-tarball = spec:
|
||||||
|
builtins.trace
|
||||||
|
''
|
||||||
|
WARNING:
|
||||||
|
The niv type "builtin-tarball" will soon be deprecated. You should
|
||||||
|
instead use `builtin = true`.
|
||||||
|
|
||||||
|
$ niv modify <package> -a type=tarball -a builtin=true
|
||||||
|
''
|
||||||
|
builtins_fetchTarball { inherit (spec) url sha256; };
|
||||||
|
|
||||||
|
fetch_builtin-url = spec:
|
||||||
|
builtins.trace
|
||||||
|
''
|
||||||
|
WARNING:
|
||||||
|
The niv type "builtin-url" will soon be deprecated. You should
|
||||||
|
instead use `builtin = true`.
|
||||||
|
|
||||||
|
$ niv modify <package> -a type=file -a builtin=true
|
||||||
|
''
|
||||||
|
(builtins_fetchurl { inherit (spec) url sha256; });
|
||||||
|
|
||||||
|
#
|
||||||
|
# Various helpers
|
||||||
|
#
|
||||||
|
|
||||||
|
# The set of packages used when specs are fetched using non-builtins.
|
||||||
|
mkPkgs = sources:
|
||||||
|
let
|
||||||
|
sourcesNixpkgs =
|
||||||
|
import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {};
|
||||||
|
hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath;
|
||||||
|
hasThisAsNixpkgsPath = <nixpkgs> == ./.;
|
||||||
|
in
|
||||||
|
if builtins.hasAttr "nixpkgs" sources
|
||||||
|
then sourcesNixpkgs
|
||||||
|
else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then
|
||||||
|
import <nixpkgs> {}
|
||||||
|
else
|
||||||
|
abort
|
||||||
|
''
|
||||||
|
Please specify either <nixpkgs> (through -I or NIX_PATH=nixpkgs=...) or
|
||||||
|
add a package called "nixpkgs" to your sources.json.
|
||||||
|
'';
|
||||||
|
|
||||||
|
# The actual fetching function.
|
||||||
|
fetch = pkgs: name: spec:
|
||||||
|
|
||||||
|
if ! builtins.hasAttr "type" spec then
|
||||||
|
abort "ERROR: niv spec ${name} does not have a 'type' attribute"
|
||||||
|
else if spec.type == "file" then fetch_file pkgs spec
|
||||||
|
else if spec.type == "tarball" then fetch_tarball pkgs spec
|
||||||
|
else if spec.type == "git" then fetch_git spec
|
||||||
|
else if spec.type == "builtin-tarball" then fetch_builtin-tarball spec
|
||||||
|
else if spec.type == "builtin-url" then fetch_builtin-url spec
|
||||||
|
else
|
||||||
|
abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}";
|
||||||
|
|
||||||
|
# Ports of functions for older nix versions
|
||||||
|
|
||||||
|
# a Nix version of mapAttrs if the built-in doesn't exist
|
||||||
|
mapAttrs = builtins.mapAttrs or (
|
||||||
|
f: set: with builtins;
|
||||||
|
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set))
|
||||||
|
);
|
||||||
|
|
||||||
# fetchTarball version that is compatible between all the versions of Nix
|
# fetchTarball version that is compatible between all the versions of Nix
|
||||||
builtins_fetchTarball =
|
builtins_fetchTarball = { url, sha256 }@attrs:
|
||||||
{ url, sha256 }@attrs:
|
let
|
||||||
let
|
inherit (builtins) lessThan nixVersion fetchTarball;
|
||||||
inherit (builtins) lessThan nixVersion fetchTarball;
|
in
|
||||||
in
|
if lessThan nixVersion "1.12" then
|
||||||
if lessThan nixVersion "1.12" then
|
fetchTarball { inherit url; }
|
||||||
fetchTarball { inherit url; }
|
else
|
||||||
else
|
fetchTarball attrs;
|
||||||
fetchTarball attrs;
|
|
||||||
|
|
||||||
# fetchurl version that is compatible between all the versions of Nix
|
# fetchurl version that is compatible between all the versions of Nix
|
||||||
builtins_fetchurl =
|
builtins_fetchurl = { url, sha256 }@attrs:
|
||||||
{ url, sha256 }@attrs:
|
let
|
||||||
let
|
inherit (builtins) lessThan nixVersion fetchurl;
|
||||||
inherit (builtins) lessThan nixVersion fetchurl;
|
in
|
||||||
in
|
if lessThan nixVersion "1.12" then
|
||||||
if lessThan nixVersion "1.12" then
|
fetchurl { inherit url; }
|
||||||
fetchurl { inherit url; }
|
else
|
||||||
|
fetchurl attrs;
|
||||||
|
|
||||||
|
# Create the final "sources" from the config
|
||||||
|
mkSources = config:
|
||||||
|
mapAttrs (
|
||||||
|
name: spec:
|
||||||
|
if builtins.hasAttr "outPath" spec
|
||||||
|
then abort
|
||||||
|
"The values in sources.json should not have an 'outPath' attribute"
|
||||||
else
|
else
|
||||||
fetchurl attrs;
|
spec // { outPath = fetch config.pkgs name spec; }
|
||||||
|
) config.sources;
|
||||||
|
|
||||||
# A wrapper around pkgs.fetchzip that has inspectable arguments,
|
# The "config" used by the fetchers
|
||||||
# annoyingly this means we have to specify them
|
mkConfig =
|
||||||
fetchzip = { url, sha256 }@attrs: pkgs.fetchzip attrs;
|
{ sourcesFile ? ./sources.json
|
||||||
|
, sources ? builtins.fromJSON (builtins.readFile sourcesFile)
|
||||||
|
, pkgs ? mkPkgs sources
|
||||||
|
}: rec {
|
||||||
|
# The sources, i.e. the attribute set of spec name to spec
|
||||||
|
inherit sources;
|
||||||
|
|
||||||
# A wrapper around pkgs.fetchurl that has inspectable arguments,
|
# The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers
|
||||||
# annoyingly this means we have to specify them
|
inherit pkgs;
|
||||||
fetchurl = { url, sha256 }@attrs: pkgs.fetchurl attrs;
|
|
||||||
|
|
||||||
hasNixpkgsPath = (builtins.tryEval <nixpkgs>).success;
|
|
||||||
hasThisAsNixpkgsPath =
|
|
||||||
(builtins.tryEval <nixpkgs>).success && <nixpkgs> == ./.;
|
|
||||||
|
|
||||||
sources = builtins.fromJSON (builtins.readFile ./sources.json);
|
|
||||||
|
|
||||||
mapAttrs = builtins.mapAttrs or
|
|
||||||
(f: set: with builtins;
|
|
||||||
listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)));
|
|
||||||
|
|
||||||
# borrowed from nixpkgs
|
|
||||||
functionArgs = f: f.__functionArgs or (builtins.functionArgs f);
|
|
||||||
callFunctionWith = autoArgs: f: args:
|
|
||||||
let auto = builtins.intersectAttrs (functionArgs f) autoArgs;
|
|
||||||
in f (auto // args);
|
|
||||||
|
|
||||||
getFetcher = spec:
|
|
||||||
let fetcherName =
|
|
||||||
if builtins.hasAttr "type" spec
|
|
||||||
then builtins.getAttr "type" spec
|
|
||||||
else "builtin-tarball";
|
|
||||||
in builtins.getAttr fetcherName {
|
|
||||||
"tarball" = fetchzip;
|
|
||||||
"builtin-tarball" = builtins_fetchTarball;
|
|
||||||
"file" = fetchurl;
|
|
||||||
"builtin-url" = builtins_fetchurl;
|
|
||||||
};
|
};
|
||||||
};
|
in
|
||||||
# NOTE: spec must _not_ have an "outPath" attribute
|
mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }
|
||||||
mapAttrs (_: spec:
|
|
||||||
if builtins.hasAttr "outPath" spec
|
|
||||||
then abort
|
|
||||||
"The values in sources.json should not have an 'outPath' attribute"
|
|
||||||
else
|
|
||||||
if builtins.hasAttr "url" spec && builtins.hasAttr "sha256" spec
|
|
||||||
then
|
|
||||||
spec //
|
|
||||||
{ outPath = callFunctionWith spec (getFetcher spec) { }; }
|
|
||||||
else spec
|
|
||||||
) sources
|
|
||||||
|
Loading…
Reference in New Issue
Block a user