SelfPrivacy
/
selfprivacy-nixos-config
6
3
Fork 6
Code Issues 17 Pull Requests 1 Projects Releases Wiki Activity

NixOS configuration restructuring #38

New Issue
Closed
opened 2023-07-15 03:52:21 +03:00 by alexoundos · 19 comments
alexoundos commented 2023-07-15 03:52:21 +03:00
Collaborator

Simplified diagram of NixOS configuration with its static and variable dependencies. Many services are omitted (in order not to clutter the diagram) and represented as "some service X.nix".
diagram2

Simplified diagram of NixOS configuration with its static and variable dependencies. Many services are omitted (in order not to clutter the diagram) and represented as "some service X.nix". ![diagram2](https://git.selfprivacy.org/attachments/c6bb9cf9-2700-4176-8127-197c4730f40d)
configuration-diagram-2023-07.png
148 KiB
configuration-diagram-2023-08.png
154 KiB
configuration-diagram-2023-07.png
🎉 1
alexoundos commented 2023-07-15 16:30:18 +03:00
Poster
Collaborator

So, the variable inputs are:

userdata.json and tokens.json are generated by selfprivacy-api , but it's not clear when exactly . Most likely we should expect that each API request may result in updated files.

So, the variable inputs are: * [nixpkgs repository](https://github.com/NixOS/nixpkgs/) * [selfprivacy overlay repository](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/src/branch/flakes) * [selfprivacy-rest-api repository](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api) (containing graphql api app) * `hardware-configuration.nix` (~~which is not clear how~~ generated by [`nixos-infect`](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect)) * `userdata.json` (which is generated by [`nixos-infect`](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect) at first and by selfprivacy-api service further) * `tokens.json` (which is generated by selfprivacy-api service) --- _`userdata.json` and `tokens.json` are generated by selfprivacy-api ~~, but it's not clear when exactly~~ . Most likely we should expect that each API request may result in updated files._
alexoundos commented 2023-08-01 16:56:00 +03:00
Poster
Collaborator

Flakes integration variant 1 (pure)

pure

In this case local flake.nix example (incomplete):

{
  description = "Selfprivacy NixOS local configuration flake";

  inputs = {
    selfprivacy-nixos-config.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git";
  };

  outputs = { self, selfprivacy-nixos-config }:
    let
      userdata = builtins.fromJSON (builtins.readFile ./userdata/userdata.json);
    in
    {
      nixosConfigurations =
        selfprivacy-nixos-config.outputs.nixosConfigurations-fun userdata;
    };
}

The git work directory does not reside on the NixOS machine. But /etc/nixos/flake.nix (and eventually /etc/nixos/flake.lock) does reside.

Commands to run on NixOS machine:

# cd /etc/nixos
# nixos-rebuild build --flake .#just-nixos

Flakes integration variant 2 (impure)

impure

The git work directory resides on the NixOS machine.

Commands to run on NixOS machine:

# cd /etc/nixos
# nixos-rebuild build --impure --flake .#just-nixos
## Flakes integration variant 1 (pure) ![pure](https://git.selfprivacy.org/attachments/48e4e6ca-a31f-4e0c-8659-f4fd9351ea36) In this case local flake.nix example (incomplete): ```nix { description = "Selfprivacy NixOS local configuration flake"; inputs = { selfprivacy-nixos-config.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git"; }; outputs = { self, selfprivacy-nixos-config }: let userdata = builtins.fromJSON (builtins.readFile ./userdata/userdata.json); in { nixosConfigurations = selfprivacy-nixos-config.outputs.nixosConfigurations-fun userdata; }; } ``` The git work directory does not reside on the NixOS machine. But `/etc/nixos/flake.nix` (and eventually `/etc/nixos/flake.lock`) does reside. Commands to run on NixOS machine: ``` # cd /etc/nixos # nixos-rebuild build --flake .#just-nixos ``` ## Flakes integration variant 2 (**impure**) ![impure](https://git.selfprivacy.org/attachments/bdcc9231-cf43-4a5c-bf66-fb0a18a64bb6) The git work directory resides on the NixOS machine. Commands to run on NixOS machine: ``` # cd /etc/nixos # nixos-rebuild build --impure --flake .#just-nixos ```
configuration-inputs-outputs.png
89 KiB
configuration-inputs-outputs-impure.png
74 KiB
alexoundos commented 2023-08-03 17:26:27 +03:00
Poster
Collaborator

In the pure case custom user overlays can be placed on NixOS machine and imported the same way as hardware-configuration.nix (as an argument to a function from configuration repository).

In the pure case custom user overlays can be placed on NixOS machine and imported the same way as `hardware-configuration.nix` (as an argument to a function from configuration repository).
alexoundos commented 2023-08-23 01:37:21 +03:00
Poster
Collaborator

Flakes integration variant 3 (stateless)

Another way exists. Maybe it's the best, because allows to keep the minimum possible number of files on a NixOS machine.

configuration-inputs-outputs-override.png

This commit contains such example. Build with:

$ nixos-rebuild build --flake git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?rev=50c554e6e72b45f350af65c12e7fb19a46fc537f#just-nixos --override-input userdata-json path:userdata/userdata.json --override-input hardware-configuration-nix path:hardware-configuration.nix

assuming, that the actual userdata and hardware-configuration.nix are in your current directory.

## Flakes integration variant 3 (stateless) Another way exists. Maybe it's the best, because allows to keep the minimum possible number of files on a NixOS machine. ![configuration-inputs-outputs-override.png](/attachments/daf87218-51c7-4c2c-8c7e-d4208d8f2210) [This commit](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/commit/50c554e6e72b45f350af65c12e7fb19a46fc537f) contains such example. Build with: ```console $ nixos-rebuild build --flake git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?rev=50c554e6e72b45f350af65c12e7fb19a46fc537f#just-nixos --override-input userdata-json path:userdata/userdata.json --override-input hardware-configuration-nix path:hardware-configuration.nix ``` assuming, that the actual `userdata` and `hardware-configuration.nix` are in your current directory.
configuration-inputs-outputs-override.png
94 KiB
alexoundos commented 2023-09-11 01:55:31 +03:00
Poster
Collaborator

Idea for automatic upgrades:

system.autoUpgrade = {
  enable = true;
  flake = "github:stephank/gerbil-config#gerbil";
  flags = [
    "--no-write-lock-file"
    "--update-input" "nixpkgs"
  ];
};

Source: https://stephank.nl/p/2023-02-28-using-flakes-for-nixos-configs.html#using-hosted-git.

Idea for automatic upgrades: ```nix system.autoUpgrade = { enable = true; flake = "github:stephank/gerbil-config#gerbil"; flags = [ "--no-write-lock-file" "--update-input" "nixpkgs" ]; }; ``` Source: https://stephank.nl/p/2023-02-28-using-flakes-for-nixos-configs.html#using-hosted-git.
alexoundos commented 2023-09-17 22:21:24 +03:00
Poster
Collaborator

What is the current upgrade algorithm for nixpkgs input? And how is it expected to work with flakes?

What is the current upgrade algorithm for nixpkgs input? And how is it expected to work with flakes?
alexoundos commented 2023-09-26 11:10:21 +03:00
Poster
Collaborator

Current related research task -- how to determine which commit is the current running NixOS system built from?

Current related research task -- how to determine which commit is the current running NixOS system built from?
inex added this to the (deleted) project 2023-10-05 17:48:43 +03:00
inex removed this from the (deleted) project 2023-10-05 17:53:13 +03:00
inex added this to the SelfPrivacy service packaging format project 2023-10-05 17:53:14 +03:00
alexoundos commented 2023-10-06 21:52:01 +03:00
Poster
Collaborator

How to switch a NixOS machine to a configuration, stored in a remote git repository using variant №3?

Run this on a machine, where NIXOS_CONFIG_COMMIT is your desired commit sha1:

# NIXOS_CONFIG_PUBLIC_REPO="git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git"
# NIXOS_CONFIG_COMMIT="50c554e6e72b45f350af65c12e7fb19a46fc537f"
# nixos-rebuild switch --flake git+https://$NIXOS_CONFIG_PUBLIC_REPO?rev=$NIXOS_CONFIG_COMMIT#just-nixos --override-input userdata-json path:userdata/userdata.json --override-input hardware-configuration-nix path:hardware-configuration.nix

You can replace switch to test or build, etc if you need other nixos-rebuild actions.

How to get commit sha1 of the currently running NixOS configuration?

# nixos-version --json

This is planned considered, but doesn't work in conjunction with --override-input method.

### How to switch a NixOS machine to a configuration, stored in a remote git repository using variant №3? Run this on a machine, where `NIXOS_CONFIG_COMMIT` is your desired commit sha1: ```console # NIXOS_CONFIG_PUBLIC_REPO="git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git" # NIXOS_CONFIG_COMMIT="50c554e6e72b45f350af65c12e7fb19a46fc537f" # nixos-rebuild switch --flake git+https://$NIXOS_CONFIG_PUBLIC_REPO?rev=$NIXOS_CONFIG_COMMIT#just-nixos --override-input userdata-json path:userdata/userdata.json --override-input hardware-configuration-nix path:hardware-configuration.nix ``` You can replace `switch` to `test` or `build`, etc if you need other `nixos-rebuild` actions. ### How to get commit sha1 of the currently running NixOS configuration? ```console # nixos-version --json ``` _This is ~~planned~~ considered, but [doesn't work in conjunction with `--override-input`](https://github.com/NixOS/nix/pull/5385#issuecomment-1752180413) method._
alexoundos commented 2023-11-01 14:48:31 +02:00
Poster
Collaborator

configuration switching workflow using variant №1

  1. initialize a local git repository

  2. put (or update) these files:

    1. flake.nix
    2. hardware-configuration.nix
    3. userdata.json

  3. commit changes in the local git repository:
    $ git add . && git commit -m "<some changes in userdata/hardware-configuration.nix/flake.nix>"

  4. get latest config from selfprivacy git:
    $ nix flake lock --update-input selfprivacy-nixos-config --commit-lock-file

  5. # nixos-rebuild switch --flake git+file://${REPO_PATH}

Step 0 needs to be executed only during the deployment (i.e. nixos-infect).

Step 1 is mostly needed for changes in user configuration (so that we have the whole history and can provide rollbacks hermetically). Changes to flake.nix are not needed normally (exceptions are: moving or adding more user json files). Changes to hardware-configuration.nix are rare.

Step 2 is needed to fix the current state of all components required for the build. "Dirty" builds are not allowed to maintain reproducibility and traceability. So, nixos-version will return its origin git commit sha1 of the local repository:
[local git commit] => [selfprivacy-nixos-config commit] => [official nixpkgs commit]

Step 3 is meant to update (or create if missing) the flake.lock file. flake.lock file contains URLs and hashes of inputs, required for building. Hence, the configuration is fully pinned (locked) to exact software snapshots and reproducible.

Step 4 is for building and applying the configuration.

## configuration switching workflow using variant №1 0. initialize a local git repository 1. put (or update) these files: 1. `flake.nix` 2. `hardware-configuration.nix` 3. `userdata.json` 2. commit changes in the local git repository: `$ git add . && git commit -m "<some changes in userdata/hardware-configuration.nix/flake.nix>"` 3. get latest config from selfprivacy git: `$ nix flake lock --update-input selfprivacy-nixos-config --commit-lock-file` 4. `# nixos-rebuild switch --flake git+file://${REPO_PATH}` --- Step 0 needs to be executed only during the deployment (i.e. nixos-infect). Step 1 is mostly needed for changes in user configuration (so that we have the whole history and can provide rollbacks hermetically). Changes to `flake.nix` are not needed normally (exceptions are: moving or adding more user json files). Changes to `hardware-configuration.nix` are rare. Step 2 is needed to fix the current state of all components required for the build. "Dirty" builds are not allowed to maintain reproducibility and traceability. So, `nixos-version` will return its origin git commit sha1 of the local repository: `[local git commit] => [selfprivacy-nixos-config commit] => [official nixpkgs commit]` Step 3 is meant to update (or create if missing) the `flake.lock` file. `flake.lock` file contains URLs and hashes of inputs, required for building. Hence, the configuration is fully pinned (locked) to exact software snapshots and reproducible. Step 4 is for building and applying the configuration.
alexoundos commented 2023-11-06 11:27:36 +02:00
Poster
Collaborator

how to nixos-rebuild a NixOS configuration from a flake function right now

flake https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes returns a function, which cannot be built alone, hence requires userdata and hardware-configuration arguments to be passed from a local machine.

prerequisites

Nix installed (multi-user installation) with flakes enabled.

basic steps

Put on a local machine this flake.nix (along with userdata and hardware-configuration.nix):

{
  description = "SelfPrivacy NixOS configuration local flake";

  inputs.selfprivacy-nixos-config.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos
-config.git";

  outputs = { self, selfprivacy-nixos-config }: {
    # TODO embed self revision, maybe pass self as an argument
    nixosConfigurations =
      selfprivacy-nixos-config.outputs.nixosConfigurations-fun {
        userdata = builtins.fromJSON (builtins.readFile ./userdata/userdata.json);
        hardware-configuration = ./hardware-configuration.nix;
      };
  };
}

Override git branch (only because currently master branch has no flakes):

$ nix flake lock --override-input selfprivacy-nixos-config git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes

Build NixOS configuration:

$ nixos-rebuild build --flake .#just-nixos

further steps

Update selfprivacy-nixos-config input. Just run this again:

$ nix flake lock --override-input selfprivacy-nixos-config git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes

In the future nix flake lock --update-input selfprivacy-nixos-config will be enough, when flakes get merged into master branch.

Clone selfprivacy-nixos-config repository locally for rapid development build iterations:

$ cd
$ git clone gitea@git.selfprivacy.org:SelfPrivacy/selfprivacy-nixos-config.git --branch flakes
$ cd $LOCAL_FLAKE_DIR
# run the command below to build immediately from a local repository
$ nixos-rebuild build --flake .#just-nixos --override-input selfprivacy-nixos-config git+file:///data/selfprivacy/selfprivacy-nixos-config

Return back to remote SelfPrivacy repository builds:

$ nix flake lock --override-input selfprivacy-nixos-config git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes
## how to `nixos-rebuild` a NixOS configuration from a flake function right now *flake https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes returns a function, which cannot be built alone, hence requires `userdata` and `hardware-configuration` arguments to be passed from a local machine.* ### prerequisites [Nix](https://nixos.org/download.html) installed (multi-user installation) with [flakes enabled](https://nixos.wiki/wiki/Flakes#Enable_flakes). ### basic steps Put on a local machine this `flake.nix` (along with `userdata` and `hardware-configuration.nix`): ```nix { description = "SelfPrivacy NixOS configuration local flake"; inputs.selfprivacy-nixos-config.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos -config.git"; outputs = { self, selfprivacy-nixos-config }: { # TODO embed self revision, maybe pass self as an argument nixosConfigurations = selfprivacy-nixos-config.outputs.nixosConfigurations-fun { userdata = builtins.fromJSON (builtins.readFile ./userdata/userdata.json); hardware-configuration = ./hardware-configuration.nix; }; }; } ``` Override git branch (only because currently master branch has no flakes): ``` $ nix flake lock --override-input selfprivacy-nixos-config git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes ``` Build NixOS configuration: ``` $ nixos-rebuild build --flake .#just-nixos ``` ### further steps Update `selfprivacy-nixos-config` input. Just run this again: ``` $ nix flake lock --override-input selfprivacy-nixos-config git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes ``` _In the future `nix flake lock --update-input selfprivacy-nixos-config` will be enough, when flakes get merged into master branch._ Clone `selfprivacy-nixos-config` repository locally for rapid development build iterations: ```console $ cd $ git clone gitea@git.selfprivacy.org:SelfPrivacy/selfprivacy-nixos-config.git --branch flakes $ cd $LOCAL_FLAKE_DIR # run the command below to build immediately from a local repository $ nixos-rebuild build --flake .#just-nixos --override-input selfprivacy-nixos-config git+file:///data/selfprivacy/selfprivacy-nixos-config ``` Return back to remote SelfPrivacy repository builds: ``` $ nix flake lock --override-input selfprivacy-nixos-config git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git?ref=flakes ```
alexoundos commented 2023-11-08 13:39:43 +02:00
Poster
Collaborator

After today's meeting with @inex, the decision was made to use variant #1.

Benefits of the variant #1 are:

  1. have all resources to reproduce a build of each past configuration, which variable files must be either:

    • stored in a local git repository
    • embedded in the build itself (e.g. in /etc/selfprivacy-config-source)

    This means giving User an opportunity to revert any changes, go back and continue configuration from any point in time (given the system remains accessible via API, otherwise restoring from backups is needed).

  2. not letting userdata.json inside /nix/store (in case local git repository is not used)

    Although, its configuration fields are still used in the build (thus get into /nix/store in one way or another), it allows us to migrate quicker, because userdata.json must not be freed from sensitive data.

  3. potential ways to merge configuration with User supplied NixOS modules

  4. traceability of all build ingredients including a sha1 of selfprivacy-nixos-config (which is not possible when using --override-input as in variant #3)

After today's meeting with @inex, the decision was made to use variant [#1](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/issues/38#issuecomment-5230). Benefits of the variant [#1](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/issues/38#issuecomment-5230) are: 1. have all resources to reproduce a build of each past configuration, which variable files must be either: - stored in a local git repository - embedded in the build itself (e.g. in `/etc/selfprivacy-config-source`) This means giving User an opportunity to revert any changes, go back and continue configuration from any point in time _(given the system remains accessible via API, otherwise restoring from backups is needed)_. 2. not letting `userdata.json` inside /nix/store (in case local git repository is not used) Although, its configuration fields are still used in the build (thus get into /nix/store in one way or another), it allows us to migrate quicker, because `userdata.json` must not be freed from sensitive data. 3. potential ways to merge configuration with User supplied NixOS modules 4. traceability of all build ingredients including a sha1 of `selfprivacy-nixos-config` (which is not possible when using `--override-input` as in variant [#3](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/issues/38#issuecomment-3868))
alexoundos commented 2023-11-09 18:46:20 +02:00
Poster
Collaborator

SP modules (extensions/bundles/packages/etc)

SP module (preliminary naming) is a Nix attribute set or a Nix flake, containing:

  • definition of a NixOS module for a service (usually representing systemd services)
  • definitions of packages (derivation) to be merged with nixpkgs
  • JSON schema of settings, available for an end User
  • a function, which:
    • takes JSON settings
    • returns configuration attribute set to be merged with main configuration.nix
### SP modules (extensions/bundles/packages/etc) SP module (preliminary naming) is a Nix attribute set or a Nix flake, containing: - definition of a NixOS module for a service (usually representing systemd services) - definitions of packages (derivation) to be merged with nixpkgs - JSON schema of settings, available for an end User - a function, which: - takes JSON settings - returns configuration attribute set to be merged with main `configuration.nix`
alexoundos commented 2023-11-09 19:27:45 +02:00
Poster
Collaborator

SP module can be downloaded from a remote git or HTTP server location.

SP modules remote references must be specified somehow to be included in the configuration build.

If reading references from a JSON file, the builtins.readFile must be called from the top-level flake (e.g. /etc/nixos/flake.nix). Otherwise, such errors occur:

error: string './sp-modules.json' doesn't represent an absolute path

error: access to absolute path '/etc/nixos/sp-modules.json' is forbidden in pure eval mode (use '--impure' to override)
SP module can be downloaded from a remote git or HTTP server location. SP modules remote references must be specified somehow to be included in the configuration build. If reading references from a JSON file, the `builtins.readFile` must be called from the top-level flake (e.g. `/etc/nixos/flake.nix`). Otherwise, such errors occur: ```nix error: string './sp-modules.json' doesn't represent an absolute path ``` ```nix error: access to absolute path '/etc/nixos/sp-modules.json' is forbidden in pure eval mode (use '--impure' to override) ```
alexoundos commented 2023-11-09 22:15:33 +02:00
Poster
Collaborator

hub

If we maintain an SP modules hub containing many SP modules, it can be used as a a single flake input or each module can be added separately using the dir parameter, like this: git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-hub?dir=mailserver.

transitive dependencies control

If we import some Nix code it can bring lots of dependencies including its own nixpkgs (either via flake inputs or builtins.fetchTarball, etc). In case it is a flake, we can override nixpkgs with our own using the follows attribute. However, it needs to be done for each input regardless of its depth in the dependency tree:

{
  inputs.selfprivacy-nixos-config.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.gi
t";
  
  inputs.sp_moduleA.url = "...";
  inputs.sp_moduleA.inputs.nixpkgs.follows = "selfprivacy-nixos-config/nixpkgs"
  inputs.sp_moduleA.inputs.subdep.inputs.nixpkgs.follows = "selfprivacy-nixos-config/nixpkgs"
  
  inputs.sp_moduleB.url = "...";
  inputs.sp_moduleB.inputs.nixpkgs.follows = "selfprivacy-nixos-config/nixpkgs";

  ...
}

Or we can directly edit flake.lock with some scripts like these:

In case of pure imports without using flake inputs like this:

builtins.fetchTarball {
    url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6d0d9fb9/nixos-mailserver-6d0d9fb9.tar.gz";
    sha256 = "sha256:0h35al73p15z9v8zb6hi5nq987sfl5wp4rm5c8947nlzlnsjl61x";
}

there is no way to override such dependencies.

### hub If we maintain an SP modules hub containing many SP modules, it can be used as a a single flake input or each module can be added separately using the `dir` parameter, like this: `git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-hub?dir=mailserver`. ### transitive dependencies control If we import some Nix code it can bring lots of dependencies including its own nixpkgs (either via flake inputs or builtins.fetchTarball, etc). In case it is a flake, we can override nixpkgs with our own using the `follows` attribute. However, it needs to be done for each input regardless of its depth in the dependency tree: ```nix { inputs.selfprivacy-nixos-config.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.gi t"; inputs.sp_moduleA.url = "..."; inputs.sp_moduleA.inputs.nixpkgs.follows = "selfprivacy-nixos-config/nixpkgs" inputs.sp_moduleA.inputs.subdep.inputs.nixpkgs.follows = "selfprivacy-nixos-config/nixpkgs" inputs.sp_moduleB.url = "..."; inputs.sp_moduleB.inputs.nixpkgs.follows = "selfprivacy-nixos-config/nixpkgs"; ... } ``` Or we can directly edit `flake.lock` with some scripts like these: - https://codeberg.org/Uli/nix-things/src/branch/main/replace-locks - https://github.com/msteen/nix-flake-override (adds `follows` to all mutual dependencies) In case of pure imports without using flake inputs like this: ```nix builtins.fetchTarball { url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6d0d9fb9/nixos-mailserver-6d0d9fb9.tar.gz"; sha256 = "sha256:0h35al73p15z9v8zb6hi5nq987sfl5wp4rm5c8947nlzlnsjl61x"; } ``` there is no way to override such dependencies.
alexoundos self-assigned this 2023-11-10 02:16:23 +02:00
alexoundos commented 2023-11-10 02:57:57 +02:00
Poster
Collaborator

Nix flakes have not yet established a way to define an output schema definition. But it seems we do not depend on such feature. We can use any output attributes we want.

Nix flakes [have not yet established](https://discourse.nixos.org/t/flake-schemas-making-flake-outputs-extensible/32421?u=alexoundos) a way to define an [output schema definition](https://github.com/gytis-ivaskevicius/flake-utils-plus/blob/master/flake.nix). But it seems we do not depend on such feature. We can use any output attributes we want.
alexoundos commented 2023-11-10 03:22:42 +02:00
Poster
Collaborator

This article shows that configuration parts can be put right into nixosModules flake attribute and merged with original one by putting them as a list into extendModules attribute of original configuration.
This can be used for SP modules. However, adding to modules looks to be enough.
Although, we also need to pass https://nixos.wiki/wiki/Flakes documentation

[This article](https://determinate.systems/posts/extending-nixos-configurations#extending-a-flake) shows that configuration parts can be put right into `nixosModules` flake attribute and merged with original one by putting them as a list into `extendModules` attribute of original configuration. This can be used for SP modules. However, adding to `modules` looks to be enough. Although, we also need to pass https://nixos.wiki/wiki/Flakes documentation
alexoundos commented 2023-11-12 23:16:49 +02:00
Poster
Collaborator

Latest local flake configuration example with SP modules prototype: https://git.selfprivacy.org/alexoundos/selfprivacy-nixos-top-level.

Latest local flake configuration example with SP modules prototype: https://git.selfprivacy.org/alexoundos/selfprivacy-nixos-top-level.
alexoundos added reference flakes 2023-11-15 14:53:38 +02:00
alexoundos commented 2023-11-23 08:52:26 +02:00
Poster
Collaborator

Developing auto-rollback mechanism.
Developing auto-rollback mechanism.

Developing auto-rollback mechanism. ![Developing auto-rollback mechanism.](https://git.selfprivacy.org/attachments/8568676d-253f-4e58-a98e-fb098fe19439)
state-diagram.png
85 KiB
alexoundos commented 2023-11-24 14:02:53 +02:00
Poster
Collaborator

The diagram above is considered useless in case we configure auto-upgrades.
But in case a User adds a new custom SP module, it might be useful.

The diagram above is considered useless in case we configure auto-upgrades. But in case a User adds a new custom SP module, it might be useful.
inex closed this issue 2024-02-01 17:48:18 +02:00
Sign in to join this conversation.
flakes
Branches Tags
Clear current reference
inex/test-collect-garbage
flakes
inex/test-autobackup
inex/test-systemd-rebuild
master
pre-release
flake-to-override-folder
flake-to-override
systemd-limits
ldap
api-redis
pleroma-fixes
development
rolling-testing
Clear current reference
Labels
Clear labels   
Contributions welcome
   
Service packaging
   
bug

Something is not working   
duplicate

This issue or pull request already exists   
enhancement

New feature   
help wanted

Need some help   
invalid

Something is wrong   
question

More information is needed   
wontfix

This won't be fixed
No Label
Contributions welcome
Service packaging
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
SelfPrivacy service packaging format
Assignees
Clear assignees
No Assignees
alexoundos
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: SelfPrivacy/selfprivacy-nixos-config#38
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?