Merge remote-tracking branch 'orange/master'
This commit is contained in:
commit
1e1e751fa4
|
@ -18,11 +18,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693844670,
|
"lastModified": 1702151865,
|
||||||
"narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
|
"narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
|
"rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -16,9 +16,11 @@
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs.stockholm = self;
|
specialArgs.stockholm = self;
|
||||||
specialArgs.nix-writers = nix-writers;
|
specialArgs.nix-writers = nix-writers;
|
||||||
specialArgs.secrets = nixpkgs.lib.mkDefault (toString ./krebs/0tests/data/secrets);
|
|
||||||
modules = [
|
modules = [
|
||||||
./krebs/1systems/${machineName}/config.nix
|
./krebs/1systems/${machineName}/config.nix
|
||||||
|
{
|
||||||
|
krebs.secret.directory = "/var/src/secrets";
|
||||||
|
}
|
||||||
];
|
];
|
||||||
}) (builtins.readDir ./krebs/1systems);
|
}) (builtins.readDir ./krebs/1systems);
|
||||||
|
|
||||||
|
|
|
@ -87,7 +87,6 @@ in {
|
||||||
"irc.r"
|
"irc.r"
|
||||||
"wiki.r"
|
"wiki.r"
|
||||||
];
|
];
|
||||||
tinc.port = 0;
|
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc
|
MIIBCgKCAQEAs9+Au3oj29C5ol/YnkG9GjfCH5z53wxjH2iy8UPike8C7GASZKqc
|
||||||
|
@ -114,7 +113,6 @@ in {
|
||||||
"go.r"
|
"go.r"
|
||||||
"rss.r"
|
"rss.r"
|
||||||
];
|
];
|
||||||
tinc.port = 0;
|
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN PUBLIC KEY-----
|
-----BEGIN PUBLIC KEY-----
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9PY6t6P1ytgo8qYL2QDc
|
||||||
|
@ -225,7 +223,6 @@ in {
|
||||||
"build.puyak.r"
|
"build.puyak.r"
|
||||||
"cgit.puyak.r"
|
"cgit.puyak.r"
|
||||||
];
|
];
|
||||||
tinc.port = 0;
|
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
|
MIIBCgKCAQEAwwDvaVKSJmAi1fpbsmjLz1DQVTgqnx56GkHKbz5sHwAfPVQej955
|
||||||
|
|
|
@ -692,15 +692,15 @@ in {
|
||||||
aliases = [ "adelaide.r" ];
|
aliases = [ "adelaide.r" ];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIIBCgKCAQEAzxKKd1dV+XDUV8pHqkAtbLcwEZVsf0kK+y5X/zbZcXEZhQQv6/dY
|
MIIBCgKCAQEAp17cmCeFBu+WLKuhQQmYy3iVm/Vd42T7WA+WPaMDpejpf4hNFl8D
|
||||||
YJRoNG3lo8+7FMwYO2b2uyIkO1PopsORMAA2vIFaKJ2Qnt7byuIQ6n9CafIADx1M
|
MYtLjEo44oOHKE95UK+CfEKjvY+XIYgr/TfXPXPbTfeUNlhwy/anK9Aek4tX/V3z
|
||||||
dVf+cwUhY8IVIX2ndz9pIAY8NhmzEcjG5vGKxRqev1zNwa1LtsLDLObhkKYznM6y
|
dkS139Tp9ffDq8jUkiITaIXBpMzWC8Pc+hvAUwOyq80YII2Xp+K7+vhpdXKP6Zo0
|
||||||
HV5F92GONMeNOovHCxIYsSJ8jLn8BB60toADzocgzKvCiEw4IwKnzL/au9RGY4Xi
|
eFd15nCWBhx2LBxnFSE+JT/bpuC4GdGhzAsafjnoR9Jl8kJ/wjIhI/b3j4l6udFq
|
||||||
25YXBzF5ai84e+HyaGGGD/qa4SqL9/jCkDB7QAwRqb01wGhtTLty+ubjzh1HF3am
|
Pn+/1z8mmb2LGkTg4cEUDWd86CCtkYVQW5/E0fHWFzUWStl/f1hEOENU4Cqy7GaD
|
||||||
zpizPVNwBTqHW1S3W1i/yi5a5w4D/zdrRQIDAQAB
|
ytioO8RI0ENZOdHZiy6vFnhPFG5Er2t4jQIDAQAB
|
||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
tinc.pubkey_ed25519 = "YzB5BqgIQ4f209B2KhpdHu6gRYj5IS64zy1wneq/yiG";
|
tinc.pubkey_ed25519 = "FBuLCjr31Z8ijUNAgzMHeuzyKUP9zvHLijtQKBouxPO";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -993,15 +993,15 @@ in {
|
||||||
aliases = [ "vislor.r" ];
|
aliases = [ "vislor.r" ];
|
||||||
tinc.pubkey = ''
|
tinc.pubkey = ''
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
MIIBCgKCAQEAnAIEtqtJzQmhAOLMDOp6LvlMoElNezeFarvZ6LshbZbLPL7Mv2Iy
|
MIIBCgKCAQEAzMOrwiMFgDbITQEnXBJev4bSprV2Hg04xuEUmdoMJB4OJdBrWY7G
|
||||||
buEoduzGNlqUbqEypsv7pQBSqw4Kqn9jMnpk8EpPiLiqIaBJeGqS1eIHi4DdRIyC
|
71aHXtAjBqJqRYbvSoRPa+jQcpqRHNdNctfE1wq3nUkOYSM0OHGoFwb3kfybh+vu
|
||||||
wwOgAqbc0e55LGSRyLS2GgbzD3kHh0UgVF2/MM01r4l53w8ftSJwR5dL6tpKnfgm
|
flmAY75ZlVRz3srITjMADpHeiuAEOmGPmlbLiUY09I2qjcaSzYYsTiGnyWSp95tL
|
||||||
wjc8hwQtxen+zym2RJV7E+YPKg2t/ZGTJZbgk54/19l5Eeb18xxfTyxBNdUWBBCo
|
g3CRqiC4kj4fM0B7lCp/dz/iXDvqWEgoGEQH34x4xIIToA+DkHX5/2NAl4aaiq9m
|
||||||
vnR/h2gfCZnmsj4UiSor+z+00eaDyespfjLw3X7XQkCdlfgx0BVfhXH2RGOtdH+P
|
JQ8YCz5qBox3nD6W6bwwsEyG4vOHNcCLHBdVLEbfUFHM8XDjF3dJZ+RjCYxdiEjM
|
||||||
AdnLFg7OfGh9V8zAiOC7jyuCrlbh0q0QoQIDAQAB
|
dZUckPeLf/8XDkNMZm1eKMIJBvcH3UESLQIDAQAB
|
||||||
-----END RSA PUBLIC KEY-----
|
-----END RSA PUBLIC KEY-----
|
||||||
'';
|
'';
|
||||||
tinc.pubkey_ed25519 = "PqpTiIldNgPTKQVnouiGNo8mX0wqSVtg9al6ve/sj2E";
|
tinc.pubkey_ed25519 = "ZMFZ4fd75fh2OLg/SuiTsavs013E2tUaCDqX76LPI6K";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
../../../krebs
|
../../../krebs
|
||||||
../../../krebs/2configs
|
../../../krebs/2configs
|
||||||
|
../../../krebs/2configs/nginx.nix
|
||||||
|
|
||||||
../../../krebs/2configs/buildbot-stockholm.nix
|
../../../krebs/2configs/buildbot-stockholm.nix
|
||||||
../../../krebs/2configs/binary-cache/nixos.nix
|
../../../krebs/2configs/binary-cache/nixos.nix
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
krebs.build.host = config.krebs.hosts.news;
|
krebs.build.host = config.krebs.hosts.news;
|
||||||
|
krebs.hosts.news.ssh.privkey.path = "${config.krebs.secret.directory}/ssh.id_ed25519";
|
||||||
|
|
||||||
boot.isContainer = true;
|
boot.isContainer = true;
|
||||||
networking.useDHCP = lib.mkForce true;
|
networking.useDHCP = lib.mkForce true;
|
||||||
|
|
|
@ -8,7 +8,17 @@ with import ../../lib/pure.nix { inherit lib; };
|
||||||
];
|
];
|
||||||
krebs.announce-activation.enable = true;
|
krebs.announce-activation.enable = true;
|
||||||
krebs.enable = true;
|
krebs.enable = true;
|
||||||
krebs.tinc.retiolum.enable = mkDefault true;
|
|
||||||
|
# retiolum
|
||||||
|
krebs.tinc.retiolum = {
|
||||||
|
enable = mkDefault true;
|
||||||
|
extraConfig = ''
|
||||||
|
AutoConnect = yes
|
||||||
|
LocalDiscovery = yes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 655 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 655 ];
|
||||||
|
|
||||||
# trust krebs ACME CA
|
# trust krebs ACME CA
|
||||||
krebs.ssl.trustIntermediate = true;
|
krebs.ssl.trustIntermediate = true;
|
||||||
|
@ -52,6 +62,7 @@ with import ../../lib/pure.nix { inherit lib; };
|
||||||
config.krebs.users.makefu.pubkey
|
config.krebs.users.makefu.pubkey
|
||||||
config.krebs.users.tv.pubkey
|
config.krebs.users.tv.pubkey
|
||||||
config.krebs.users.kmein.pubkey
|
config.krebs.users.kmein.pubkey
|
||||||
|
config.krebs.users.mic92.pubkey
|
||||||
];
|
];
|
||||||
|
|
||||||
# The NixOS release to be compatible with for stateful data such as databases.
|
# The NixOS release to be compatible with for stateful data such as databases.
|
||||||
|
|
|
@ -5,19 +5,12 @@
|
||||||
virtualHosts."social.krebsco.de" = {
|
virtualHosts."social.krebsco.de" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
acmeFallbackHost = "hotdog.r";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
# TODO use this in 22.11
|
# TODO use this in 22.11
|
||||||
# recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
proxyPass = "http://hotdog.r";
|
proxyPass = "https://hotdog.r";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header X-Forwarded-Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Server $host;
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
|
dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
|
||||||
package = pkgs.postgresql_11;
|
package = pkgs.postgresql_16;
|
||||||
};
|
};
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d /var/state/postgresql 0700 postgres postgres -"
|
"d /var/state/postgresql 0700 postgres postgres -"
|
||||||
|
@ -13,23 +13,17 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
localDomain = "social.krebsco.de";
|
localDomain = "social.krebsco.de";
|
||||||
configureNginx = true;
|
configureNginx = true;
|
||||||
|
streamingProcesses = 3;
|
||||||
trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
|
trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
|
||||||
smtp.createLocally = false;
|
smtp.createLocally = false;
|
||||||
smtp.fromAddress = "derp";
|
smtp.fromAddress = "derp";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
|
security.acme.certs."social.krebsco.de".server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
forceSSL = lib.mkForce false;
|
|
||||||
enableACME = lib.mkForce false;
|
|
||||||
locations."@proxy".extraConfig = ''
|
|
||||||
proxy_redirect off;
|
|
||||||
proxy_pass_header Server;
|
|
||||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
80
|
80
|
||||||
|
443
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
|
24
krebs/2configs/nginx.nix
Normal file
24
krebs/2configs/nginx.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.defaults.email = "spam@krebsco.de";
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
|
enableReload = true;
|
||||||
|
|
||||||
|
virtualHosts.default = {
|
||||||
|
default = true;
|
||||||
|
locations."= /etc/os-release".extraConfig = ''
|
||||||
|
default_type text/plain;
|
||||||
|
alias /etc/os-release;
|
||||||
|
'';
|
||||||
|
# needed for acmeFallback in sync-containers, or other machines not reachable globally
|
||||||
|
locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -526,6 +526,8 @@ in {
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||||
'';
|
'';
|
||||||
|
# needed for acmeFallback in sync-containers, or other machines not reachable globally
|
||||||
|
locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."bedge.r" = {
|
services.nginx.virtualHosts."bedge.r" = {
|
||||||
|
|
|
@ -155,7 +155,7 @@ in {
|
||||||
# echo 'container is reachable, continueing'
|
# echo 'container is reachable, continueing'
|
||||||
continue
|
continue
|
||||||
else
|
else
|
||||||
# echo 'container seems dead, killing'
|
echo 'container seems dead, killing'
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
@ -249,6 +249,11 @@ in {
|
||||||
ExecStop = pkgs.writers.writeDash "remove_interface" ''
|
ExecStop = pkgs.writers.writeDash "remove_interface" ''
|
||||||
${pkgs.iproute2}/bin/ip link del vb-${ctr.name}
|
${pkgs.iproute2}/bin/ip link del vb-${ctr.name}
|
||||||
'';
|
'';
|
||||||
|
ExecStartPost = [
|
||||||
|
(pkgs.writers.writeDash "bind-to-bridge" ''
|
||||||
|
${pkgs.iproute2}/bin/ip link set "vb-$INSTANCE" master ctr0
|
||||||
|
'')
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}; }
|
}; }
|
||||||
]) (lib.attrValues cfg.containers)));
|
]) (lib.attrValues cfg.containers)));
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIICWTCCAcKgAwIBAgIQIpBt0MsRpYd8LWNdb9MfITANBgkqhkiG9w0BAQsFADCB
|
MIICWjCCAcOgAwIBAgIRAOACUgvw++4VwgQ7Iu1/iRkwDQYJKoZIhvcNAQELBQAw
|
||||||
gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
|
gYExCzAJBgNVBAYTAlpaMRIwEAYDVQQIDAlzdGF0ZWxlc3MxEDAOBgNVBAoMB0ty
|
||||||
YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
|
ZWJzY28xCzAJBgNVBAsMAktNMRYwFAYDVQQDDA1LcmVicyBSb290IENBMScwJQYJ
|
||||||
hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMjEyMDYxODI2
|
KoZIhvcNAQkBFhhyb290LWNhQHN5bnRheC1mZWhsZXIuZGUwHhcNMjMxMjA2MjAy
|
||||||
MDhaFw0yMzEyMDYxODI2MDhaMBgxFjAUBgNVBAMTDUtyZWJzIEFDTUUgQ0EwWTAT
|
NTI1WhcNMjQxMjA1MjAyNTI1WjAYMRYwFAYDVQQDEw1LcmVicyBBQ01FIENBMFkw
|
||||||
BgcqhkjOPQIBBggqhkjOPQMBBwNCAAT4KuemY4BowAbFjzCvi+PthBTWCtewnAbr
|
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESHiqfjJYhLvY9pBWVi5gwDmZQ65F5KGV
|
||||||
qDSlA602QcuQVmqa1/3TaYag7KNDgeg5eshMRI9GN/boKTpgcLeZo4GAMH4wDgYD
|
GSkOprlw4TJguHr6ToSC9MErHhDb80kyidcjWDi2WTJX1zg/OmTv2qOBgDB+MA4G
|
||||||
VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJYxArnj
|
A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTSCUQO
|
||||||
SEArwloaM5blBymFmcL2MB8GA1UdIwQYMBaAFIp6rTX6sDCnvIBfDOXBkGjcQZUv
|
B5ICY1kqFPQ299+Kn6zr8TAfBgNVHSMEGDAWgBSKeq01+rAwp7yAXwzlwZBo3EGV
|
||||||
MBgGA1UdHgEB/wQOMAygCjADggFyMAOCAXcwDQYJKoZIhvcNAQELBQADgYEAekCt
|
LzAYBgNVHR4BAf8EDjAMoAowA4IBcjADggF3MA0GCSqGSIb3DQEBCwUAA4GBAMY3
|
||||||
XrKwanrcy6+k3YfXWGiMJ47Ys7Mfa5UfIs7QiXv74MgtklLsX63D27hKn5rd7wk4
|
hXVyUAYfNw+sb5NLZKkp5/Uu9ehcmVJV/CkWm5BKyEFsdCJ3PL5rnpockxNrOTy1
|
||||||
20wXLMhb8ofrKnO4mt0VFRSGm9/cq9N/c/uuf4hMzhAJmusgkn02GG+cafqZ9ab9
|
/y0IWZ4UaV2jqVibKOTt3FWax1BHXuTBMSirAIKYdUnT969KTTs0atrDYYh1bBzy
|
||||||
MjLmveT9WHphmgQTnJPEeYP2U2faHKIp6Gwv5qc=
|
YIxiIU+Be343LFI5HTNewAyK2SYUO0QP0BkGUUGD
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
|
|
@ -10,8 +10,8 @@
|
||||||
krebs-source = { test ? false }: rec {
|
krebs-source = { test ? false }: rec {
|
||||||
nixpkgs = if test then {
|
nixpkgs = if test then {
|
||||||
derivation = let
|
derivation = let
|
||||||
rev = (lib.importJSON ./nixpkgs.json).rev;
|
rev = (lib.importJSON ../flake.lock).nodes.nixpkgs.locked.rev;
|
||||||
sha256 = (lib.importJSON ./nixpkgs.json).sha256;
|
sha256 = (lib.importJSON ../flake.lock).nodes.nixpkgs.locked.narHash;
|
||||||
in ''
|
in ''
|
||||||
with import (builtins.fetchTarball {
|
with import (builtins.fetchTarball {
|
||||||
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||||
|
@ -26,8 +26,8 @@
|
||||||
'';
|
'';
|
||||||
} else {
|
} else {
|
||||||
git = {
|
git = {
|
||||||
ref = (lib.importJSON ./nixpkgs.json).rev;
|
ref = (lib.importJSON ../flake.lock).nodes.nixpkgs.locked.rev;
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = "https://github.com/NixOS/nixpkgs";
|
||||||
shallow = true;
|
shallow = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
{
|
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
|
||||||
"rev": "aa8aa7e2ea35ce655297e8322dc82bf77a31d04b",
|
|
||||||
"date": "2023-09-01T18:51:16+08:00",
|
|
||||||
"path": "/nix/store/10xskkarnksmn1fahylswv0y4216c73w-nixpkgs",
|
|
||||||
"sha256": "0bbv3y86kfpn02zh5vvdbkmnqyzagzbc1gzpvvlb6qbvgg639bf9",
|
|
||||||
"hash": "sha256-ya00zHt7YbPo3ve/wNZ/6nts61xt7wK/APa6aZAfey0=",
|
|
||||||
"fetchLFS": false,
|
|
||||||
"fetchSubmodules": false,
|
|
||||||
"deepClone": false,
|
|
||||||
"leaveDotGit": false
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
{
|
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
|
||||||
"rev": "9075cba53e86dc318d159aee55dc9a7c9a4829c1",
|
|
||||||
"date": "2023-09-02T08:28:47+02:00",
|
|
||||||
"path": "/nix/store/605bv7zssv38j0ii8rbnxkv1m0f0b53p-nixpkgs",
|
|
||||||
"sha256": "0kymzp32d31c0hny2b2f7zfn49nzrxlm963xbm4v0axka6abym36",
|
|
||||||
"hash": "sha256-ZlS/lFGzK7BJXX2YVGnP3yZi3T9OLOEtBCyMJsb91U8=",
|
|
||||||
"fetchLFS": false,
|
|
||||||
"fetchSubmodules": false,
|
|
||||||
"deepClone": false,
|
|
||||||
"leaveDotGit": false
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
dir=$(dirname $0)
|
|
||||||
oldrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
|
||||||
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
|
||||||
--url https://github.com/NixOS/nixpkgs \
|
|
||||||
--rev refs/heads/nixos-unstable' \
|
|
||||||
> $dir/nixpkgs-unstable.json
|
|
||||||
newrev=$(cat $dir/nixpkgs-unstable.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
|
||||||
git commit $dir/nixpkgs-unstable.json -m "nixpkgs-unstable: $oldrev -> $newrev"
|
|
|
@ -1,9 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
dir=$(dirname $0)
|
|
||||||
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
|
||||||
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
|
||||||
--url https://github.com/NixOS/nixpkgs \
|
|
||||||
--rev refs/heads/nixos-23.05' \
|
|
||||||
> $dir/nixpkgs.json
|
|
||||||
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
|
||||||
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
|
Loading…
Reference in a new issue