nix: boostrap "v2" tree (#3740)

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2025-08-06 14:04:17 -04:00 · 2025-04-04 10:22:28 +02:00 · 2025-04-04 10:22:28 +02:00 · e5d22ebcaf
commit e5d22ebcaf
parent 0926b82a65
9 changed files with 119 additions and 25 deletions
--- a/flake.lock
+++ b/flake.lock
@ -18,13 +18,13 @@
        "type": "github"
      }
    },
-    "nixpkgsUnstable": {
+    "nixpkgs": {
      "locked": {
-        "lastModified": 1733376361,
+        "lastModified": 1743689281,
-        "narHash": "sha256-aLJxoTDDSqB+/3orsulE6/qdlX6MzDLIITLZqdgMpqo=",
+        "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "929116e316068c7318c54eb4d827f7d9756d5e9c",
+        "rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
        "type": "github"
      },
      "original": {
@ -37,7 +37,7 @@
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
-        "nixpkgsUnstable": "nixpkgsUnstable"
+        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  description = "Constellation";
  inputs = {
-    nixpkgsUnstable = {
+    nixpkgs = {
      url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    };
    flake-utils = {
@ -13,21 +13,29 @@
  outputs =
    {
      self,
-      nixpkgsUnstable,
+      nixpkgs,
      flake-utils,
    }:
    flake-utils.lib.eachDefaultSystem (
      system:
      let
-        pkgsUnstable = import nixpkgsUnstable { inherit system; };
+        pkgs = import nixpkgs {
          inherit system;
          config.allowUnfree = true;
-        callPackage = pkgsUnstable.callPackage;
+          overlays = [
            (_final: prev: (import ./nix/packages { inherit (prev) lib callPackage; }))
            (_final: prev: { lib = prev.lib // (import ./nix/lib { inherit (prev) lib callPackage; }); })
          ];
        };
        callPackage = pkgs.callPackage;
        mkosiDev = (
-          pkgsUnstable.mkosi.overrideAttrs (oldAttrs: {
+          pkgs.mkosi.overrideAttrs (oldAttrs: {
            propagatedBuildInputs =
              oldAttrs.propagatedBuildInputs
-              ++ (with pkgsUnstable; [
+              ++ (with pkgs; [
                # package management
                dnf5
                rpm
@ -52,41 +60,48 @@
        );
      in
      {
        # Use `legacyPackages` instead of `packages` for the reason explained here:
        # https://github.com/NixOS/nixpkgs/blob/34def00657d7c45c51b0762eb5f5309689a909a5/flake.nix#L138-L156
        # Note that it's *not* a legacy attribute.
        legacyPackages = {
          generate = pkgs.callPackage ./nix/generate.nix { };
        } // pkgs;
        packages.mkosi = mkosiDev;
-        packages.uplosi = pkgsUnstable.uplosi;
+        packages.uplosi = pkgs.uplosi;
-        packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgsUnstable; };
+        packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgs; };
        packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix {
-          pkgs = pkgsUnstable;
+          pkgs = pkgs;
-          pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; };
+          pkgsLinux = import nixpkgs { system = "x86_64-linux"; };
        };
        packages.libvirt = callPackage ./nix/cc/libvirt.nix {
-          pkgs = pkgsUnstable;
+          pkgs = pkgs;
-          pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; };
+          pkgsLinux = import nixpkgs { system = "x86_64-linux"; };
        };
        packages.libvirtd_base = callPackage ./nix/container/libvirtd_base.nix {
-          pkgs = pkgsUnstable;
+          pkgs = pkgs;
-          pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; };
+          pkgsLinux = import nixpkgs { system = "x86_64-linux"; };
        };
        packages.vpn = callPackage ./nix/container/vpn/vpn.nix {
-          pkgs = pkgsUnstable;
+          pkgs = pkgs;
-          pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; };
+          pkgsLinux = import nixpkgs { system = "x86_64-linux"; };
        };
-        packages.awscli2 = pkgsUnstable.awscli2;
+        packages.awscli2 = pkgs.awscli2;
-        packages.createrepo_c = pkgsUnstable.createrepo_c;
+        packages.createrepo_c = pkgs.createrepo_c;
-        packages.dnf5 = pkgsUnstable.dnf5;
+        packages.dnf5 = pkgs.dnf5;
        devShells.default = callPackage ./nix/shells/default.nix { };
-        formatter = nixpkgsUnstable.legacyPackages.${system}.nixpkgs-fmt;
+        formatter = nixpkgs.legacyPackages.${system}.nixpkgs-fmt;
      }
    );
 }
--- a/nix/lib/by-name/constellationRepoRoot/package.nix
+++ b/nix/lib/by-name/constellationRepoRoot/package.nix
@ -0,0 +1,3 @@
 # Returns a reference to the root path of the Constellation repository.
 _: ../../../../.
--- a/nix/lib/by-name/constellationRepoRootSrc/package.nix
+++ b/nix/lib/by-name/constellationRepoRootSrc/package.nix
@ -0,0 +1,12 @@
 # Returns a package set originating from the root of the Constellation repository.
 # The `files` attribute is a list of paths relative to the root of the repository.
 { lib }:
 files:
 let
  filteredFiles = lib.map (subpath: lib.path.append lib.constellationRepoRoot subpath) files;
 in
 lib.fileset.toSource {
  root = lib.constellationRepoRoot;
  fileset = lib.fileset.unions filteredFiles;
 }
--- a/nix/lib/by-name/constellationVersion/package.nix
+++ b/nix/lib/by-name/constellationVersion/package.nix
@ -0,0 +1,3 @@
 # Returns the current Continuum version, as defined in `version.txt`.
 { lib }: builtins.readFile (lib.path.append lib.constellationRepoRoot "version.txt")
--- a/nix/lib/default.nix
+++ b/nix/lib/default.nix
@ -0,0 +1,8 @@
 {
  lib,
  callPackage,
 }:
 lib.packagesFromDirectoryRecursive {
  inherit callPackage;
  directory = ./by-name;
 }
--- a/nix/packages/by-name/buildConstellationGoModule/package.nix
+++ b/nix/packages/by-name/buildConstellationGoModule/package.nix
@ -0,0 +1,26 @@
 # A 'wrapped' Go builder for Constellation, which doesn't require a `vendorHash` to be set in each package.
 # Instead, one central vendor hash is set here, and all packages inherit it.
 {
  buildGo124Module,
  constellation-canonical-go-package,
 }:
 args:
 (buildGo124Module (
  {
    # We run tests in CI, so don't run them at build time.
    doCheck = false;
    # Disable CGO by default.
    env.CGO_ENABLED = "0";
  }
  // args
 )).overrideAttrs
  (_oldAttrs: {
    inherit (constellation-canonical-go-package)
      goModules
      vendorHash
      proxyVendor
      deleteVendor
      ;
  })
--- a/nix/packages/by-name/constellation-canonical-go-package/package.nix
+++ b/nix/packages/by-name/constellation-canonical-go-package/package.nix
@ -0,0 +1,19 @@
 {
  lib,
  buildGo124Module,
 }:
 buildGo124Module {
  pname = "constellation-canonical-go-package";
  version = lib.constellationVersion;
  src = lib.constellationRepoRootSrc [
    "go.mod"
    "go.sum"
  ];
  vendorHash = "sha256-McWiTTz1HTdG3x0LI87CF6oTRFtxSiV3LCCBJb9YG4U=";
  doCheck = false;
  proxyVendor = true;
 }
--- a/nix/packages/default.nix
+++ b/nix/packages/default.nix
@ -0,0 +1,8 @@
 {
  lib,
  callPackage,
 }:
 lib.packagesFromDirectoryRecursive {
  inherit callPackage;
  directory = ./by-name;
 }
		`@ -0,0 +1,3 @@`
							`# Returns a reference to the root path of the Constellation repository.`

							`_: ../../../../.`
		`@ -0,0 +1,3 @@`
							# Returns the current Continuum version, as defined in `version.txt`.

							`{ lib }: builtins.readFile (lib.path.append lib.constellationRepoRoot "version.txt")`