tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 10 Pull requests Activity

refactor(update-script): Switch from nvfetcher to nix-update

Browse source
This commit is contained in:
Tristan Daniël Maat 2025-09-29 13:08:07 +08:00
parent 099666d14d
commit 8757f2ad22
Signed by: tlater
GPG key ID: 49670FD774E43268
8 changed files with 91 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

16
flake.nix
View file

@ -115,22 +115,6 @@
${vm.config.system.build.vm.outPath}/bin/run-testvm-vm ${vm.config.system.build.vm.outPath}/bin/run-testvm-vm
'').outPath; '').outPath;
}; };
update-crowdsec-packages =
let
git = pkgs.lib.getExe pkgs.git;
nvfetcher = pkgs.lib.getExe pkgs.nvfetcher;
in
{
type = "app";
program =
(pkgs.writeShellScript "update-crowdsec-packages" ''
cd "$(${git} rev-parse --show-toplevel)"
cd ./pkgs/crowdsec
${nvfetcher}
echo 'Remember to update the vendorHash of any go packages!'
'').outPath;
};
}; };
########################### ###########################

44
pkgs/_sources/generated.json
View file

@ -1,44 +0,0 @@
{
"crowdsec-firewall-bouncer": {
"cargoLocks": null,
"date": null,
"extract": null,
"name": "crowdsec-firewall-bouncer",
"passthru": null,
"pinned": false,
"src": {
"deepClone": false,
"fetchSubmodules": false,
"leaveDotGit": false,
"name": null,
"owner": "crowdsecurity",
"repo": "cs-firewall-bouncer",
"rev": "v0.0.34",
"sha256": "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=",
"sparseCheckout": [],
"type": "github"
},
"version": "v0.0.34"
},
"crowdsec-hub": {
"cargoLocks": null,
"date": "2025-08-17",
"extract": null,
"name": "crowdsec-hub",
"passthru": null,
"pinned": false,
"src": {
"deepClone": false,
"fetchSubmodules": false,
"leaveDotGit": false,
"name": null,
"owner": "crowdsecurity",
"repo": "hub",
"rev": "fc59f78180f3edfce76df3e77b001c454f567d3d",
"sha256": "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q=",
"sparseCheckout": [],
"type": "github"
},
"version": "fc59f78180f3edfce76df3e77b001c454f567d3d"
}
}

27
pkgs/_sources/generated.nix
View file

@ -1,27 +0,0 @@
# This file was generated by nvfetcher, please do not modify it manually.
{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }:
{
crowdsec-firewall-bouncer = {
pname = "crowdsec-firewall-bouncer";
version = "v0.0.34";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "cs-firewall-bouncer";
rev = "v0.0.34";
fetchSubmodules = false;
sha256 = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=";
};
};
crowdsec-hub = {
pname = "crowdsec-hub";
version = "fc59f78180f3edfce76df3e77b001c454f567d3d";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
rev = "fc59f78180f3edfce76df3e77b001c454f567d3d";
fetchSubmodules = false;
sha256 = "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q=";
};
date = "2025-08-17";
};
}

4
pkgs/default.nix
View file

@ -1,7 +1,5 @@
{ pkgs }: { pkgs }:
pkgs.lib.packagesFromDirectoryRecursive { pkgs.lib.packagesFromDirectoryRecursive {
callPackage = pkgs.lib.callPackageWith ( inherit (pkgs) callPackage;
pkgs // { sources = pkgs.callPackage ./_sources/generated.nix { }; }
);
directory = ./packages; directory = ./packages;
} }

7
pkgs/nvfetcher.toml
View file

@ -1,7 +0,0 @@
[crowdsec-hub]
src.git = "https://github.com/crowdsecurity/hub.git"
fetch.github = "crowdsecurity/hub"
[crowdsec-firewall-bouncer]
src.github = "crowdsecurity/cs-firewall-bouncer"
fetch.github = "crowdsecurity/cs-firewall-bouncer"

33
pkgs/packages/crowdsec-firewall-bouncer.nix
View file

@ -1,15 +1,26 @@
{ {
lib, lib,
sources, fetchFromGitHub,
buildGoModule, buildGoModule,
envsubst, envsubst,
coreutils, coreutils,
writers,
nix-update,
}: }:
let let
envsubstBin = lib.getExe envsubst; envsubstBin = lib.getExe envsubst;
in in
buildGoModule { buildGoModule (drv: {
inherit (sources.crowdsec-firewall-bouncer) pname version src; pname = "crowdsec-firewall-bouncer";
version = drv.src.rev;
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "cs-firewall-bouncer";
rev = "0.0.34";
sha256 = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=";
};
vendorHash = "sha256-SbpclloBgd9vffC0lBduGRqPOqmzQ0J91/KeDHCh0jo="; vendorHash = "sha256-SbpclloBgd9vffC0lBduGRqPOqmzQ0J91/KeDHCh0jo=";
@ -23,4 +34,18 @@ buildGoModule {
substituteInPlace $out/lib/systemd/system/crowdsec-firewall-bouncer.service \ substituteInPlace $out/lib/systemd/system/crowdsec-firewall-bouncer.service \
--replace-fail /bin/sleep ${coreutils}/bin/sleep --replace-fail /bin/sleep ${coreutils}/bin/sleep
''; '';
}
passthru.updateScript =
writers.writeNuBin "update-crowdsec-firewall-bouncer"
{
makeWrapperArgs = [
"--prefix"
"PATH"
":"
(lib.makeBinPath [ nix-update ])
];
}
''
nix-update --flake --format crowdsec-firewall-bouncer
'';
})

39
pkgs/packages/crowdsec-hub.nix
View file

@ -1 +1,38 @@
{ sources }: sources.crowdsec-hub.src {
lib,
fetchFromGitHub,
stdenvNoCC,
writers,
nix-update,
}:
# Using `mkDerivation` so nix-update can pick up the version
stdenvNoCC.mkDerivation (drv: {
pname = "crowdsec-hub";
version = drv.src.rev;
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
rev = "fc59f78180f3edfce76df3e77b001c454f567d3d";
hash = "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q=";
};
installPhase = ''
cp -r $src $out
'';
passthru.updateScript =
writers.writeNuBin "update-crowdsec-hub"
{
makeWrapperArgs = [
"--prefix"
"PATH"
":"
(lib.makeBinPath [ nix-update ])
];
}
''
nix-update --flake --format --version=branch crowdsec-hub
'';
})

23
pkgs/update.nu Normal file
View file

@ -0,0 +1,23 @@
use std/log
let packages_with_updatescript = (
nix flake show --json
| from json
| $in.packages.x86_64-linux
| columns
| filter {|p| nix eval $'.#($p)' --apply 'builtins.hasAttr "updateScript"' | $in == 'true' }
)
for $package in $packages_with_updatescript {
log info $'Updating ($package)'
nix run $'.#($package).updateScript'
}
log info 'Committing changes'
try {
git add pkgs
git commit -m 'update(pkgs): Update sources of all downstream packages'
} catch {
log warning 'No changes to commit'
}