From 6655ed0d57c7833f819de17ebb79cce9b1b61974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sun, 17 Aug 2025 23:43:06 +0800 Subject: [PATCH 1/7] refactor(update-script): Switch from nvfetcher to nix-update --- flake.nix | 16 ---------- pkgs/crowdsec/_sources/generated.json | 44 --------------------------- pkgs/crowdsec/_sources/generated.nix | 27 ---------------- pkgs/crowdsec/firewall-bouncer.nix | 16 +++++++--- pkgs/crowdsec/hub.nix | 18 ++++++++++- pkgs/crowdsec/nvfetcher.toml | 7 ----- 6 files changed, 29 insertions(+), 99 deletions(-) delete mode 100644 pkgs/crowdsec/_sources/generated.json delete mode 100644 pkgs/crowdsec/_sources/generated.nix delete mode 100644 pkgs/crowdsec/nvfetcher.toml diff --git a/flake.nix b/flake.nix index b5228c3..20cbc36 100644 --- a/flake.nix +++ b/flake.nix @@ -120,22 +120,6 @@ ${vm.config.system.build.vm.outPath}/bin/run-testvm-vm '').outPath; }; - - update-crowdsec-packages = - let - git = pkgs.lib.getExe pkgs.git; - nvfetcher = pkgs.lib.getExe pkgs.nvfetcher; - in - { - type = "app"; - program = - (pkgs.writeShellScript "update-crowdsec-packages" '' - cd "$(${git} rev-parse --show-toplevel)" - cd ./pkgs/crowdsec - ${nvfetcher} - echo 'Remember to update the vendorHash of any go packages!' - '').outPath; - }; }; ########################### diff --git a/pkgs/crowdsec/_sources/generated.json b/pkgs/crowdsec/_sources/generated.json deleted file mode 100644 index fd61141..0000000 --- a/pkgs/crowdsec/_sources/generated.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "crowdsec-firewall-bouncer": { - "cargoLocks": null, - "date": null, - "extract": null, - "name": "crowdsec-firewall-bouncer", - "passthru": null, - "pinned": false, - "src": { - "deepClone": false, - "fetchSubmodules": false, - "leaveDotGit": false, - "name": null, - "owner": "crowdsecurity", - "repo": "cs-firewall-bouncer", - "rev": "v0.0.34", - "sha256": "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=", - "sparseCheckout": [], - "type": "github" - }, - "version": "v0.0.34" - }, - "crowdsec-hub": { - "cargoLocks": null, - "date": "2025-08-17", - "extract": null, - "name": "crowdsec-hub", - "passthru": null, - "pinned": false, - "src": { - "deepClone": false, - "fetchSubmodules": false, - "leaveDotGit": false, - "name": null, - "owner": "crowdsecurity", - "repo": "hub", - "rev": "fc59f78180f3edfce76df3e77b001c454f567d3d", - "sha256": "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q=", - "sparseCheckout": [], - "type": "github" - }, - "version": "fc59f78180f3edfce76df3e77b001c454f567d3d" - } -} \ No newline at end of file diff --git a/pkgs/crowdsec/_sources/generated.nix b/pkgs/crowdsec/_sources/generated.nix deleted file mode 100644 index b5efc4e..0000000 --- a/pkgs/crowdsec/_sources/generated.nix +++ /dev/null @@ -1,27 +0,0 @@ -# This file was generated by nvfetcher, please do not modify it manually. -{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }: -{ - crowdsec-firewall-bouncer = { - pname = "crowdsec-firewall-bouncer"; - version = "v0.0.34"; - src = fetchFromGitHub { - owner = "crowdsecurity"; - repo = "cs-firewall-bouncer"; - rev = "v0.0.34"; - fetchSubmodules = false; - sha256 = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g="; - }; - }; - crowdsec-hub = { - pname = "crowdsec-hub"; - version = "fc59f78180f3edfce76df3e77b001c454f567d3d"; - src = fetchFromGitHub { - owner = "crowdsecurity"; - repo = "hub"; - rev = "fc59f78180f3edfce76df3e77b001c454f567d3d"; - fetchSubmodules = false; - sha256 = "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q="; - }; - date = "2025-08-17"; - }; -} diff --git a/pkgs/crowdsec/firewall-bouncer.nix b/pkgs/crowdsec/firewall-bouncer.nix index cfb062a..f3156f9 100644 --- a/pkgs/crowdsec/firewall-bouncer.nix +++ b/pkgs/crowdsec/firewall-bouncer.nix @@ -1,6 +1,6 @@ { lib, - sources, + fetchFromGitHub, buildGoModule, envsubst, coreutils, @@ -8,8 +8,16 @@ let envsubstBin = lib.getExe envsubst; in -buildGoModule { - inherit (sources.crowdsec-firewall-bouncer) pname version src; +buildGoModule (drv: { + pname = "crowdsec-firewall-bouncer"; + version = "0.0.34"; + + src = fetchFromGitHub { + owner = "crowdsecurity"; + repo = "cs-firewall-bouncer"; + rev = drv.version; + hash = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g="; + }; vendorHash = "sha256-SbpclloBgd9vffC0lBduGRqPOqmzQ0J91/KeDHCh0jo="; @@ -23,4 +31,4 @@ buildGoModule { substituteInPlace $out/lib/systemd/system/crowdsec-firewall-bouncer.service \ --replace-fail /bin/sleep ${coreutils}/bin/sleep ''; -} +}) diff --git a/pkgs/crowdsec/hub.nix b/pkgs/crowdsec/hub.nix index 1b8c9b3..3bc115b 100644 --- a/pkgs/crowdsec/hub.nix +++ b/pkgs/crowdsec/hub.nix @@ -1 +1,17 @@ -{ sources }: sources.crowdsec-hub.src +{ fetchFromGitHub, stdenvNoCC }: +# Using `mkDerivation` so nix-update can pick up the version +stdenvNoCC.mkDerivation (drv: { + pname = "crowdsec-hub"; + version = drv.src.rev; + + src = fetchFromGitHub { + owner = "crowdsecurity"; + repo = "hub"; + rev = "fc59f78180f3edfce76df3e77b001c454f567d3d"; + hash = "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q="; + }; + + installPhase = '' + cp -r $src $out + ''; +}) diff --git a/pkgs/crowdsec/nvfetcher.toml b/pkgs/crowdsec/nvfetcher.toml deleted file mode 100644 index 2287dba..0000000 --- a/pkgs/crowdsec/nvfetcher.toml +++ /dev/null @@ -1,7 +0,0 @@ -[crowdsec-hub] -src.git = "https://github.com/crowdsecurity/hub.git" -fetch.github = "crowdsecurity/hub" - -[crowdsec-firewall-bouncer] -src.github = "crowdsecurity/cs-firewall-bouncer" -fetch.github = "crowdsecurity/cs-firewall-bouncer" From 56680d5389b8f67c6a62606aca6a0abe1cde23ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Mon, 29 Sep 2025 13:01:07 +0800 Subject: [PATCH 2/7] fix(flake.nix): Fix accidental top-level devshell definition --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index b5228c3..33d556c 100644 --- a/flake.nix +++ b/flake.nix @@ -155,8 +155,8 @@ nixpkgs-fmt ]; }; - }; - minecraft = nixpkgs.legacyPackages.${system}.mkShell { packages = [ pkgs.packwiz ]; }; + minecraft = nixpkgs.legacyPackages.${system}.mkShell { packages = [ pkgs.packwiz ]; }; + }; }; } From cd012e86ba8e83d89ecbff7398fd9455902a2d07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Mon, 29 Sep 2025 11:51:06 +0800 Subject: [PATCH 3/7] chore(pkgs): Remove starbound package I haven't used this in years and should probably completely revisit how it works anyway. --- checks/lints.nu | 2 -- pkgs/default.nix | 1 - pkgs/starbound/default.nix | 37 ------------------------------ pkgs/starbound/launch-starbound.sh | 32 -------------------------- 4 files changed, 72 deletions(-) delete mode 100644 pkgs/starbound/default.nix delete mode 100644 pkgs/starbound/launch-starbound.sh diff --git a/checks/lints.nu b/checks/lints.nu index ffc2047..b70766b 100644 --- a/checks/lints.nu +++ b/checks/lints.nu @@ -1,10 +1,8 @@ #!/usr/bin/env nu -let shell_files = ls **/*.sh | get name let nix_files = ls **/*.nix | where name !~ "hardware-configuration.nix|_sources" | get name let linters = [ - ([shellcheck] ++ $shell_files) ([nixfmt --check --strict] ++ $nix_files) ([deadnix --fail] ++ $nix_files) ([statix check] ++ $nix_files) diff --git a/pkgs/default.nix b/pkgs/default.nix index 0e5de7a..40383f6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,4 @@ { pkgs }: { crowdsec = import ./crowdsec { inherit pkgs; }; - starbound = pkgs.callPackage ./starbound { }; } diff --git a/pkgs/starbound/default.nix b/pkgs/starbound/default.nix deleted file mode 100644 index 26f2184..0000000 --- a/pkgs/starbound/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - stdenv, - lib, - makeWrapper, - patchelf, - steamPackages, - replace-secret, -}: -let - # Use the directory in which starbound is installed so steamcmd - # doesn't have to be reinstalled constantly (we're using DynamicUser - # with StateDirectory to persist this). - steamcmd = steamPackages.steamcmd.override { steamRoot = "/var/lib/starbound/.steamcmd"; }; - wrapperPath = lib.makeBinPath [ - patchelf - steamcmd - replace-secret - ]; -in -stdenv.mkDerivation { - name = "starbound-update-script"; - nativeBuildInputs = [ makeWrapper ]; - dontUnpack = true; - patchPhase = '' - interpreter="$(cat $NIX_CC/nix-support/dynamic-linker)" - substitute ${./launch-starbound.sh} launch-starbound --subst-var interpreter - ''; - installPhase = '' - mkdir -p $out/bin - cp launch-starbound $out/bin/launch-starbound - chmod +x $out/bin/launch-starbound - ''; - postFixup = '' - wrapProgram $out/bin/launch-starbound \ - --prefix PATH : "${wrapperPath}" - ''; -} diff --git a/pkgs/starbound/launch-starbound.sh b/pkgs/starbound/launch-starbound.sh deleted file mode 100644 index 24d4db1..0000000 --- a/pkgs/starbound/launch-starbound.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bash - -set -eu - -if ! [[ -v STATE_DIRECTORY && -v CREDENTIALS_DIRECTORY ]]; then - echo "Error: Runtime dir or credential not set" - exit 1 -fi - -# Update the server to the latest version -echo "Updating/installing starbound" - -mkdir -p "${STATE_DIRECTORY}/.steamcmd" -steamcmd < Date: Mon, 29 Sep 2025 11:48:19 +0800 Subject: [PATCH 4/7] refactor(pkgs): Use `packagesFromDirectoryRecursive` --- flake.nix | 13 ++++--------- pkgs/{crowdsec => }/_sources/generated.json | 0 pkgs/{crowdsec => }/_sources/generated.nix | 0 pkgs/crowdsec/default.nix | 9 --------- pkgs/default.nix | 7 +++++-- pkgs/{crowdsec => }/nvfetcher.toml | 0 .../crowdsec-firewall-bouncer.nix} | 0 .../{crowdsec/hub.nix => packages/crowdsec-hub.nix} | 0 8 files changed, 9 insertions(+), 20 deletions(-) rename pkgs/{crowdsec => }/_sources/generated.json (100%) rename pkgs/{crowdsec => }/_sources/generated.nix (100%) delete mode 100644 pkgs/crowdsec/default.nix rename pkgs/{crowdsec => }/nvfetcher.toml (100%) rename pkgs/{crowdsec/firewall-bouncer.nix => packages/crowdsec-firewall-bouncer.nix} (100%) rename pkgs/{crowdsec/hub.nix => packages/crowdsec-hub.nix} (100%) diff --git a/flake.nix b/flake.nix index 33d556c..8db8076 100644 --- a/flake.nix +++ b/flake.nix @@ -97,15 +97,10 @@ # Garbage collection root # ########################### - packages.${system} = - let - localPkgs = import ./pkgs { inherit pkgs; }; - in - { - default = vm.config.system.build.vm; - crowdsec-hub = localPkgs.crowdsec.hub; - crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer; - }; + packages.${system} = { + default = vm.config.system.build.vm; + } + // import ./pkgs { inherit pkgs; }; ################### # Utility scripts # diff --git a/pkgs/crowdsec/_sources/generated.json b/pkgs/_sources/generated.json similarity index 100% rename from pkgs/crowdsec/_sources/generated.json rename to pkgs/_sources/generated.json diff --git a/pkgs/crowdsec/_sources/generated.nix b/pkgs/_sources/generated.nix similarity index 100% rename from pkgs/crowdsec/_sources/generated.nix rename to pkgs/_sources/generated.nix diff --git a/pkgs/crowdsec/default.nix b/pkgs/crowdsec/default.nix deleted file mode 100644 index 66faac3..0000000 --- a/pkgs/crowdsec/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs }: -let - sources = pkgs.callPackage ./_sources/generated.nix { }; - callPackage = pkgs.lib.callPackageWith (pkgs // { inherit sources; }); -in -{ - hub = callPackage ./hub.nix { }; - firewall-bouncer = callPackage ./firewall-bouncer.nix { }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index 40383f6..f3a72f5 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,7 @@ { pkgs }: -{ - crowdsec = import ./crowdsec { inherit pkgs; }; +pkgs.lib.packagesFromDirectoryRecursive { + callPackage = pkgs.lib.callPackageWith ( + pkgs // { sources = pkgs.callPackage ./_sources/generated.nix { }; } + ); + directory = ./packages; } diff --git a/pkgs/crowdsec/nvfetcher.toml b/pkgs/nvfetcher.toml similarity index 100% rename from pkgs/crowdsec/nvfetcher.toml rename to pkgs/nvfetcher.toml diff --git a/pkgs/crowdsec/firewall-bouncer.nix b/pkgs/packages/crowdsec-firewall-bouncer.nix similarity index 100% rename from pkgs/crowdsec/firewall-bouncer.nix rename to pkgs/packages/crowdsec-firewall-bouncer.nix diff --git a/pkgs/crowdsec/hub.nix b/pkgs/packages/crowdsec-hub.nix similarity index 100% rename from pkgs/crowdsec/hub.nix rename to pkgs/packages/crowdsec-hub.nix From 099666d14d5379603c3166250be8cd01f208738e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Mon, 29 Sep 2025 13:04:47 +0800 Subject: [PATCH 5/7] refactor(flake.nix): Refactor shell package lists to use `attrValues` --- flake.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 8db8076..5996dee 100644 --- a/flake.nix +++ b/flake.nix @@ -142,16 +142,16 @@ "./keys/hosts/" "./keys/users/" ]; - nativeBuildInputs = [ sops-nix.packages.${system}.sops-import-keys-hook ]; - packages = with pkgs; [ - sops-nix.packages.${system}.sops-init-gpg-key - deploy-rs.packages.${system}.default - nixpkgs-fmt - ]; + packages = nixpkgs.lib.attrValues { + inherit (sops-nix.packages.${system}) sops-import-keys-hook sops-init-gpg-key; + inherit (deploy-rs.packages.${system}) default; + }; }; - minecraft = nixpkgs.legacyPackages.${system}.mkShell { packages = [ pkgs.packwiz ]; }; + minecraft = nixpkgs.legacyPackages.${system}.mkShell { + packages = nixpkgs.lib.attrValues { inherit (nixpkgs.legacyPackages.${system}) packwiz; }; + }; }; }; } From 2c77c2b62bc67a6b97862deb9c51aa24c54daa40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Mon, 29 Sep 2025 13:08:07 +0800 Subject: [PATCH 6/7] refactor(update-script): Switch from nvfetcher to nix-update --- flake.nix | 16 -------- pkgs/_sources/generated.json | 44 --------------------- pkgs/_sources/generated.nix | 27 ------------- pkgs/default.nix | 4 +- pkgs/nvfetcher.toml | 7 ---- pkgs/packages/crowdsec-firewall-bouncer.nix | 16 ++++++-- pkgs/packages/crowdsec-hub.nix | 18 ++++++++- pkgs/update.nu | 23 +++++++++++ 8 files changed, 53 insertions(+), 102 deletions(-) delete mode 100644 pkgs/_sources/generated.json delete mode 100644 pkgs/_sources/generated.nix delete mode 100644 pkgs/nvfetcher.toml create mode 100644 pkgs/update.nu diff --git a/flake.nix b/flake.nix index 5996dee..b919304 100644 --- a/flake.nix +++ b/flake.nix @@ -115,22 +115,6 @@ ${vm.config.system.build.vm.outPath}/bin/run-testvm-vm '').outPath; }; - - update-crowdsec-packages = - let - git = pkgs.lib.getExe pkgs.git; - nvfetcher = pkgs.lib.getExe pkgs.nvfetcher; - in - { - type = "app"; - program = - (pkgs.writeShellScript "update-crowdsec-packages" '' - cd "$(${git} rev-parse --show-toplevel)" - cd ./pkgs/crowdsec - ${nvfetcher} - echo 'Remember to update the vendorHash of any go packages!' - '').outPath; - }; }; ########################### diff --git a/pkgs/_sources/generated.json b/pkgs/_sources/generated.json deleted file mode 100644 index fd61141..0000000 --- a/pkgs/_sources/generated.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "crowdsec-firewall-bouncer": { - "cargoLocks": null, - "date": null, - "extract": null, - "name": "crowdsec-firewall-bouncer", - "passthru": null, - "pinned": false, - "src": { - "deepClone": false, - "fetchSubmodules": false, - "leaveDotGit": false, - "name": null, - "owner": "crowdsecurity", - "repo": "cs-firewall-bouncer", - "rev": "v0.0.34", - "sha256": "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g=", - "sparseCheckout": [], - "type": "github" - }, - "version": "v0.0.34" - }, - "crowdsec-hub": { - "cargoLocks": null, - "date": "2025-08-17", - "extract": null, - "name": "crowdsec-hub", - "passthru": null, - "pinned": false, - "src": { - "deepClone": false, - "fetchSubmodules": false, - "leaveDotGit": false, - "name": null, - "owner": "crowdsecurity", - "repo": "hub", - "rev": "fc59f78180f3edfce76df3e77b001c454f567d3d", - "sha256": "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q=", - "sparseCheckout": [], - "type": "github" - }, - "version": "fc59f78180f3edfce76df3e77b001c454f567d3d" - } -} \ No newline at end of file diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix deleted file mode 100644 index b5efc4e..0000000 --- a/pkgs/_sources/generated.nix +++ /dev/null @@ -1,27 +0,0 @@ -# This file was generated by nvfetcher, please do not modify it manually. -{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }: -{ - crowdsec-firewall-bouncer = { - pname = "crowdsec-firewall-bouncer"; - version = "v0.0.34"; - src = fetchFromGitHub { - owner = "crowdsecurity"; - repo = "cs-firewall-bouncer"; - rev = "v0.0.34"; - fetchSubmodules = false; - sha256 = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g="; - }; - }; - crowdsec-hub = { - pname = "crowdsec-hub"; - version = "fc59f78180f3edfce76df3e77b001c454f567d3d"; - src = fetchFromGitHub { - owner = "crowdsecurity"; - repo = "hub"; - rev = "fc59f78180f3edfce76df3e77b001c454f567d3d"; - fetchSubmodules = false; - sha256 = "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q="; - }; - date = "2025-08-17"; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index f3a72f5..31335a6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,7 +1,5 @@ { pkgs }: pkgs.lib.packagesFromDirectoryRecursive { - callPackage = pkgs.lib.callPackageWith ( - pkgs // { sources = pkgs.callPackage ./_sources/generated.nix { }; } - ); + inherit (pkgs) callPackage; directory = ./packages; } diff --git a/pkgs/nvfetcher.toml b/pkgs/nvfetcher.toml deleted file mode 100644 index 2287dba..0000000 --- a/pkgs/nvfetcher.toml +++ /dev/null @@ -1,7 +0,0 @@ -[crowdsec-hub] -src.git = "https://github.com/crowdsecurity/hub.git" -fetch.github = "crowdsecurity/hub" - -[crowdsec-firewall-bouncer] -src.github = "crowdsecurity/cs-firewall-bouncer" -fetch.github = "crowdsecurity/cs-firewall-bouncer" diff --git a/pkgs/packages/crowdsec-firewall-bouncer.nix b/pkgs/packages/crowdsec-firewall-bouncer.nix index cfb062a..f3156f9 100644 --- a/pkgs/packages/crowdsec-firewall-bouncer.nix +++ b/pkgs/packages/crowdsec-firewall-bouncer.nix @@ -1,6 +1,6 @@ { lib, - sources, + fetchFromGitHub, buildGoModule, envsubst, coreutils, @@ -8,8 +8,16 @@ let envsubstBin = lib.getExe envsubst; in -buildGoModule { - inherit (sources.crowdsec-firewall-bouncer) pname version src; +buildGoModule (drv: { + pname = "crowdsec-firewall-bouncer"; + version = "0.0.34"; + + src = fetchFromGitHub { + owner = "crowdsecurity"; + repo = "cs-firewall-bouncer"; + rev = drv.version; + hash = "sha256-lDO9pwPkbI+FDTdXBv03c0p8wbkRUiIDNl1ip3AZo2g="; + }; vendorHash = "sha256-SbpclloBgd9vffC0lBduGRqPOqmzQ0J91/KeDHCh0jo="; @@ -23,4 +31,4 @@ buildGoModule { substituteInPlace $out/lib/systemd/system/crowdsec-firewall-bouncer.service \ --replace-fail /bin/sleep ${coreutils}/bin/sleep ''; -} +}) diff --git a/pkgs/packages/crowdsec-hub.nix b/pkgs/packages/crowdsec-hub.nix index 1b8c9b3..3bc115b 100644 --- a/pkgs/packages/crowdsec-hub.nix +++ b/pkgs/packages/crowdsec-hub.nix @@ -1 +1,17 @@ -{ sources }: sources.crowdsec-hub.src +{ fetchFromGitHub, stdenvNoCC }: +# Using `mkDerivation` so nix-update can pick up the version +stdenvNoCC.mkDerivation (drv: { + pname = "crowdsec-hub"; + version = drv.src.rev; + + src = fetchFromGitHub { + owner = "crowdsecurity"; + repo = "hub"; + rev = "fc59f78180f3edfce76df3e77b001c454f567d3d"; + hash = "sha256-Ejx3ta05SMvV/Dj7wy2iF9QYbGoRvxPB3+QuCIoTX4Q="; + }; + + installPhase = '' + cp -r $src $out + ''; +}) diff --git a/pkgs/update.nu b/pkgs/update.nu new file mode 100644 index 0000000..0ed1bc1 --- /dev/null +++ b/pkgs/update.nu @@ -0,0 +1,23 @@ +use std/log + +let packages_with_updatescript = ( + nix flake show --json + | from json + | $in.packages.x86_64-linux + | columns + | filter {|p| nix eval $'.#($p)' --apply 'builtins.hasAttr "updateScript"' | $in == 'true' } +) + +for $package in $packages_with_updatescript { + log info $'Updating ($package)' + nix run $'.#($package).updateScript' +} + +log info 'Committing changes' + +try { + git add pkgs + git commit -m 'update(pkgs): Update sources of all downstream packages' +} catch { + log warning 'No changes to commit' +} From 9b593ddd4bdf641b0cee0ee0bdc841c40d3617c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Mon, 29 Sep 2025 13:08:31 +0800 Subject: [PATCH 7/7] refactor(flake.nix): Clean up last references to a gobal `pkgs` --- flake.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index b919304..76d612f 100644 --- a/flake.nix +++ b/flake.nix @@ -37,7 +37,6 @@ }@inputs: let system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; vm = nixpkgs.lib.nixosSystem { inherit system; @@ -100,7 +99,7 @@ packages.${system} = { default = vm.config.system.build.vm; } - // import ./pkgs { inherit pkgs; }; + // import ./pkgs { pkgs = nixpkgs.legacyPackages.${system}; }; ################### # Utility scripts # @@ -111,7 +110,7 @@ run-vm = { type = "app"; program = - (pkgs.writeShellScript "" '' + (nixpkgs.legacyPackages.${system}.writeShellScript "" '' ${vm.config.system.build.vm.outPath}/bin/run-testvm-vm '').outPath; };