move nixpkgs-stable to private flake inputs

now with home-manager and nix-darwin tests, we don't want to increase the number of dependencies a user has to override in their flake.lock.
2024-12-14 11:57:52 +00:00 · 2024-11-17 12:42:28 +01:00 · 2024-11-17 12:42:28 +01:00 · 7769727634
commit 7769727634
parent d76a2f002f
6 changed files with 120 additions and 60 deletions
--- a/dev/private.narHash
+++ b/dev/private.narHash
@ -0,0 +1 @@
 sha256-qF9EiqHqJARLtA+ZABXa2mstgbza762DwoGEIGkyqVY=
--- a/dev/private/flake.lock
+++ b/dev/private/flake.lock
@ -0,0 +1,48 @@
 {
  "nodes": {
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1731842749,
        "narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs-stable": "nixpkgs-stable",
        "treefmt-nix": "treefmt-nix"
      }
    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs-stable"
        ]
      },
      "locked": {
        "lastModified": 1730321837,
        "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
        "owner": "numtide",
        "repo": "treefmt-nix",
        "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "treefmt-nix",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/dev/private/flake.nix
+++ b/dev/private/flake.nix
@ -0,0 +1,9 @@
 {
  description = "private inputs";
  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05";
  inputs.treefmt-nix.url = "github:numtide/treefmt-nix";
  inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-stable";
  outputs = _: { };
 }
--- a/flake.lock
+++ b/flake.lock
@ -16,26 +16,9 @@
        "type": "github"
      }
    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1731797254,
        "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs"
        "nixpkgs-stable": "nixpkgs-stable"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -1,7 +1,7 @@
 {
  description = "Integrates sops into nixos";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05";
+
  nixConfig.extra-substituters = [ "https://cache.thalheim.io" ];
  nixConfig.extra-trusted-public-keys = [
    "cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="
@ -10,21 +10,41 @@
    {
      self,
      nixpkgs,
-      nixpkgs-stable,
+    }@inputs:
    }:
    let
      loadPrivateFlake =
        path:
        let
          flakeHash = builtins.readFile "${toString path}.narHash";
          flakePath = "path:${toString path}?narHash=${flakeHash}";
        in
        builtins.getFlake (builtins.unsafeDiscardStringContext flakePath);
      privateFlake = loadPrivateFlake ./dev/private;
      privateInputs = privateFlake.inputs;
      systems = [
        "x86_64-linux"
        "x86_64-darwin"
        "aarch64-darwin"
        "aarch64-linux"
      ];
-      forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
+
-      suffix-version =
+      eachSystem =
-        version: attrs:
+        f:
-        nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs;
+        builtins.listToAttrs (
-      suffix-stable = suffix-version "-24_05";
+          builtins.map (system: {
            name = system;
            value = f {
              pkgs = inputs.nixpkgs.legacyPackages.${system};
              inherit system;
            };
          }) systems
        );
    in
    # public outputs
    {
      overlays.default =
        final: prev:
@ -52,39 +72,33 @@
        sops = ./modules/nix-darwin;
        default = self.darwinModules.sops;
      };
-      packages = forAllSystems (
+      packages = eachSystem ({ pkgs, ... }: import ./default.nix { inherit pkgs; });
-        system:
+    }
-        import ./default.nix {
+    //
-          pkgs = import nixpkgs { inherit system; };
+      # dev outputs
-        }
+      {
-      );
+        checks = eachSystem (
-      checks =
+          { system, ... }:
-        nixpkgs.lib.genAttrs
+          let
-          [
+            tests = self.packages.${system}.sops-install-secrets.tests;
-            "x86_64-linux"
+            packages-stable = import ./default.nix {
-            "aarch64-linux"
+              pkgs = privateInputs.nixpkgs-stable.legacyPackages.${system};
-          ]
+            };
-          (
+            tests-stable = packages-stable.sops-install-secrets.tests;
-            system:
+            suffix-version =
-            let
+              version: attrs:
-              tests = self.packages.${system}.sops-install-secrets.tests;
+              nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs;
-              packages-stable = import ./default.nix {
+            suffix-stable = suffix-version "-24_05";
-                pkgs = import nixpkgs-stable { inherit system; };
+          in
-              };
+          tests // (suffix-stable tests-stable) // (suffix-stable packages-stable)
-              tests-stable = packages-stable.sops-install-secrets.tests;
+        );
            in
            tests // (suffix-stable tests-stable) // (suffix-stable packages-stable)
          );
-      devShells = forAllSystems (
+        devShells = eachSystem (
-        system:
+          { pkgs, ... }:
-        let
+          {
-          pkgs = nixpkgs.legacyPackages.${system};
+            unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { };
-        in
+            default = pkgs.callPackage ./shell.nix { };
-        {
+          }
-          unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { };
+        );
-          default = pkgs.callPackage ./shell.nix { };
+      };
        }
      );
    };
 }
--- a/shell.nix
+++ b/shell.nix
@ -10,6 +10,11 @@ pkgs.mkShell {
    util-linux
    nix
    golangci-lint
    (pkgs.writeScriptBin "update-dev-private-narHash" ''
      nix --extra-experimental-features "nix-command flakes" flake lock ./dev/private
      nix --extra-experimental-features "nix-command flakes" hash path ./dev/private | tr -d '\n' > ./dev/private.narHash
    '')
  ];
  # delve does not compile with hardening enabled
  hardeningDisable = [ "all" ];
		`@ -0,0 +1 @@`
							`sha256-qF9EiqHqJARLtA+ZABXa2mstgbza762DwoGEIGkyqVY=`