colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

introduce 'moby-min' host variant for the quickest deployment (no webkitgtk)

This commit is contained in:
Colin 2024-04-09 20:20:36 +00:00
parent 527a9e7612
commit 4b22fd95bf
14 changed files with 51 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
flake.nix
View File

@ -108,7 +108,7 @@
nixpkgs' = patchNixpkgs "master" nixpkgs-unpatched;
nixpkgsCompiledBy = system: nixpkgs'.legacyPackages."${system}";
evalHost = { name, local, target, light ? false, nixpkgs ? nixpkgs' }: nixpkgs.lib.nixosSystem {
evalHost = { name, local, target, variant ? null, nixpkgs ? nixpkgs' }: nixpkgs.lib.nixosSystem {
system = target;
modules = [
{
@ -120,8 +120,11 @@
# so avoid specifying hostPlatform.system on non-cross builds, so i can use upstream caches.
nixpkgs.hostPlatform.system = target;
})
(optionalAttrs light {
sane.enableSlowPrograms = false;
(optionalAttrs (variant == "light") {
sane.maxBuildCost = 1;
})
(optionalAttrs (variant == "min") {
sane.maxBuildCost = 0;
})
(import ./hosts/instantiate.nix { hostName = name; })
self.nixosModules.default
@ -139,11 +142,13 @@
hosts = {
servo = { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
desko = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
desko-light = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; light = true; };
desko-light = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "light"; };
lappy = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
lappy-light = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; light = true; };
lappy-light = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "light"; };
lappy-min = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "min"; };
moby = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
moby-light = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; light = true; };
moby-light = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; variant = "light"; };
moby-min = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; variant = "min"; };
rescue = { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
};
hostsNext = mapAttrs' (h: v: {
@ -408,14 +413,17 @@
desko-light = deployApp "desko-light" "desko" "switch";
lappy = deployApp "lappy" "lappy" "switch";
lappy-light = deployApp "lappy-light" "lappy" "switch";
lappy-min = deployApp "lappy-min" "lappy" "switch";
moby = deployApp "moby" "moby" "switch";
moby-light = deployApp "moby-light" "moby" "switch";
moby-min = deployApp "moby-min" "moby" "switch";
moby-test = deployApp "moby" "moby" "test";
servo = deployApp "servo" "servo" "switch";
# like `nixos-rebuild --flake . switch`
self = deployApp "$(hostname)" "" "switch";
self-light = deployApp "$(hostname)-light" "" "switch";
self = deployApp "$(hostname)" "" "switch";
self-light = deployApp "$(hostname)-light" "" "switch";
self-min = deployApp "$(hostname)-min" "" "switch";
type = "app";
program = builtins.toString (pkgs.writeShellScript "deploy-all" ''
@ -431,12 +439,16 @@
desko-light = deployApp "desko-light" "desko" null;
lappy = deployApp "lappy" "lappy" null;
lappy-light = deployApp "lappy-light" "lappy" null;
lappy-min = deployApp "lappy-min" "lappy" null;
moby = deployApp "moby" "moby" null;
moby-light = deployApp "moby-light" "moby" null;
moby-min = deployApp "moby-min" "moby" null;
servo = deployApp "servo" "servo" null;
type = "app";
program = builtins.toString (pkgs.writeShellScript "predeploy-all" ''
# copy the -light variants first; this might be run while waiting on a full build. or the full build failed.
# copy the -min/-light variants first; this might be run while waiting on a full build. or the full build failed.
nix run '.#preDeploy.moby-min' -- "$@"
nix run '.#preDeploy.lappy-min' -- "$@"
nix run '.#preDeploy.moby-light' -- "$@"
nix run '.#preDeploy.lappy-light' -- "$@"
nix run '.#preDeploy.desko-light' -- "$@"
@ -541,6 +553,9 @@
''
# build minimally-usable hosts first, then their full image.
# this gives me a minimal image i can deploy or copy over, early.
${checkHost "lappy-min"}
${checkHost "moby-min"}
${checkHost "desko-light"}
${checkHost "moby-light"}
${checkHost "lappy-light"}

6
hosts/common/nix/default.nix
View File

@ -53,7 +53,7 @@
# allow `nix-shell` (and probably nix-index?) to locate our patched and custom packages.
# this is actually a no-op, and the real action happens in assigning `nix.settings.nix-path`.
nix.nixPath = (lib.optionals config.sane.enableSlowPrograms [
nix.nixPath = (lib.optionals (config.sane.maxBuildCost >= 2) [
"nixpkgs=${pkgs.path}"
]) ++ [
# note the import starts at repo root: this allows `./overlay/default.nix` to access the stuff at the root
@ -65,10 +65,10 @@
# ensure new deployments have a source of this repo with which they can bootstrap.
# this however changes on every commit and can be slow to copy for e.g. `moby`.
environment.etc."nixos" = lib.mkIf config.sane.enableSlowPrograms {
environment.etc."nixos" = lib.mkIf (config.sane.maxBuildCost >= 2) {
source = ../../..;
};
environment.etc."nix/registry.json" = lib.mkIf (!config.sane.enableSlowPrograms) {
environment.etc."nix/registry.json" = lib.mkIf (config.sane.maxBuildCost < 2) {
enable = false;
};

2
hosts/common/programs/assorted.nix
View File

@ -749,7 +749,7 @@ in
];
qemu.sandbox.enable = false; #< it's a launcher
qemu.slowToBuild = true;
qemu.buildCost = 1;
rsync.sandbox.method = "bwrap";
rsync.sandbox.net = "clearnet";

2
hosts/common/programs/epiphany.nix
View File

@ -23,6 +23,8 @@
"tmp"
];
buildCost = 1;
# XXX(2023/07/08): running on moby without `WEBKIT_DISABLE_SANDBOX...` fails, with:
# - `bwrap: Can't make symlink at /var/run: File exists`
# this could be due to:

2
hosts/common/programs/geary.nix
View File

@ -37,7 +37,7 @@ in
# fs.".config/geary".dir = {};
# fs.".local/share/folks".dir = {};
slowToBuild = true; # uses webkitgtk 4.1
buildCost = 2; # uses webkitgtk 4.1
persist.byStore.private = [
# attachments, and email -- contained in a sqlite db
".local/share/geary"

2
hosts/common/programs/komikku.nix
View File

@ -16,6 +16,8 @@
sandbox.whitelistDri = true; #< required
sandbox.whitelistWayland = true;
buildCost = 1;
secrets.".local/share/komikku/keyrings/plaintext.keyring" = ../../../secrets/common/komikku_accounts.json.bin;
# downloads end up here, and without the toplevel database komikku doesn't know they exist.
persist.byStore.plaintext = [

2
hosts/common/programs/libreoffice.nix
View File

@ -16,7 +16,7 @@
"tmp"
];
slowToBuild = true;
buildCost = 2;
# disable first-run stuff
fs.".config/libreoffice/4/user/registrymodifications.xcu".symlink.text = ''

2
hosts/common/programs/newsflash.nix
View File

@ -13,7 +13,7 @@ let
wanted-feeds = feeds.filterByFormat [ "text" "image" "podcast" "video" ] all-feeds;
in {
sane.programs.newsflash = {
slowToBuild = true; # mainly for desktop: webkitgtk-6.0
buildCost = 1; # mainly for desktop: webkitgtk-6.0
persist.byStore.plaintext = [ ".local/share/news-flash" ];
fs.".config/newsflashFeeds.opml".symlink.text =
feeds.feedsToOpml wanted-feeds

2
hosts/common/programs/planify.nix
View File

@ -10,6 +10,6 @@
".local/share/io.github.alainm23.planify"
];
slowToBuild = true; # webkitgtk-6.0; slow for desktop
buildCost = 1; # webkitgtk-6.0; slow for desktop
};
}

2
hosts/common/programs/tangram.nix
View File

@ -27,7 +27,7 @@ in
'' + (upstream.preFixup or "");
});
slowToBuild = true; # only true for cross-compiled tangram
buildCost = 1;
sandbox.method = "bwrap";
sandbox.net = "clearnet";

3
hosts/common/programs/wike.nix
View File

@ -18,6 +18,9 @@
"/sys/dev"
"/sys/devices"
];
buildCost = 1;
# wike probably meant to put everything here in a subdir, but didn't.
# see: <https://github.com/hugolabe/Wike/issues/176>
persist.byStore.cryptClearOnBoot = [

2
hosts/common/programs/wireshark.nix
View File

@ -13,6 +13,6 @@ in
];
fs.".config/wireshark".dir = {};
slowToBuild = true;
buildCost = 1;
};
}

2
hosts/common/programs/zeal.nix
View File

@ -15,7 +15,7 @@ in {
sane.programs.zeal = {
# packageUnwrapped = pkgs.zeal-qt6; #< TODO: upgrade system to qt6 versions of everything (i.e. jellyfin-media-player, nheko)
packageUnwrapped = pkgs.zeal-qt5;
slowToBuild = true;
buildCost = 2;
persist.byStore.plaintext = [
".cache/Zeal"
".local/share/Zeal"

17
modules/programs/default.nix
View File

@ -258,9 +258,9 @@ let
see `sane.users.<user>.services` for options;
'';
};
slowToBuild = mkOption {
type = types.bool;
default = false;
buildCost = mkOption {
type = types.enum [ 0 1 2 ];
default = 0;
description = ''
whether this package is very slow, or has unique dependencies which are very slow to build.
marking packages like this can be used to achieve faster, but limited, rebuilds/deploys (by omitting the package).
@ -466,7 +466,7 @@ let
config = let
enabledForUser = builtins.any (en: en) (lib.attrValues config.enableFor.user);
passesSlowTest = saneCfg.enableSlowPrograms || !config.slowToBuild;
passesSlowTest = config.buildCost <= saneCfg.maxBuildCost;
in {
enabled = (config.enableFor.system || enabledForUser) && passesSlowTest;
package = if config.packageUnwrapped == null then
@ -602,11 +602,12 @@ in
type = types.attrsOf toPkgSpec;
default = {};
};
sane.enableSlowPrograms = mkOption {
type = types.bool;
default = true;
sane.maxBuildCost = mkOption {
type = types.enum [ 0 1 2 ];
default = 2;
description = ''
whether to ship programs which are uniquely slow to build.
max build cost of programs to ship.
set to 0 to get the fastest, but most restrictive build.
'';
};
sane.sandboxHelper = mkOption {