introduce 'moby-min' host variant for the quickest deployment (no webkitgtk)

This commit is contained in:
2024-04-09 20:20:36 +00:00
parent 527a9e7612
commit 4b22fd95bf
14 changed files with 51 additions and 28 deletions

View File

@@ -108,7 +108,7 @@
nixpkgs' = patchNixpkgs "master" nixpkgs-unpatched; nixpkgs' = patchNixpkgs "master" nixpkgs-unpatched;
nixpkgsCompiledBy = system: nixpkgs'.legacyPackages."${system}"; nixpkgsCompiledBy = system: nixpkgs'.legacyPackages."${system}";
evalHost = { name, local, target, light ? false, nixpkgs ? nixpkgs' }: nixpkgs.lib.nixosSystem { evalHost = { name, local, target, variant ? null, nixpkgs ? nixpkgs' }: nixpkgs.lib.nixosSystem {
system = target; system = target;
modules = [ modules = [
{ {
@@ -120,8 +120,11 @@
# so avoid specifying hostPlatform.system on non-cross builds, so i can use upstream caches. # so avoid specifying hostPlatform.system on non-cross builds, so i can use upstream caches.
nixpkgs.hostPlatform.system = target; nixpkgs.hostPlatform.system = target;
}) })
(optionalAttrs light { (optionalAttrs (variant == "light") {
sane.enableSlowPrograms = false; sane.maxBuildCost = 1;
})
(optionalAttrs (variant == "min") {
sane.maxBuildCost = 0;
}) })
(import ./hosts/instantiate.nix { hostName = name; }) (import ./hosts/instantiate.nix { hostName = name; })
self.nixosModules.default self.nixosModules.default
@@ -139,11 +142,13 @@
hosts = { hosts = {
servo = { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; }; servo = { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
desko = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; }; desko = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
desko-light = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; light = true; }; desko-light = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "light"; };
lappy = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; }; lappy = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
lappy-light = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; light = true; }; lappy-light = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "light"; };
lappy-min = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "min"; };
moby = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; }; moby = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
moby-light = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; light = true; }; moby-light = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; variant = "light"; };
moby-min = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; variant = "min"; };
rescue = { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; }; rescue = { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
}; };
hostsNext = mapAttrs' (h: v: { hostsNext = mapAttrs' (h: v: {
@@ -408,14 +413,17 @@
desko-light = deployApp "desko-light" "desko" "switch"; desko-light = deployApp "desko-light" "desko" "switch";
lappy = deployApp "lappy" "lappy" "switch"; lappy = deployApp "lappy" "lappy" "switch";
lappy-light = deployApp "lappy-light" "lappy" "switch"; lappy-light = deployApp "lappy-light" "lappy" "switch";
lappy-min = deployApp "lappy-min" "lappy" "switch";
moby = deployApp "moby" "moby" "switch"; moby = deployApp "moby" "moby" "switch";
moby-light = deployApp "moby-light" "moby" "switch"; moby-light = deployApp "moby-light" "moby" "switch";
moby-min = deployApp "moby-min" "moby" "switch";
moby-test = deployApp "moby" "moby" "test"; moby-test = deployApp "moby" "moby" "test";
servo = deployApp "servo" "servo" "switch"; servo = deployApp "servo" "servo" "switch";
# like `nixos-rebuild --flake . switch` # like `nixos-rebuild --flake . switch`
self = deployApp "$(hostname)" "" "switch"; self = deployApp "$(hostname)" "" "switch";
self-light = deployApp "$(hostname)-light" "" "switch"; self-light = deployApp "$(hostname)-light" "" "switch";
self-min = deployApp "$(hostname)-min" "" "switch";
type = "app"; type = "app";
program = builtins.toString (pkgs.writeShellScript "deploy-all" '' program = builtins.toString (pkgs.writeShellScript "deploy-all" ''
@@ -431,12 +439,16 @@
desko-light = deployApp "desko-light" "desko" null; desko-light = deployApp "desko-light" "desko" null;
lappy = deployApp "lappy" "lappy" null; lappy = deployApp "lappy" "lappy" null;
lappy-light = deployApp "lappy-light" "lappy" null; lappy-light = deployApp "lappy-light" "lappy" null;
lappy-min = deployApp "lappy-min" "lappy" null;
moby = deployApp "moby" "moby" null; moby = deployApp "moby" "moby" null;
moby-light = deployApp "moby-light" "moby" null; moby-light = deployApp "moby-light" "moby" null;
moby-min = deployApp "moby-min" "moby" null;
servo = deployApp "servo" "servo" null; servo = deployApp "servo" "servo" null;
type = "app"; type = "app";
program = builtins.toString (pkgs.writeShellScript "predeploy-all" '' program = builtins.toString (pkgs.writeShellScript "predeploy-all" ''
# copy the -light variants first; this might be run while waiting on a full build. or the full build failed. # copy the -min/-light variants first; this might be run while waiting on a full build. or the full build failed.
nix run '.#preDeploy.moby-min' -- "$@"
nix run '.#preDeploy.lappy-min' -- "$@"
nix run '.#preDeploy.moby-light' -- "$@" nix run '.#preDeploy.moby-light' -- "$@"
nix run '.#preDeploy.lappy-light' -- "$@" nix run '.#preDeploy.lappy-light' -- "$@"
nix run '.#preDeploy.desko-light' -- "$@" nix run '.#preDeploy.desko-light' -- "$@"
@@ -541,6 +553,9 @@
'' ''
# build minimally-usable hosts first, then their full image. # build minimally-usable hosts first, then their full image.
# this gives me a minimal image i can deploy or copy over, early. # this gives me a minimal image i can deploy or copy over, early.
${checkHost "lappy-min"}
${checkHost "moby-min"}
${checkHost "desko-light"} ${checkHost "desko-light"}
${checkHost "moby-light"} ${checkHost "moby-light"}
${checkHost "lappy-light"} ${checkHost "lappy-light"}

View File

@@ -53,7 +53,7 @@
# allow `nix-shell` (and probably nix-index?) to locate our patched and custom packages. # allow `nix-shell` (and probably nix-index?) to locate our patched and custom packages.
# this is actually a no-op, and the real action happens in assigning `nix.settings.nix-path`. # this is actually a no-op, and the real action happens in assigning `nix.settings.nix-path`.
nix.nixPath = (lib.optionals config.sane.enableSlowPrograms [ nix.nixPath = (lib.optionals (config.sane.maxBuildCost >= 2) [
"nixpkgs=${pkgs.path}" "nixpkgs=${pkgs.path}"
]) ++ [ ]) ++ [
# note the import starts at repo root: this allows `./overlay/default.nix` to access the stuff at the root # note the import starts at repo root: this allows `./overlay/default.nix` to access the stuff at the root
@@ -65,10 +65,10 @@
# ensure new deployments have a source of this repo with which they can bootstrap. # ensure new deployments have a source of this repo with which they can bootstrap.
# this however changes on every commit and can be slow to copy for e.g. `moby`. # this however changes on every commit and can be slow to copy for e.g. `moby`.
environment.etc."nixos" = lib.mkIf config.sane.enableSlowPrograms { environment.etc."nixos" = lib.mkIf (config.sane.maxBuildCost >= 2) {
source = ../../..; source = ../../..;
}; };
environment.etc."nix/registry.json" = lib.mkIf (!config.sane.enableSlowPrograms) { environment.etc."nix/registry.json" = lib.mkIf (config.sane.maxBuildCost < 2) {
enable = false; enable = false;
}; };

View File

@@ -749,7 +749,7 @@ in
]; ];
qemu.sandbox.enable = false; #< it's a launcher qemu.sandbox.enable = false; #< it's a launcher
qemu.slowToBuild = true; qemu.buildCost = 1;
rsync.sandbox.method = "bwrap"; rsync.sandbox.method = "bwrap";
rsync.sandbox.net = "clearnet"; rsync.sandbox.net = "clearnet";

View File

@@ -23,6 +23,8 @@
"tmp" "tmp"
]; ];
buildCost = 1;
# XXX(2023/07/08): running on moby without `WEBKIT_DISABLE_SANDBOX...` fails, with: # XXX(2023/07/08): running on moby without `WEBKIT_DISABLE_SANDBOX...` fails, with:
# - `bwrap: Can't make symlink at /var/run: File exists` # - `bwrap: Can't make symlink at /var/run: File exists`
# this could be due to: # this could be due to:

View File

@@ -37,7 +37,7 @@ in
# fs.".config/geary".dir = {}; # fs.".config/geary".dir = {};
# fs.".local/share/folks".dir = {}; # fs.".local/share/folks".dir = {};
slowToBuild = true; # uses webkitgtk 4.1 buildCost = 2; # uses webkitgtk 4.1
persist.byStore.private = [ persist.byStore.private = [
# attachments, and email -- contained in a sqlite db # attachments, and email -- contained in a sqlite db
".local/share/geary" ".local/share/geary"

View File

@@ -16,6 +16,8 @@
sandbox.whitelistDri = true; #< required sandbox.whitelistDri = true; #< required
sandbox.whitelistWayland = true; sandbox.whitelistWayland = true;
buildCost = 1;
secrets.".local/share/komikku/keyrings/plaintext.keyring" = ../../../secrets/common/komikku_accounts.json.bin; secrets.".local/share/komikku/keyrings/plaintext.keyring" = ../../../secrets/common/komikku_accounts.json.bin;
# downloads end up here, and without the toplevel database komikku doesn't know they exist. # downloads end up here, and without the toplevel database komikku doesn't know they exist.
persist.byStore.plaintext = [ persist.byStore.plaintext = [

View File

@@ -16,7 +16,7 @@
"tmp" "tmp"
]; ];
slowToBuild = true; buildCost = 2;
# disable first-run stuff # disable first-run stuff
fs.".config/libreoffice/4/user/registrymodifications.xcu".symlink.text = '' fs.".config/libreoffice/4/user/registrymodifications.xcu".symlink.text = ''

View File

@@ -13,7 +13,7 @@ let
wanted-feeds = feeds.filterByFormat [ "text" "image" "podcast" "video" ] all-feeds; wanted-feeds = feeds.filterByFormat [ "text" "image" "podcast" "video" ] all-feeds;
in { in {
sane.programs.newsflash = { sane.programs.newsflash = {
slowToBuild = true; # mainly for desktop: webkitgtk-6.0 buildCost = 1; # mainly for desktop: webkitgtk-6.0
persist.byStore.plaintext = [ ".local/share/news-flash" ]; persist.byStore.plaintext = [ ".local/share/news-flash" ];
fs.".config/newsflashFeeds.opml".symlink.text = fs.".config/newsflashFeeds.opml".symlink.text =
feeds.feedsToOpml wanted-feeds feeds.feedsToOpml wanted-feeds

View File

@@ -10,6 +10,6 @@
".local/share/io.github.alainm23.planify" ".local/share/io.github.alainm23.planify"
]; ];
slowToBuild = true; # webkitgtk-6.0; slow for desktop buildCost = 1; # webkitgtk-6.0; slow for desktop
}; };
} }

View File

@@ -27,7 +27,7 @@ in
'' + (upstream.preFixup or ""); '' + (upstream.preFixup or "");
}); });
slowToBuild = true; # only true for cross-compiled tangram buildCost = 1;
sandbox.method = "bwrap"; sandbox.method = "bwrap";
sandbox.net = "clearnet"; sandbox.net = "clearnet";

View File

@@ -18,6 +18,9 @@
"/sys/dev" "/sys/dev"
"/sys/devices" "/sys/devices"
]; ];
buildCost = 1;
# wike probably meant to put everything here in a subdir, but didn't. # wike probably meant to put everything here in a subdir, but didn't.
# see: <https://github.com/hugolabe/Wike/issues/176> # see: <https://github.com/hugolabe/Wike/issues/176>
persist.byStore.cryptClearOnBoot = [ persist.byStore.cryptClearOnBoot = [

View File

@@ -13,6 +13,6 @@ in
]; ];
fs.".config/wireshark".dir = {}; fs.".config/wireshark".dir = {};
slowToBuild = true; buildCost = 1;
}; };
} }

View File

@@ -15,7 +15,7 @@ in {
sane.programs.zeal = { sane.programs.zeal = {
# packageUnwrapped = pkgs.zeal-qt6; #< TODO: upgrade system to qt6 versions of everything (i.e. jellyfin-media-player, nheko) # packageUnwrapped = pkgs.zeal-qt6; #< TODO: upgrade system to qt6 versions of everything (i.e. jellyfin-media-player, nheko)
packageUnwrapped = pkgs.zeal-qt5; packageUnwrapped = pkgs.zeal-qt5;
slowToBuild = true; buildCost = 2;
persist.byStore.plaintext = [ persist.byStore.plaintext = [
".cache/Zeal" ".cache/Zeal"
".local/share/Zeal" ".local/share/Zeal"

View File

@@ -258,9 +258,9 @@ let
see `sane.users.<user>.services` for options; see `sane.users.<user>.services` for options;
''; '';
}; };
slowToBuild = mkOption { buildCost = mkOption {
type = types.bool; type = types.enum [ 0 1 2 ];
default = false; default = 0;
description = '' description = ''
whether this package is very slow, or has unique dependencies which are very slow to build. whether this package is very slow, or has unique dependencies which are very slow to build.
marking packages like this can be used to achieve faster, but limited, rebuilds/deploys (by omitting the package). marking packages like this can be used to achieve faster, but limited, rebuilds/deploys (by omitting the package).
@@ -466,7 +466,7 @@ let
config = let config = let
enabledForUser = builtins.any (en: en) (lib.attrValues config.enableFor.user); enabledForUser = builtins.any (en: en) (lib.attrValues config.enableFor.user);
passesSlowTest = saneCfg.enableSlowPrograms || !config.slowToBuild; passesSlowTest = config.buildCost <= saneCfg.maxBuildCost;
in { in {
enabled = (config.enableFor.system || enabledForUser) && passesSlowTest; enabled = (config.enableFor.system || enabledForUser) && passesSlowTest;
package = if config.packageUnwrapped == null then package = if config.packageUnwrapped == null then
@@ -602,11 +602,12 @@ in
type = types.attrsOf toPkgSpec; type = types.attrsOf toPkgSpec;
default = {}; default = {};
}; };
sane.enableSlowPrograms = mkOption { sane.maxBuildCost = mkOption {
type = types.bool; type = types.enum [ 0 1 2 ];
default = true; default = 2;
description = '' description = ''
whether to ship programs which are uniquely slow to build. max build cost of programs to ship.
set to 0 to get the fastest, but most restrictive build.
''; '';
}; };
sane.sandboxHelper = mkOption { sane.sandboxHelper = mkOption {