introduce 'moby-min' host variant for the quickest deployment (no webkitgtk)
This commit is contained in:
33
flake.nix
33
flake.nix
@@ -108,7 +108,7 @@
|
|||||||
nixpkgs' = patchNixpkgs "master" nixpkgs-unpatched;
|
nixpkgs' = patchNixpkgs "master" nixpkgs-unpatched;
|
||||||
nixpkgsCompiledBy = system: nixpkgs'.legacyPackages."${system}";
|
nixpkgsCompiledBy = system: nixpkgs'.legacyPackages."${system}";
|
||||||
|
|
||||||
evalHost = { name, local, target, light ? false, nixpkgs ? nixpkgs' }: nixpkgs.lib.nixosSystem {
|
evalHost = { name, local, target, variant ? null, nixpkgs ? nixpkgs' }: nixpkgs.lib.nixosSystem {
|
||||||
system = target;
|
system = target;
|
||||||
modules = [
|
modules = [
|
||||||
{
|
{
|
||||||
@@ -120,8 +120,11 @@
|
|||||||
# so avoid specifying hostPlatform.system on non-cross builds, so i can use upstream caches.
|
# so avoid specifying hostPlatform.system on non-cross builds, so i can use upstream caches.
|
||||||
nixpkgs.hostPlatform.system = target;
|
nixpkgs.hostPlatform.system = target;
|
||||||
})
|
})
|
||||||
(optionalAttrs light {
|
(optionalAttrs (variant == "light") {
|
||||||
sane.enableSlowPrograms = false;
|
sane.maxBuildCost = 1;
|
||||||
|
})
|
||||||
|
(optionalAttrs (variant == "min") {
|
||||||
|
sane.maxBuildCost = 0;
|
||||||
})
|
})
|
||||||
(import ./hosts/instantiate.nix { hostName = name; })
|
(import ./hosts/instantiate.nix { hostName = name; })
|
||||||
self.nixosModules.default
|
self.nixosModules.default
|
||||||
@@ -139,11 +142,13 @@
|
|||||||
hosts = {
|
hosts = {
|
||||||
servo = { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
servo = { name = "servo"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
desko = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
desko = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
desko-light = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; light = true; };
|
desko-light = { name = "desko"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "light"; };
|
||||||
lappy = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
lappy = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
lappy-light = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; light = true; };
|
lappy-light = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "light"; };
|
||||||
|
lappy-min = { name = "lappy"; local = "x86_64-linux"; target = "x86_64-linux"; variant = "min"; };
|
||||||
moby = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
moby = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; };
|
||||||
moby-light = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; light = true; };
|
moby-light = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; variant = "light"; };
|
||||||
|
moby-min = { name = "moby"; local = "x86_64-linux"; target = "aarch64-linux"; variant = "min"; };
|
||||||
rescue = { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
rescue = { name = "rescue"; local = "x86_64-linux"; target = "x86_64-linux"; };
|
||||||
};
|
};
|
||||||
hostsNext = mapAttrs' (h: v: {
|
hostsNext = mapAttrs' (h: v: {
|
||||||
@@ -408,14 +413,17 @@
|
|||||||
desko-light = deployApp "desko-light" "desko" "switch";
|
desko-light = deployApp "desko-light" "desko" "switch";
|
||||||
lappy = deployApp "lappy" "lappy" "switch";
|
lappy = deployApp "lappy" "lappy" "switch";
|
||||||
lappy-light = deployApp "lappy-light" "lappy" "switch";
|
lappy-light = deployApp "lappy-light" "lappy" "switch";
|
||||||
|
lappy-min = deployApp "lappy-min" "lappy" "switch";
|
||||||
moby = deployApp "moby" "moby" "switch";
|
moby = deployApp "moby" "moby" "switch";
|
||||||
moby-light = deployApp "moby-light" "moby" "switch";
|
moby-light = deployApp "moby-light" "moby" "switch";
|
||||||
|
moby-min = deployApp "moby-min" "moby" "switch";
|
||||||
moby-test = deployApp "moby" "moby" "test";
|
moby-test = deployApp "moby" "moby" "test";
|
||||||
servo = deployApp "servo" "servo" "switch";
|
servo = deployApp "servo" "servo" "switch";
|
||||||
|
|
||||||
# like `nixos-rebuild --flake . switch`
|
# like `nixos-rebuild --flake . switch`
|
||||||
self = deployApp "$(hostname)" "" "switch";
|
self = deployApp "$(hostname)" "" "switch";
|
||||||
self-light = deployApp "$(hostname)-light" "" "switch";
|
self-light = deployApp "$(hostname)-light" "" "switch";
|
||||||
|
self-min = deployApp "$(hostname)-min" "" "switch";
|
||||||
|
|
||||||
type = "app";
|
type = "app";
|
||||||
program = builtins.toString (pkgs.writeShellScript "deploy-all" ''
|
program = builtins.toString (pkgs.writeShellScript "deploy-all" ''
|
||||||
@@ -431,12 +439,16 @@
|
|||||||
desko-light = deployApp "desko-light" "desko" null;
|
desko-light = deployApp "desko-light" "desko" null;
|
||||||
lappy = deployApp "lappy" "lappy" null;
|
lappy = deployApp "lappy" "lappy" null;
|
||||||
lappy-light = deployApp "lappy-light" "lappy" null;
|
lappy-light = deployApp "lappy-light" "lappy" null;
|
||||||
|
lappy-min = deployApp "lappy-min" "lappy" null;
|
||||||
moby = deployApp "moby" "moby" null;
|
moby = deployApp "moby" "moby" null;
|
||||||
moby-light = deployApp "moby-light" "moby" null;
|
moby-light = deployApp "moby-light" "moby" null;
|
||||||
|
moby-min = deployApp "moby-min" "moby" null;
|
||||||
servo = deployApp "servo" "servo" null;
|
servo = deployApp "servo" "servo" null;
|
||||||
type = "app";
|
type = "app";
|
||||||
program = builtins.toString (pkgs.writeShellScript "predeploy-all" ''
|
program = builtins.toString (pkgs.writeShellScript "predeploy-all" ''
|
||||||
# copy the -light variants first; this might be run while waiting on a full build. or the full build failed.
|
# copy the -min/-light variants first; this might be run while waiting on a full build. or the full build failed.
|
||||||
|
nix run '.#preDeploy.moby-min' -- "$@"
|
||||||
|
nix run '.#preDeploy.lappy-min' -- "$@"
|
||||||
nix run '.#preDeploy.moby-light' -- "$@"
|
nix run '.#preDeploy.moby-light' -- "$@"
|
||||||
nix run '.#preDeploy.lappy-light' -- "$@"
|
nix run '.#preDeploy.lappy-light' -- "$@"
|
||||||
nix run '.#preDeploy.desko-light' -- "$@"
|
nix run '.#preDeploy.desko-light' -- "$@"
|
||||||
@@ -541,6 +553,9 @@
|
|||||||
''
|
''
|
||||||
# build minimally-usable hosts first, then their full image.
|
# build minimally-usable hosts first, then their full image.
|
||||||
# this gives me a minimal image i can deploy or copy over, early.
|
# this gives me a minimal image i can deploy or copy over, early.
|
||||||
|
${checkHost "lappy-min"}
|
||||||
|
${checkHost "moby-min"}
|
||||||
|
|
||||||
${checkHost "desko-light"}
|
${checkHost "desko-light"}
|
||||||
${checkHost "moby-light"}
|
${checkHost "moby-light"}
|
||||||
${checkHost "lappy-light"}
|
${checkHost "lappy-light"}
|
||||||
|
@@ -53,7 +53,7 @@
|
|||||||
|
|
||||||
# allow `nix-shell` (and probably nix-index?) to locate our patched and custom packages.
|
# allow `nix-shell` (and probably nix-index?) to locate our patched and custom packages.
|
||||||
# this is actually a no-op, and the real action happens in assigning `nix.settings.nix-path`.
|
# this is actually a no-op, and the real action happens in assigning `nix.settings.nix-path`.
|
||||||
nix.nixPath = (lib.optionals config.sane.enableSlowPrograms [
|
nix.nixPath = (lib.optionals (config.sane.maxBuildCost >= 2) [
|
||||||
"nixpkgs=${pkgs.path}"
|
"nixpkgs=${pkgs.path}"
|
||||||
]) ++ [
|
]) ++ [
|
||||||
# note the import starts at repo root: this allows `./overlay/default.nix` to access the stuff at the root
|
# note the import starts at repo root: this allows `./overlay/default.nix` to access the stuff at the root
|
||||||
@@ -65,10 +65,10 @@
|
|||||||
|
|
||||||
# ensure new deployments have a source of this repo with which they can bootstrap.
|
# ensure new deployments have a source of this repo with which they can bootstrap.
|
||||||
# this however changes on every commit and can be slow to copy for e.g. `moby`.
|
# this however changes on every commit and can be slow to copy for e.g. `moby`.
|
||||||
environment.etc."nixos" = lib.mkIf config.sane.enableSlowPrograms {
|
environment.etc."nixos" = lib.mkIf (config.sane.maxBuildCost >= 2) {
|
||||||
source = ../../..;
|
source = ../../..;
|
||||||
};
|
};
|
||||||
environment.etc."nix/registry.json" = lib.mkIf (!config.sane.enableSlowPrograms) {
|
environment.etc."nix/registry.json" = lib.mkIf (config.sane.maxBuildCost < 2) {
|
||||||
enable = false;
|
enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@@ -749,7 +749,7 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
qemu.sandbox.enable = false; #< it's a launcher
|
qemu.sandbox.enable = false; #< it's a launcher
|
||||||
qemu.slowToBuild = true;
|
qemu.buildCost = 1;
|
||||||
|
|
||||||
rsync.sandbox.method = "bwrap";
|
rsync.sandbox.method = "bwrap";
|
||||||
rsync.sandbox.net = "clearnet";
|
rsync.sandbox.net = "clearnet";
|
||||||
|
@@ -23,6 +23,8 @@
|
|||||||
"tmp"
|
"tmp"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
buildCost = 1;
|
||||||
|
|
||||||
# XXX(2023/07/08): running on moby without `WEBKIT_DISABLE_SANDBOX...` fails, with:
|
# XXX(2023/07/08): running on moby without `WEBKIT_DISABLE_SANDBOX...` fails, with:
|
||||||
# - `bwrap: Can't make symlink at /var/run: File exists`
|
# - `bwrap: Can't make symlink at /var/run: File exists`
|
||||||
# this could be due to:
|
# this could be due to:
|
||||||
|
@@ -37,7 +37,7 @@ in
|
|||||||
# fs.".config/geary".dir = {};
|
# fs.".config/geary".dir = {};
|
||||||
# fs.".local/share/folks".dir = {};
|
# fs.".local/share/folks".dir = {};
|
||||||
|
|
||||||
slowToBuild = true; # uses webkitgtk 4.1
|
buildCost = 2; # uses webkitgtk 4.1
|
||||||
persist.byStore.private = [
|
persist.byStore.private = [
|
||||||
# attachments, and email -- contained in a sqlite db
|
# attachments, and email -- contained in a sqlite db
|
||||||
".local/share/geary"
|
".local/share/geary"
|
||||||
|
@@ -16,6 +16,8 @@
|
|||||||
sandbox.whitelistDri = true; #< required
|
sandbox.whitelistDri = true; #< required
|
||||||
sandbox.whitelistWayland = true;
|
sandbox.whitelistWayland = true;
|
||||||
|
|
||||||
|
buildCost = 1;
|
||||||
|
|
||||||
secrets.".local/share/komikku/keyrings/plaintext.keyring" = ../../../secrets/common/komikku_accounts.json.bin;
|
secrets.".local/share/komikku/keyrings/plaintext.keyring" = ../../../secrets/common/komikku_accounts.json.bin;
|
||||||
# downloads end up here, and without the toplevel database komikku doesn't know they exist.
|
# downloads end up here, and without the toplevel database komikku doesn't know they exist.
|
||||||
persist.byStore.plaintext = [
|
persist.byStore.plaintext = [
|
||||||
|
@@ -16,7 +16,7 @@
|
|||||||
"tmp"
|
"tmp"
|
||||||
];
|
];
|
||||||
|
|
||||||
slowToBuild = true;
|
buildCost = 2;
|
||||||
|
|
||||||
# disable first-run stuff
|
# disable first-run stuff
|
||||||
fs.".config/libreoffice/4/user/registrymodifications.xcu".symlink.text = ''
|
fs.".config/libreoffice/4/user/registrymodifications.xcu".symlink.text = ''
|
||||||
|
@@ -13,7 +13,7 @@ let
|
|||||||
wanted-feeds = feeds.filterByFormat [ "text" "image" "podcast" "video" ] all-feeds;
|
wanted-feeds = feeds.filterByFormat [ "text" "image" "podcast" "video" ] all-feeds;
|
||||||
in {
|
in {
|
||||||
sane.programs.newsflash = {
|
sane.programs.newsflash = {
|
||||||
slowToBuild = true; # mainly for desktop: webkitgtk-6.0
|
buildCost = 1; # mainly for desktop: webkitgtk-6.0
|
||||||
persist.byStore.plaintext = [ ".local/share/news-flash" ];
|
persist.byStore.plaintext = [ ".local/share/news-flash" ];
|
||||||
fs.".config/newsflashFeeds.opml".symlink.text =
|
fs.".config/newsflashFeeds.opml".symlink.text =
|
||||||
feeds.feedsToOpml wanted-feeds
|
feeds.feedsToOpml wanted-feeds
|
||||||
|
@@ -10,6 +10,6 @@
|
|||||||
".local/share/io.github.alainm23.planify"
|
".local/share/io.github.alainm23.planify"
|
||||||
];
|
];
|
||||||
|
|
||||||
slowToBuild = true; # webkitgtk-6.0; slow for desktop
|
buildCost = 1; # webkitgtk-6.0; slow for desktop
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@@ -27,7 +27,7 @@ in
|
|||||||
'' + (upstream.preFixup or "");
|
'' + (upstream.preFixup or "");
|
||||||
});
|
});
|
||||||
|
|
||||||
slowToBuild = true; # only true for cross-compiled tangram
|
buildCost = 1;
|
||||||
|
|
||||||
sandbox.method = "bwrap";
|
sandbox.method = "bwrap";
|
||||||
sandbox.net = "clearnet";
|
sandbox.net = "clearnet";
|
||||||
|
@@ -18,6 +18,9 @@
|
|||||||
"/sys/dev"
|
"/sys/dev"
|
||||||
"/sys/devices"
|
"/sys/devices"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
buildCost = 1;
|
||||||
|
|
||||||
# wike probably meant to put everything here in a subdir, but didn't.
|
# wike probably meant to put everything here in a subdir, but didn't.
|
||||||
# see: <https://github.com/hugolabe/Wike/issues/176>
|
# see: <https://github.com/hugolabe/Wike/issues/176>
|
||||||
persist.byStore.cryptClearOnBoot = [
|
persist.byStore.cryptClearOnBoot = [
|
||||||
|
@@ -13,6 +13,6 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
fs.".config/wireshark".dir = {};
|
fs.".config/wireshark".dir = {};
|
||||||
slowToBuild = true;
|
buildCost = 1;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@@ -15,7 +15,7 @@ in {
|
|||||||
sane.programs.zeal = {
|
sane.programs.zeal = {
|
||||||
# packageUnwrapped = pkgs.zeal-qt6; #< TODO: upgrade system to qt6 versions of everything (i.e. jellyfin-media-player, nheko)
|
# packageUnwrapped = pkgs.zeal-qt6; #< TODO: upgrade system to qt6 versions of everything (i.e. jellyfin-media-player, nheko)
|
||||||
packageUnwrapped = pkgs.zeal-qt5;
|
packageUnwrapped = pkgs.zeal-qt5;
|
||||||
slowToBuild = true;
|
buildCost = 2;
|
||||||
persist.byStore.plaintext = [
|
persist.byStore.plaintext = [
|
||||||
".cache/Zeal"
|
".cache/Zeal"
|
||||||
".local/share/Zeal"
|
".local/share/Zeal"
|
||||||
|
@@ -258,9 +258,9 @@ let
|
|||||||
see `sane.users.<user>.services` for options;
|
see `sane.users.<user>.services` for options;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
slowToBuild = mkOption {
|
buildCost = mkOption {
|
||||||
type = types.bool;
|
type = types.enum [ 0 1 2 ];
|
||||||
default = false;
|
default = 0;
|
||||||
description = ''
|
description = ''
|
||||||
whether this package is very slow, or has unique dependencies which are very slow to build.
|
whether this package is very slow, or has unique dependencies which are very slow to build.
|
||||||
marking packages like this can be used to achieve faster, but limited, rebuilds/deploys (by omitting the package).
|
marking packages like this can be used to achieve faster, but limited, rebuilds/deploys (by omitting the package).
|
||||||
@@ -466,7 +466,7 @@ let
|
|||||||
|
|
||||||
config = let
|
config = let
|
||||||
enabledForUser = builtins.any (en: en) (lib.attrValues config.enableFor.user);
|
enabledForUser = builtins.any (en: en) (lib.attrValues config.enableFor.user);
|
||||||
passesSlowTest = saneCfg.enableSlowPrograms || !config.slowToBuild;
|
passesSlowTest = config.buildCost <= saneCfg.maxBuildCost;
|
||||||
in {
|
in {
|
||||||
enabled = (config.enableFor.system || enabledForUser) && passesSlowTest;
|
enabled = (config.enableFor.system || enabledForUser) && passesSlowTest;
|
||||||
package = if config.packageUnwrapped == null then
|
package = if config.packageUnwrapped == null then
|
||||||
@@ -602,11 +602,12 @@ in
|
|||||||
type = types.attrsOf toPkgSpec;
|
type = types.attrsOf toPkgSpec;
|
||||||
default = {};
|
default = {};
|
||||||
};
|
};
|
||||||
sane.enableSlowPrograms = mkOption {
|
sane.maxBuildCost = mkOption {
|
||||||
type = types.bool;
|
type = types.enum [ 0 1 2 ];
|
||||||
default = true;
|
default = 2;
|
||||||
description = ''
|
description = ''
|
||||||
whether to ship programs which are uniquely slow to build.
|
max build cost of programs to ship.
|
||||||
|
set to 0 to get the fastest, but most restrictive build.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
sane.sandboxHelper = mkOption {
|
sane.sandboxHelper = mkOption {
|
||||||
|
Reference in New Issue
Block a user