readme: how to update inputs of this flake

This commit is contained in:
Alexander Tomokhov 2024-01-10 06:47:37 +04:00
parent 1a677f273b
commit 6b66513870

125
README.md
View file

@ -1,67 +1,70 @@
# SelfPrivacy NixOS configuration
This is a NixOS config which builds a SelfPrivacy server distribution
based on data provided in `userdata/userdata.json`.
This configuration is not self-contained, as it needs to be plugged as an input of a top-level NixOS configuration flake (i.e. https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-template/). This flake outputs the following function:
```nix
nixosConfigurations-fun =
{ hardware-configuration # hardware-configuration.nix file
, deployment # deployment.nix file
, userdata # nix attrset, obtained by fromJSON from userdata.json
, top-level-flake # `self`-reference of the top-level flake
, sp-modules # flake inputs of sp-modules flake
}:
```
which returns one or more attributes, containing NixOS configurations (created with `nixpkgs.lib.nixosSystem`). (As of 2024-01-10 there is only a single configuration named `default`.)
JSON schema is provided in `userdata/schema.json` for reference.
## updating flake inputs
**hardware-configuration.nix is not included.**
We have 2 flake inputs:
- nixpkgs
- selfprivacy-api
Example JSON config:
Both get updated the same ways.
```json
{
"backblaze": {
"accountId": "BACKBLAZE_KEY_ID",
"accountKey": "BACKBLAZE_ACCOUNT_KEY",
"bucket": "BACKBLAZE_BUCKET_NAME"
},
"api": {
"token": "API_TOKEN",
"enableSwagger": false
},
"bitwarden": {
"enable": true
},
"cloudflare": {
"apiKey": "CF_TOKEN"
},
"databasePassword": "DB_PASSWORD",
"domain": "DOMAIN",
"hashedMasterPassword": "HASHED_PASSWORD",
"hostname": "DOMAIN",
"nextcloud": {
"enable": true,
"adminPassword": "PASSWORD",
"databasePassword": "PASSWORD"
},
"gitea": {
"enable": true
},
"jitsi": {
"enable": true
},
"ocserv": {
"enable": true
},
"pleroma": {
"enable": true
},
"timezone": "Europe/Moscow",
"resticPassword": "PASSWORD",
"ssh": {
"enable": true,
"rootSshKeys": [
"ssh-ed25519 KEY user@host"
],
"passwordAuthentication": true
},
"username": "LUSER",
"users": [
{
"hashedPassword": "OTHER_USER_HASHED_PASSWORD",
"username": "OTHER_USER"
}
]
}
```
There are 2 methods:
1. specify input name only in a command, relying on URL inside `flake.nix`
2. specify input name and URL in a command, **overriding** whatever URL is inside `flake.nix` for the input to update (override)
In any case a Nix flake input is specified using some special _references_ syntax, including URLs, revisions, etc, described in manual: https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#examples. Such reference can be used inside `flake.nix` or as an argument to `nix flake` commands. When a new reference is encountered Nix downloads and extracts it to /nix/store.
Before and after running `nix flake lock` (or `nix flake update`) commands you would most likely want to list current inputs using `nix flake metadata`, which are read from `flake.lock` file. Although, Nix should also print a diff between changed referrences once changed.
`--commit-lock-file` option tells Nix commands to do `git commit flake.lock` automatically, creating a new commit for you.
### method 1: update specific input
Example:
```console
$ nix flake lock --update-input nixpkgs
$ nix flake lock --update-input selfprivacy-api
```
Depending on how "precise" the URL was speficied in `flake.nix`, with _unmodified_ `flake.nix` the result might be:
* URL with `rev` (sha1) parameter => nothing will update (as we're already at exact commit)
* URL with `ref` (branch) parameter => input will update to the latest commit of the specified branch
* URL without `rev` nor `ref` => input will update to the latest commit of a default branch!
---
Once Nix 2.19 stabilizes, a different command _must_ be used for updating a single input, like this:
```console
$ nix flake update nixpkgs
```
### method 2: override specific input
Overriding is more powerful as it allows to change flake input reference to anything just in one command (not only update in the bounds of a branch or a repository).
Example:
```console
$ nix flake lock --override-input nixpkgs github:nixos/nixpkgs?ref=nixos-23.11
$ nix flake lock --override-input selfprivacy-api git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=flakes
```
Similarly to update mechanism (described above), depending on the "precision" of an URL, its update scope varies.
Note, that subsequent calls of `nix flake lock --update-input <INPUT>` or `nix flake update` (or `nix flake update INPUT` by Nix 2.19+) will update the input regardless of the prior override. The information about override is stored only in `flake.lock` (`flake.nix` is not altered by Nix).
---
Note, that override does not update flake inputs recursively (say, you have a flake inside your flake input). For recursive updates only `nix flake lock --update-input` and `nix flake update` mechanisms are suitable. However, as of 2024-01-10 none of the current inputs contain other flakes, hence override mechanism is fine.