readme: how to update inputs of this flake

This commit is contained in:
Alexander Tomokhov 2024-01-10 06:47:37 +04:00
parent 1a677f273b
commit 6b66513870

125
README.md
View file

@ -1,67 +1,70 @@
# SelfPrivacy NixOS configuration # SelfPrivacy NixOS configuration
This is a NixOS config which builds a SelfPrivacy server distribution This configuration is not self-contained, as it needs to be plugged as an input of a top-level NixOS configuration flake (i.e. https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-template/). This flake outputs the following function:
based on data provided in `userdata/userdata.json`. ```nix
nixosConfigurations-fun =
{ hardware-configuration # hardware-configuration.nix file
, deployment # deployment.nix file
, userdata # nix attrset, obtained by fromJSON from userdata.json
, top-level-flake # `self`-reference of the top-level flake
, sp-modules # flake inputs of sp-modules flake
}:
```
which returns one or more attributes, containing NixOS configurations (created with `nixpkgs.lib.nixosSystem`). (As of 2024-01-10 there is only a single configuration named `default`.)
JSON schema is provided in `userdata/schema.json` for reference. ## updating flake inputs
**hardware-configuration.nix is not included.** We have 2 flake inputs:
- nixpkgs
- selfprivacy-api
Example JSON config: Both get updated the same ways.
```json There are 2 methods:
{ 1. specify input name only in a command, relying on URL inside `flake.nix`
"backblaze": { 2. specify input name and URL in a command, **overriding** whatever URL is inside `flake.nix` for the input to update (override)
"accountId": "BACKBLAZE_KEY_ID",
"accountKey": "BACKBLAZE_ACCOUNT_KEY", In any case a Nix flake input is specified using some special _references_ syntax, including URLs, revisions, etc, described in manual: https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#examples. Such reference can be used inside `flake.nix` or as an argument to `nix flake` commands. When a new reference is encountered Nix downloads and extracts it to /nix/store.
"bucket": "BACKBLAZE_BUCKET_NAME"
}, Before and after running `nix flake lock` (or `nix flake update`) commands you would most likely want to list current inputs using `nix flake metadata`, which are read from `flake.lock` file. Although, Nix should also print a diff between changed referrences once changed.
"api": {
"token": "API_TOKEN", `--commit-lock-file` option tells Nix commands to do `git commit flake.lock` automatically, creating a new commit for you.
"enableSwagger": false
}, ### method 1: update specific input
"bitwarden": {
"enable": true Example:
}, ```console
"cloudflare": { $ nix flake lock --update-input nixpkgs
"apiKey": "CF_TOKEN" $ nix flake lock --update-input selfprivacy-api
}, ```
"databasePassword": "DB_PASSWORD",
"domain": "DOMAIN", Depending on how "precise" the URL was speficied in `flake.nix`, with _unmodified_ `flake.nix` the result might be:
"hashedMasterPassword": "HASHED_PASSWORD", * URL with `rev` (sha1) parameter => nothing will update (as we're already at exact commit)
"hostname": "DOMAIN", * URL with `ref` (branch) parameter => input will update to the latest commit of the specified branch
"nextcloud": { * URL without `rev` nor `ref` => input will update to the latest commit of a default branch!
"enable": true,
"adminPassword": "PASSWORD", ---
"databasePassword": "PASSWORD"
}, Once Nix 2.19 stabilizes, a different command _must_ be used for updating a single input, like this:
"gitea": { ```console
"enable": true $ nix flake update nixpkgs
}, ```
"jitsi": {
"enable": true
}, ### method 2: override specific input
"ocserv": {
"enable": true Overriding is more powerful as it allows to change flake input reference to anything just in one command (not only update in the bounds of a branch or a repository).
},
"pleroma": { Example:
"enable": true ```console
}, $ nix flake lock --override-input nixpkgs github:nixos/nixpkgs?ref=nixos-23.11
"timezone": "Europe/Moscow", $ nix flake lock --override-input selfprivacy-api git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git?ref=flakes
"resticPassword": "PASSWORD", ```
"ssh": {
"enable": true, Similarly to update mechanism (described above), depending on the "precision" of an URL, its update scope varies.
"rootSshKeys": [
"ssh-ed25519 KEY user@host" Note, that subsequent calls of `nix flake lock --update-input <INPUT>` or `nix flake update` (or `nix flake update INPUT` by Nix 2.19+) will update the input regardless of the prior override. The information about override is stored only in `flake.lock` (`flake.nix` is not altered by Nix).
],
"passwordAuthentication": true ---
},
"username": "LUSER", Note, that override does not update flake inputs recursively (say, you have a flake inside your flake input). For recursive updates only `nix flake lock --update-input` and `nix flake update` mechanisms are suitable. However, as of 2024-01-10 none of the current inputs contain other flakes, hence override mechanism is fine.
"users": [
{
"hashedPassword": "OTHER_USER_HASHED_PASSWORD",
"username": "OTHER_USER"
}
]
}
```