feat: update nixpkgs, drop nix to fix hydra restrict-eval restrictions

This commit is contained in:
Malte Tammena 2024-02-01 10:46:03 +01:00
parent e4a8bd4417
commit 4221e1a7dc
4 changed files with 28 additions and 69 deletions

View file

@ -225,7 +225,7 @@
"crane": "crane_2",
"devshell": "devshell_5",
"drv-parts": "drv-parts_2",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4",
"flake-utils-pre-commit": "flake-utils-pre-commit_2",
"ghc-utils": "ghc-utils_2",
@ -868,9 +868,7 @@
},
"hydra": {
"inputs": {
"nix": [
"nix"
],
"nix": "nix",
"nixpkgs": "nixpkgs_6"
},
"locked": {
@ -1092,22 +1090,25 @@
},
"nix": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_3",
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_11",
"nixpkgs": [
"hydra",
"nixpkgs"
],
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1701122567,
"narHash": "sha256-iA8DqS+W2fWTfR+nNJSvMHqQ+4NpYMRT3b+2zS6JTvE=",
"lastModified": 1706208340,
"narHash": "sha256-wNyHUEIiKKVs6UXrUzhP7RSJQv0A8jckgcuylzftl8k=",
"owner": "NixOS",
"repo": "nix",
"rev": "50f8f1c8bc019a4c0fd098b9ac674b94cfc6af0d",
"rev": "2c4bb93ba5a97e7078896ebc36385ce172960e4e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.19.2",
"ref": "2.19-maintenance",
"repo": "nix",
"type": "github"
}
@ -1135,7 +1136,7 @@
"inputs": {
"flake-parts": "flake-parts_6",
"nix-github-actions": "nix-github-actions_2",
"nixpkgs": "nixpkgs_13",
"nixpkgs": "nixpkgs_12",
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
@ -1428,7 +1429,7 @@
"flake-compat": "flake-compat_6",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs_14"
"nixpkgs": "nixpkgs_13"
},
"locked": {
"lastModified": 1705323114,
@ -1492,27 +1493,11 @@
},
"nixpkgs_11": {
"locked": {
"lastModified": 1705033721,
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
"lastModified": 1706550542,
"narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_12": {
"locked": {
"lastModified": 1705133751,
"narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9b19f5e77dd906cb52dade0b7bd280339d2a1f3d",
"rev": "97b17f32362e475016f942bbdfda4a4a72a8a652",
"type": "github"
},
"original": {
@ -1521,7 +1506,7 @@
"type": "indirect"
}
},
"nixpkgs_13": {
"nixpkgs_12": {
"locked": {
"lastModified": 1703134684,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
@ -1537,7 +1522,7 @@
"type": "github"
}
},
"nixpkgs_14": {
"nixpkgs_13": {
"locked": {
"lastModified": 1705133751,
"narHash": "sha256-rCIsyE80jgiOU78gCWN3A0wE0tR2GI5nH6MlS+HaaSQ=",
@ -1553,7 +1538,7 @@
"type": "github"
}
},
"nixpkgs_15": {
"nixpkgs_14": {
"locked": {
"lastModified": 1704842529,
"narHash": "sha256-OTeQA+F8d/Evad33JMfuXC89VMetQbsU4qcaePchGr4=",
@ -1569,7 +1554,7 @@
"type": "github"
}
},
"nixpkgs_16": {
"nixpkgs_15": {
"locked": {
"lastModified": 1695644571,
"narHash": "sha256-asS9dCCdlt1lPq0DLwkVBbVoEKuEuz+Zi3DG7pR/RxA=",
@ -1796,7 +1781,7 @@
},
"pre-commit-hooks-nix_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_5",
"gitignore": "gitignore_2",
"nixpkgs": "nixpkgs_9",
@ -1821,7 +1806,7 @@
"flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_7",
"gitignore": "gitignore_3",
"nixpkgs": "nixpkgs_15",
"nixpkgs": "nixpkgs_14",
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
@ -1927,10 +1912,9 @@
"hyprland-contrib": "hyprland-contrib",
"jovian-nixos": "jovian-nixos",
"mensa": "mensa",
"nix": "nix",
"nix-colors": "nix-colors",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_12",
"nixpkgs": "nixpkgs_11",
"nixpkgs-wayland": "nixpkgs-wayland",
"pre-commit-hooks-nix": "pre-commit-hooks-nix_3",
"qmk-udev-rules": "qmk-udev-rules",
@ -2079,7 +2063,7 @@
},
"treefmt-nix_4": {
"inputs": {
"nixpkgs": "nixpkgs_16"
"nixpkgs": "nixpkgs_15"
},
"locked": {
"lastModified": 1704649711,

View file

@ -8,7 +8,6 @@
pre-commit-hooks-nix.url = "github:cachix/pre-commit-hooks.nix";
nixpkgs.url = "nixpkgs/nixos-unstable";
nix.url = "github:NixOS/nix/2.19.2";
nixos-hardware.url = "github:NixOS/nixos-hardware";
custom-udev-rules.url = "github:MalteT/custom-udev-rules";
nix-colors.url = "github:Misterio77/nix-colors";
@ -38,7 +37,6 @@
};
hydra = {
url = "github:NixOS/hydra";
inputs.nix.follows = "nix";
};
hyprland = {
url = "github:hyprwm/Hyprland";

View file

@ -6,23 +6,9 @@
}: {
services.hydra = {
enable = true;
package = pkgs.hydra.overrideAttrs (old: {
patches =
(
if old ? patches
then old.patches
else []
)
++ [
../../../patches/hydra-replace-restrict-with-pure-eval.patch
];
});
notificationSender = "hydra@hydra.tammena.me";
hydraURL = "https://hydra.tammena.me";
minimumDiskFree = 10;
extraConfig = ''
evaluator_restrict_eval = false
'';
useSubstitutes = true;
};
@ -61,6 +47,10 @@
StrictHostKeyChecking accept-new
'';
nix.extraOptions = ''
allowed-uris = https: github: gitlab:
'';
systemd.services."hydra-initial-setup" = {
description = "Setup hydra admin password once";
serviceConfig = {

View file

@ -1,13 +0,0 @@
diff --git a/src/hydra-eval-jobs/hydra-eval-jobs.cc b/src/hydra-eval-jobs/hydra-eval-jobs.cc
index 2794cc62..bd6416e9 100644
--- a/src/hydra-eval-jobs/hydra-eval-jobs.cc
+++ b/src/hydra-eval-jobs/hydra-eval-jobs.cc
@@ -327,7 +327,7 @@ int main(int argc, char * * argv)
/* Prevent access to paths outside of the Nix search path and
to the environment. */
- evalSettings.restrictEval = true;
+ evalSettings.restrictEval = config->getBoolOption("evaluator_restrict_eval", true);
/* When building a flake, use pure evaluation (no access to
'getEnv', 'currentSystem' etc. */