From 3fb3b7771f93c1f3fcb077073f46fbbc3e02e157 Mon Sep 17 00:00:00 2001
From: Wroclaw <wroclaw223@outlook.com>
Date: Mon, 17 Mar 2025 11:00:31 +0100
Subject: [PATCH 1/6] lock: update

---
 lock.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lock.nix b/lock.nix
index 7676e50..434dd53 100644
--- a/lock.nix
+++ b/lock.nix
@@ -7,18 +7,18 @@
   };
   nixpkgs = {
     # https://channels.nixos.org/nixos-24.11/git-revision
-    revision = "cdd2ef009676ac92b715ff26630164bb88fec4e0";
-    sha256 = "0r5c1l5cagxykyjfh1wsn8wk9vhay5dpwp36318hizn4rcrp9dm6";
+    revision = "a1185f4064c18a5db37c5c84e5638c78b46e3341";
+    sha256 = "0ipjb56fdhfvhgnrw0rvp89g0mplpyhjil29fqdcpmv4ablbadqc";
   };
   nixpkgs-unstable = {
     # https://channels.nixos.org/nixos-unstable/git-revision
-    revision = "6607cf789e541e7873d40d3a8f7815ea92204f32";
-    sha256 = "0lad6jan49sywk6xzgcivc4h3ln7grhjhb8q8jv2jwhwlgrfrxvh";
+    revision = "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5";
+    sha256 = "1sfb9g6fmyfligcsd1rmkamfqvy8kgn3p0sy8ickf6swi1zdbf0b";
   };
   cosmic-modules = {
     # https://api.github.com/repos/lilyinstarlight/nixos-cosmic/commits
     # jsonpath: [1].sha
-    revision = "24785e84d4b3844936caffe2c56994bdef9a9300";
-    sha256 = "18qqbhw5kk5j2i741faamipbga590ywxkax19ny2nz3w2zfq64k4";
+    revision = "fcee247f21d21acb738ac208d6ed86e65c2e7240";
+    sha256 = "18xw0innlpswz35cf8n16myh5a24b4kpw0xckwm42c93zd5rm2zh";
   };
 }

From 7ec22b6e5204cdfe60f47874429deabf817e1dc2 Mon Sep 17 00:00:00 2001
From: Wroclaw <wroclaw223@outlook.com>
Date: Tue, 18 Mar 2025 18:09:26 +0100
Subject: [PATCH 2/6] pkgs/den-update-script: init

---
 pkgs/by-name/de/den-update-script/package.nix | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 pkgs/by-name/de/den-update-script/package.nix

diff --git a/pkgs/by-name/de/den-update-script/package.nix b/pkgs/by-name/de/den-update-script/package.nix
new file mode 100644
index 0000000..662e3ce
--- /dev/null
+++ b/pkgs/by-name/de/den-update-script/package.nix
@@ -0,0 +1,39 @@
+{
+  lib,
+  path,
+
+  overlayAttrname ? "den-outputs",
+}:
+
+assert lib.assertMsg (!lib.hasInfix "." overlayAttrname) (lib.pipe ''
+  overlayAttrname must not contain a dot (.),
+  because dot is used to reference package in a package set
+  inside nix-update-script.
+'' [
+  lib.lines
+  (lib.concatStringsSep " ")
+]);
+
+let
+  updateScript = import (path + /maintainers/scripts/update.nix);
+  functionArgs = lib.functionArgs updateScript;
+  nameInFunctionArgs = name: lib.elem name (lib.attrNames functionArgs);
+in
+{
+  __functionArgs = functionArgs // { packages = false; };
+  __functor = _: args: let
+    # args.outputs should be an attrset of packages to update
+    overlay = _: _: {
+      "${overlayAttrname}" = args.packages;
+    };
+  in updateScript (lib.filterAttrs (name: _: nameInFunctionArgs name) args // {
+    include-overlays =
+      if !args ? updateScript then [ overlay ]
+      else if lib.isList args.updateScript then [ overlay ] ++ args.updateScript
+      else args.updateScript;
+  } // lib.optionalAttrs (args ? package) {
+    package = "${overlayAttrname}.${args.package}";
+  } // lib.optionalAttrs (args ? path) {
+    path = if lib.stringLength args.path == 0 then overlayAttrname else "${overlayAttrname}.${args.path}";
+  });
+}

From ec12c3eee43086994421d7b7f2b74f6122bf383b Mon Sep 17 00:00:00 2001
From: Wroclaw <wroclaw223@outlook.com>
Date: Tue, 18 Mar 2025 18:10:01 +0100
Subject: [PATCH 3/6] pkgs/den-http-get-updater: init

---
 .../de/den-http-get-updater/package.nix       | 106 ++++++++++++++++++
 1 file changed, 106 insertions(+)
 create mode 100644 pkgs/by-name/de/den-http-get-updater/package.nix

diff --git a/pkgs/by-name/de/den-http-get-updater/package.nix b/pkgs/by-name/de/den-http-get-updater/package.nix
new file mode 100644
index 0000000..d22b0ac
--- /dev/null
+++ b/pkgs/by-name/de/den-http-get-updater/package.nix
@@ -0,0 +1,106 @@
+{
+  lib,
+
+  curl,
+  gawk,
+  jq,
+  nix,
+  writeScript,
+}:
+
+{
+  # location of file to modify
+  fileLocation,
+  previousHash,
+  previousVersion,
+  versionUrl,
+  prefetchUrlLocation ? null,
+  # change newVersion variable in it, if the contents of the page
+  # is not plaintext version
+  # (json for example)
+  contentParser ? "echo \"$newVersion\"",
+
+  unpack ? true,
+  name ? if unpack then "source" else null,
+}:
+
+assert builtins.isNull prefetchUrlLocation || lib.isAttrs prefetchUrlLocation;
+assert lib.isAttrs prefetchUrlLocation && (
+  lib.isString prefetchUrlLocation.file or null ||
+  lib.isPath prefetchUrlLocation.file or null
+);
+assert lib.isAttrs prefetchUrlLocation && lib.isString prefetchUrlLocation.attrpath or null;
+
+let
+  realFileLocation = builtins.toString fileLocation;
+  mark = builtins.hashString "sha256" previousHash;
+
+  mark' = lib.escapeShellArg mark;
+  prefetchUrlLocation' = lib.mapAttrs (_: lib.escapeShellArg) prefetchUrlLocation;
+  realFileLocation' = lib.escapeShellArg realFileLocation;
+  versionUrl' = lib.escapeShellArg versionUrl;
+
+  mark'' = lib.escapeShellArg (lib.escapeRegex mark);
+  previousVersion'' = lib.escapeShellArg (lib.escapeRegex previousVersion);
+
+  nixUnpack = lib.optionalString unpack "--unpack";
+  nixName = lib.optionalString (!builtins.isNull name) "--name \"${lib.escapeShellArg name}\"";
+
+  path = lib.makeBinPath [
+    curl
+    gawk
+    jq
+    nix
+  ];
+in
+
+writeScript "den-http-get-updater" (''
+  PATH="${lib.escapeShellArg path}"
+
+  newVersion=$(curl -L "${versionUrl'}")
+  if [[ "$?" != 0 ]]; then
+    echo "error: fetching new version failed" 1>&2
+    exit 1
+  fi
+  newVersion=$(${contentParser})
+  awk -i inplace "{
+    sub(/${previousVersion''}/, \"$newVersion\")
+    # invalidate hash
+    sub(/${previousHash}/, \"${mark'}\")
+  }1" "${realFileLocation'}"
+'' + lib.optionalString (!builtins.isNull prefetchUrlLocation) ''
+  nixUrlsResult=$(nix-instantiate --eval --json \
+    "${prefetchUrlLocation'.file}" \
+    -A "${prefetchUrlLocation'.attrpath}"
+  )
+
+  urlsType=$(jq -rc 'type' <<< "$nixUrlsResult")
+  if [ "$urlsType" = "array" ]; then
+      readarray -t prefetchUrls < <(
+          jq -rc '.[]' <<< "$nixUrlsResult"
+      )
+  elif [ "$urlsType" = "string" ]; then
+      readarray -t prefetchUrls < <(
+          jq -rc '.' <<< "$nixUrlsResult"
+      )
+  fi
+
+  prefetchSucceeded=1
+  for url in "''${prefetchUrls[@]}"; do
+      echo "trying prefetch '$url'...";
+      expectedHash=$(nix-prefetch-url "$url" ${nixUnpack} ${nixName})
+      if [[ -n $expectedHash ]]; then
+          echo "prefetch succeeded!"
+          echo "hash: $expectedHash"
+          awk -i inplace "{
+            sub(/${mark''}/, \"$expectedHash\")
+          }1" "${realFileLocation'}"
+          prefetchSucceeded=
+          break
+      fi
+  done
+  if [[ -n "$prefetchSucceeded" ]]; then
+      echo "warning: prefetch failed" 1>&2
+      exit 1
+  fi
+'')

From 476cf36b572eb1488eac2ee120ff286d38be0593 Mon Sep 17 00:00:00 2001
From: Wroclaw <wroclaw223@outlook.com>
Date: Tue, 18 Mar 2025 18:11:09 +0100
Subject: [PATCH 4/6] inputs: provide updateScripts

---
 inputs.nix | 83 +++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 69 insertions(+), 14 deletions(-)

diff --git a/inputs.nix b/inputs.nix
index 1979433..1c6c039 100644
--- a/inputs.nix
+++ b/inputs.nix
@@ -1,29 +1,84 @@
 let self = {
-  lock ? import ./lock.nix
-, lib ? import "${(self {}).nixpkgs}/lib"
+  lock ? import lockFile,
+  lockFile ? ./lock.nix,
+  pkgs ? throw "inputs called without pkgs",
 }:
 
 {
   inherit lock;
-  nixos-vscode-server = builtins.fetchTarball {
-    name = "nixos-vscode-server";
+  nixos-vscode-server = rec {
     url = "https://github.com/nix-community/nixos-vscode-server/archive/${lock.nixos-vscode-server.revision}.tar.gz";
-    sha256 = "${lock.nixos-vscode-server.sha256}";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousHash = lock.nixos-vscode-server.sha256;
+      previousVersion = lock.nixos-vscode-server.revision;
+      versionUrl = "https://api.github.com/repos/nix-community/nixos-vscode-server/commits";
+      contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\"";
+      prefetchUrlLocation = {
+        file = ./inputs.nix;
+        attrpath = "nixos-vscode-server.url";
+      };
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
+      name = "nixos-vscode-server";
+      sha256 = "${lock.nixos-vscode-server.sha256}";
+    };
   };
-  nixpkgs = builtins.fetchTarball {
-    name = "nixpkgs";
+  nixpkgs = rec {
     url = "https://github.com/NixOS/nixpkgs/archive/${lock.nixpkgs.revision}.tar.gz";
-    sha256 = "${lock.nixpkgs.sha256}";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousHash = lock.nixpkgs.sha256;
+      previousVersion = lock.nixpkgs.revision;
+      versionUrl = "https://channels.nixos.org/nixos-24.11/git-revision";
+      prefetchUrlLocation = {
+        file = ./inputs.nix;
+        attrpath = "nixpkgs.url";
+      };
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
+      name = "nixpkgs";
+      sha256 = "${lock.nixpkgs.sha256}";
+    };
   };
-  nixpkgs-unstable = builtins.fetchTarball {
-    name = "nixpkgs-unstable";
+  nixpkgs-unstable = rec {
     url = "https://github.com/NixOS/nixpkgs/archive/${lock.nixpkgs-unstable.revision}.tar.gz";
-    sha256 = "${lock.nixpkgs-unstable.sha256}";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousHash = lock.nixpkgs-unstable.sha256;
+      previousVersion = lock.nixpkgs-unstable.revision;
+      versionUrl = "https://channels.nixos.org/nixos-unstable/git-revision";
+      prefetchUrlLocation = {
+        file = ./inputs.nix;
+        attrpath = "nixpkgs-unstable.url";
+      };
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
+      name = "nixpkgs-unstable";
+      sha256 = "${lock.nixpkgs-unstable.sha256}";
+    };
   };
-  cosmic-modules = builtins.fetchTarball {
-    name = "cosmic-modules";
+  cosmic-modules = rec {
     url = "https://github.com/lilyinstarlight/nixos-cosmic/archive/${lock.cosmic-modules.revision}.tar.gz";
-    sha256 = "${lock.cosmic-modules.sha256}";
+    updateScript = pkgs.den-http-get-updater {
+      fileLocation = lockFile;
+      previousHash = lock.cosmic-modules.sha256;
+      previousVersion = lock.cosmic-modules.revision;
+      versionUrl = "https://api.github.com/repos/lilyinstarlight/nixos-cosmic/commits";
+      contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\"";
+      prefetchUrlLocation = {
+        file = ./inputs.nix;
+        attrpath = "cosmic-modules.url";
+      };
+    };
+    outPath = builtins.fetchTarball {
+      inherit url;
+      name = "cosmic-modules";
+      sha256 = "${lock.cosmic-modules.sha256}";
+    };
   };
 };
 in self

From 59d6ba8f9715ced6fd777825a91b0713f57c884c Mon Sep 17 00:00:00 2001
From: Wroclaw <wroclaw223@outlook.com>
Date: Tue, 18 Mar 2025 18:13:17 +0100
Subject: [PATCH 5/6] update-list: create

this nix file will store all updaters availabe in my nix dotfiles
---
 update-list.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 update-list.nix

diff --git a/update-list.nix b/update-list.nix
new file mode 100644
index 0000000..9ce74c3
--- /dev/null
+++ b/update-list.nix
@@ -0,0 +1,13 @@
+self:
+
+# MARK: inputs
+( let
+  inputsWithPackages = import self.inputsPath {
+    pkgs = self.packagesForSystem builtins.currentSystem;
+  };
+in {
+  "inputs/nixpkgs" = inputsWithPackages.nixpkgs;
+  "inputs/nixpkgs-unstable" = inputsWithPackages.nixpkgs-unstable;
+  "inputs/cosmic-modules" = inputsWithPackages.cosmic-modules;
+  "inputs/nixos-vscode-server" = inputsWithPackages.nixos-vscode-server;
+})

From 72d18c49feed6e974f6c44855b0072c1b1194bf0 Mon Sep 17 00:00:00 2001
From: Wroclaw <wroclaw223@outlook.com>
Date: Tue, 18 Mar 2025 18:14:12 +0100
Subject: [PATCH 6/6] outputs: add updater script

---
 outputs.nix | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/outputs.nix b/outputs.nix
index adc23e6..76b8b85 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -1,5 +1,6 @@
 {
-  inputs ? import ./inputs.nix {},
+  inputsPath ? ./inputs.nix,
+  inputs ? import inputsPath {},
   selfPath ? ./.
 }:
 
@@ -16,7 +17,7 @@ systems = [
 forEachSystem = lib.genAttrs systems;
 
 self = {
-  inherit inputs lib self;
+  inherit inputs inputsPath lib self;
   outPath = selfPath;
   modifiedNixpkgs     = import ./pkgs/top-level/impure.nix;
   modifiedNixpkgsPure = import ./pkgs/top-level/default.nix;
@@ -71,6 +72,30 @@ self = {
       builtins.attrValues
       builtins.listToAttrs
     ];
+  # FIXME: currently impure
+  # NOTE: to run, you need to evaluate outputs.nix instead of default.nix
+  #       nix-shell outputs.nix -A update
+  update = let
+    updateScript = (self.packagesForSystem (builtins.currentSystem)).den-update-script;
+  in updateScript {
+    path = "";
+    packages = lib.pipe ./update-list.nix [
+      import
+      (x: x self)
+      lib.attrsToList
+      (lib.imap1 (i: {name, value}: {
+        name = builtins.toString i;
+        value = value // {
+          # hack to pass isDerivation check in nixpkgs maintainers/scripts/update.nix
+          # https://github.com/NixOS/nixpkgs/blob/a1185f4064c18a5db37c5c84e5638c78b46e3341/maintainers/scripts/update.nix#L85
+          type = "derivation";
+          name = name;
+        };
+      }))
+      builtins.listToAttrs
+      lib.recurseIntoAttrs
+    ];
+  };
 };
 
 in self