diff --git a/inputs.nix b/inputs.nix index 1c6c039..78f008c 100644 --- a/inputs.nix +++ b/inputs.nix @@ -10,14 +10,16 @@ let self = { url = "https://github.com/nix-community/nixos-vscode-server/archive/${lock.nixos-vscode-server.revision}.tar.gz"; updateScript = pkgs.den-http-get-updater { fileLocation = lockFile; - previousHash = lock.nixos-vscode-server.sha256; previousVersion = lock.nixos-vscode-server.revision; versionUrl = "https://api.github.com/repos/nix-community/nixos-vscode-server/commits"; contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\""; - prefetchUrlLocation = { - file = ./inputs.nix; - attrpath = "nixos-vscode-server.url"; - }; + prefetchList = [{ + previousHash = lock.nixos-vscode-server.sha256; + prefetchUrlLocation = { + file = ./inputs.nix; + attrpath = "nixos-vscode-server.url"; + }; + }]; }; outPath = builtins.fetchTarball { inherit url; @@ -29,13 +31,15 @@ let self = { url = "https://github.com/NixOS/nixpkgs/archive/${lock.nixpkgs.revision}.tar.gz"; updateScript = pkgs.den-http-get-updater { fileLocation = lockFile; - previousHash = lock.nixpkgs.sha256; previousVersion = lock.nixpkgs.revision; versionUrl = "https://channels.nixos.org/nixos-24.11/git-revision"; - prefetchUrlLocation = { - file = ./inputs.nix; - attrpath = "nixpkgs.url"; - }; + prefetchList = [{ + previousHash = lock.nixpkgs.sha256; + prefetchUrlLocation = { + file = ./inputs.nix; + attrpath = "nixpkgs.url"; + }; + }]; }; outPath = builtins.fetchTarball { inherit url; @@ -47,13 +51,15 @@ let self = { url = "https://github.com/NixOS/nixpkgs/archive/${lock.nixpkgs-unstable.revision}.tar.gz"; updateScript = pkgs.den-http-get-updater { fileLocation = lockFile; - previousHash = lock.nixpkgs-unstable.sha256; previousVersion = lock.nixpkgs-unstable.revision; versionUrl = "https://channels.nixos.org/nixos-unstable/git-revision"; - prefetchUrlLocation = { - file = ./inputs.nix; - attrpath = "nixpkgs-unstable.url"; - }; + prefetchList = [{ + previousHash = lock.nixpkgs-unstable.sha256; + prefetchUrlLocation = { + file = ./inputs.nix; + attrpath = "nixpkgs-unstable.url"; + }; + }]; }; outPath = builtins.fetchTarball { inherit url; @@ -65,14 +71,16 @@ let self = { url = "https://github.com/lilyinstarlight/nixos-cosmic/archive/${lock.cosmic-modules.revision}.tar.gz"; updateScript = pkgs.den-http-get-updater { fileLocation = lockFile; - previousHash = lock.cosmic-modules.sha256; previousVersion = lock.cosmic-modules.revision; versionUrl = "https://api.github.com/repos/lilyinstarlight/nixos-cosmic/commits"; contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\""; - prefetchUrlLocation = { - file = ./inputs.nix; - attrpath = "cosmic-modules.url"; - }; + prefetchList = [{ + previousHash = lock.cosmic-modules.sha256; + prefetchUrlLocation = { + file = ./inputs.nix; + attrpath = "cosmic-modules.url"; + }; + }]; }; outPath = builtins.fetchTarball { inherit url; diff --git a/nix-os/nvidia.nix b/nix-os/nvidia.nix index a9433f3..5da8b1d 100644 --- a/nix-os/nvidia.nix +++ b/nix-os/nvidia.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + self, + ... +}: { config = { @@ -16,14 +22,79 @@ powerManagement.enable = true; open = false; nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.mkDriver { - version = "570.133.07"; - sha256_64bit = "sha256-LUPmTFgb5e9VTemIixqpADfvbUX1QoTT2dztwI3E3CY="; - sha256_aarch64 = "sha256-yTovUno/1TkakemRlNpNB91U+V04ACTMwPEhDok7jI0="; - openSha256 = "sha256-9l8N83Spj0MccA8+8R1uqiXBS0Ag4JrLPjrU3TaXHnM="; - settingsSha256 = "sha256-XMk+FvTlGpMquM8aE8kgYK2PIEszUZD2+Zmj2OpYrzU="; - persistencedSha256 = "sha256-G1V7JtHQbfnSRfVjz/LE2fYTlh9okpCbE4dfX9oYSg8="; - }; + package = let + mkDriverArgs = { + version = "570.133.07"; + sha256_64bit = "sha256-LUPmTFgb5e9VTemIixqpADfvbUX1QoTT2dztwI3E3CY="; + sha256_aarch64 = "sha256-yTovUno/1TkakemRlNpNB91U+V04ACTMwPEhDok7jI0="; + openSha256 = "sha256-9l8N83Spj0MccA8+8R1uqiXBS0Ag4JrLPjrU3TaXHnM="; + settingsSha256 = "sha256-XMk+FvTlGpMquM8aE8kgYK2PIEszUZD2+Zmj2OpYrzU="; + persistencedSha256 = "sha256-G1V7JtHQbfnSRfVjz/LE2fYTlh9okpCbE4dfX9oYSg8="; + }; + in ( config.boot.kernelPackages.nvidiaPackages.mkDriver mkDriverArgs ).overrideAttrs (super: { + passthru = super.passthru or {} // { + urls = { + x86_64 = [ + "https://download.nvidia.com/XFree86/Linux-x86_64/${mkDriverArgs.version}/NVIDIA-Linux-x86_64-${mkDriverArgs.version}.run" + "https://us.download.nvidia.com/XFree86/Linux-x86_64/${mkDriverArgs.version}/NVIDIA-Linux-x86_64-${mkDriverArgs.version}.run" + ]; + aarch64 = [ + "https://us.download.nvidia.com/XFree86/aarch64/${mkDriverArgs.version}/NVIDIA-Linux-aarch64-${mkDriverArgs.version}.run" + "https://download.nvidia.com/XFree86/Linux-aarch64/${mkDriverArgs.version}/NVIDIA-Linux-aarch64-${mkDriverArgs.version}.run" + ]; + }; + updateScript = pkgs.den-http-get-updater { + fileLocation = ( builtins.unsafeGetAttrPos "any" { any = null; } ).file; + previousVersion = mkDriverArgs.version; + versionUrl = "https://raw.githubusercontent.com/aaronp24/nvidia-versions/master/nvidia-versions.txt"; + extraPackages = with pkgs; [ + coreutils + gawk + gnugrep + ]; + contentParser = lib.concatStringsSep " | " [ + "echo \"$newVersion\"" + "grep current" + "awk '{print $3}'" + "sort -V" + "tail -n 1" + ]; + unpack = false; + prefetchList = lib.map (x: { + inherit (x) previousHash; + unpack = x.unpack or true; + prefetchUrlLocation = { + file = builtins.toString self + "/outputs.nix"; + # TODO: don't use already existing NixOS configuration + attrpath = "nixosConfigurations.main.config.hardware.nvidia.package.${x.locationAttrpath}"; + }; + }) [ + { + previousHash = mkDriverArgs.sha256_64bit; + locationAttrpath = "urls.x86_64"; + unpack = false; + } + { + previousHash = mkDriverArgs.sha256_aarch64; + locationAttrpath = "urls.aarch64"; + unpack = false; + } + { + previousHash = mkDriverArgs.openSha256; + locationAttrpath = "open.src.urls"; + } + { + previousHash = mkDriverArgs.settingsSha256; + locationAttrpath = "settings.src.urls"; + } + { + previousHash = mkDriverArgs.persistencedSha256; + locationAttrpath = "persistenced.src.urls"; + } + ]; + }; + }; + }); }; nixpkgs.config.nvidia.acceptLicense = true; }; diff --git a/pkgs/by-name/de/den-http-get-updater/package.nix b/pkgs/by-name/de/den-http-get-updater/package.nix index d22b0ac..484fa35 100644 --- a/pkgs/by-name/de/den-http-get-updater/package.nix +++ b/pkgs/by-name/de/den-http-get-updater/package.nix @@ -2,7 +2,7 @@ lib, curl, - gawk, + gnused, jq, nix, writeScript, @@ -11,67 +11,111 @@ { # location of file to modify fileLocation, - previousHash, previousVersion, versionUrl, - prefetchUrlLocation ? null, + + # { + # fileLocation: string?; + # previousHash: string; + # prefetchUrlLocation: { + # file: string; + # attrpath: string[]' + # }; + # prefetchHash: string?; + # targetHash: string?; + # unpack: bool?; + # name: string?; + # }[] + # + prefetchList ? [], + + # extra packages to add to the path + extraPackages ? [], + # change newVersion variable in it, if the contents of the page # is not plaintext version # (json for example) contentParser ? "echo \"$newVersion\"", unpack ? true, - name ? if unpack then "source" else null, + hashAlgo ? "sha256", + hashFormat ? "sri", }: -assert builtins.isNull prefetchUrlLocation || lib.isAttrs prefetchUrlLocation; -assert lib.isAttrs prefetchUrlLocation && ( - lib.isString prefetchUrlLocation.file or null || - lib.isPath prefetchUrlLocation.file or null -); -assert lib.isAttrs prefetchUrlLocation && lib.isString prefetchUrlLocation.attrpath or null; - let realFileLocation = builtins.toString fileLocation; - mark = builtins.hashString "sha256" previousHash; - mark' = lib.escapeShellArg mark; - prefetchUrlLocation' = lib.mapAttrs (_: lib.escapeShellArg) prefetchUrlLocation; - realFileLocation' = lib.escapeShellArg realFileLocation; - versionUrl' = lib.escapeShellArg versionUrl; + prefetchList' = lib.map (x: + assert builtins.isNull x.prefetchUrlLocation || lib.isAttrs x.prefetchUrlLocation; + assert lib.isAttrs x.prefetchUrlLocation && ( + lib.isString x.prefetchUrlLocation.file or null || + lib.isPath x.prefetchUrlLocation.file or null + ); + assert lib.isAttrs x.prefetchUrlLocation && lib.isString x.prefetchUrlLocation.attrpath or null; + rec { + inherit fileLocation hashAlgo hashFormat unpack; + name = if x.unpack or unpack then "source" else null; + mark = builtins.hashString "sha256" x.previousHash; + markRegexEscape = lib.escapeRegex mark; + realFileLocation = builtins.toString x.fileLocation or fileLocation; + realFileLocationShellEscape = lib.escapeShellArg realFileLocation; + prefetchUrlLocationShellEscape = lib.mapAttrs (_: lib.escapeShellArg) x.prefetchUrlLocation; + previousHashRegexEscape = lib.escapeRegex x.previousHash; + } // x) prefetchList; - mark'' = lib.escapeShellArg (lib.escapeRegex mark); - previousVersion'' = lib.escapeShellArg (lib.escapeRegex previousVersion); + realFileLocationShellEscape = lib.escapeShellArg realFileLocation; + versionUrlShellEscape = lib.escapeShellArg versionUrl; - nixUnpack = lib.optionalString unpack "--unpack"; - nixName = lib.optionalString (!builtins.isNull name) "--name \"${lib.escapeShellArg name}\""; + previousVersionRegexEscape = lib.escapeRegex previousVersion; - path = lib.makeBinPath [ + + path = lib.makeBinPath ([ curl - gawk + gnused jq nix - ]; + ] ++ extraPackages); in writeScript "den-http-get-updater" ('' PATH="${lib.escapeShellArg path}" + prefetchFailed= - newVersion=$(curl -L "${versionUrl'}") + newVersion=$(curl -L "${versionUrlShellEscape}") if [[ "$?" != 0 ]]; then echo "error: fetching new version failed" 1>&2 exit 1 fi newVersion=$(${contentParser}) - awk -i inplace "{ - sub(/${previousVersion''}/, \"$newVersion\") - # invalidate hash - sub(/${previousHash}/, \"${mark'}\") - }1" "${realFileLocation'}" -'' + lib.optionalString (!builtins.isNull prefetchUrlLocation) '' - nixUrlsResult=$(nix-instantiate --eval --json \ - "${prefetchUrlLocation'.file}" \ - -A "${prefetchUrlLocation'.attrpath}" + sed -Ei "s!${previousVersionRegexEscape}!$newVersion!g" "${realFileLocationShellEscape}" +'' + +# invalidate hashes ++ lib.concatStringsSep "\n" (lib.map ({ + mark, + previousHash, + previousHashRegexEscape, + realFileLocationShellEscape, + ... +}: '' + sed -Ei "s!${previousHashRegexEscape}!${mark}!g" "${realFileLocationShellEscape}" +'') prefetchList') + ++ lib.concatStringsSep "\n" (lib.map ({ + fileLocation, + markRegexEscape, + name, + prefetchUrlLocationShellEscape, + realFileLocationShellEscape, + unpack, + ... +}: let + nixUnpack = lib.optionalString unpack "--unpack"; + nixName = lib.optionalString (!builtins.isNull name) "--name \"${lib.escapeShellArg name}\""; +in '' + nixUrlsResult=$(nix-instantiate --eval --json --strict \ + "${prefetchUrlLocationShellEscape.file}" \ + -A "${prefetchUrlLocationShellEscape.attrpath}" ) urlsType=$(jq -rc 'type' <<< "$nixUrlsResult") @@ -88,19 +132,28 @@ writeScript "den-http-get-updater" ('' prefetchSucceeded=1 for url in "''${prefetchUrls[@]}"; do echo "trying prefetch '$url'..."; - expectedHash=$(nix-prefetch-url "$url" ${nixUnpack} ${nixName}) + expectedHash=$(nix-prefetch-url "$url" ${nixUnpack} ${nixName} --type "${hashAlgo}") + expectedHash=$(nix --extra-experimental-features "nix-command" hash convert \ + --hash-algo "${hashAlgo}" \ + --to "${hashFormat}" \ + "$expectedHash" + ) if [[ -n $expectedHash ]]; then echo "prefetch succeeded!" echo "hash: $expectedHash" - awk -i inplace "{ - sub(/${mark''}/, \"$expectedHash\") - }1" "${realFileLocation'}" + sed -Ei "s!${markRegexEscape}!$expectedHash!g" "${realFileLocationShellEscape}" prefetchSucceeded= break fi done if [[ -n "$prefetchSucceeded" ]]; then echo "warning: prefetch failed" 1>&2 + prefetchFailed=1 + fi +'') (lib.filter (x: !builtins.isNull x.prefetchUrlLocation) prefetchList')) + ++ '' + if [[ -n "$prefetchFailed" ]]; then exit 1 fi '') diff --git a/update-list.nix b/update-list.nix index 9ce74c3..eaaa200 100644 --- a/update-list.nix +++ b/update-list.nix @@ -11,3 +11,26 @@ in { "inputs/cosmic-modules" = inputsWithPackages.cosmic-modules; "inputs/nixos-vscode-server" = inputsWithPackages.nixos-vscode-server; }) + +# MARK: NixOS modules +// ( let + pkgs = self.modifiedNixpkgsPure { + localSystem = builtins.currentSystem; + config.allowUnfree = true; + }; + lib = pkgs.lib; + mkUpdater = path: attrpath: extraModule: let + system = pkgs.nixos { + imports = [ path extraModule ]; + config = { + _module.args = { + inherit self; + inherit (self) inputs; + }; + system.stateVersion = lib.versions.pad 2 lib.trivial.verison; + }; + }; + in lib.getAttrFromPath ( [ "config" ] ++ attrpath ) system; +in { + "NixOS/nvidia" = mkUpdater ./nix-os/nvidia.nix [ "hardware" "nvidia" "package" ] {}; +})