nixos/nvidia: add updater for the driver package

useful for contentParser argument

inputs.nix

@@ -10,14 +10,16 @@ let self = {
     url = "https://github.com/nix-community/nixos-vscode-server/archive/${lock.nixos-vscode-server.revision}.tar.gz";
     updateScript = pkgs.den-http-get-updater {
       fileLocation = lockFile;
-      previousHash = lock.nixos-vscode-server.sha256;
       previousVersion = lock.nixos-vscode-server.revision;
       versionUrl = "https://api.github.com/repos/nix-community/nixos-vscode-server/commits";
       contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\"";
-      prefetchUrlLocation = {
+      prefetchList = [{
-        file = ./inputs.nix;
+        previousHash = lock.nixos-vscode-server.sha256;
-        attrpath = "nixos-vscode-server.url";
+        prefetchUrlLocation = {
-      };
+          file = ./inputs.nix;
+          attrpath = "nixos-vscode-server.url";
+        };
+      }];
     };
     outPath = builtins.fetchTarball {
       inherit url;
@@ -29,13 +31,15 @@ let self = {
     url = "https://github.com/NixOS/nixpkgs/archive/${lock.nixpkgs.revision}.tar.gz";
     updateScript = pkgs.den-http-get-updater {
       fileLocation = lockFile;
-      previousHash = lock.nixpkgs.sha256;
       previousVersion = lock.nixpkgs.revision;
       versionUrl = "https://channels.nixos.org/nixos-24.11/git-revision";
-      prefetchUrlLocation = {
+      prefetchList = [{
-        file = ./inputs.nix;
+        previousHash = lock.nixpkgs.sha256;
-        attrpath = "nixpkgs.url";
+        prefetchUrlLocation = {
-      };
+          file = ./inputs.nix;
+          attrpath = "nixpkgs.url";
+        };
+      }];
     };
     outPath = builtins.fetchTarball {
       inherit url;
@@ -47,13 +51,15 @@ let self = {
     url = "https://github.com/NixOS/nixpkgs/archive/${lock.nixpkgs-unstable.revision}.tar.gz";
     updateScript = pkgs.den-http-get-updater {
       fileLocation = lockFile;
-      previousHash = lock.nixpkgs-unstable.sha256;
       previousVersion = lock.nixpkgs-unstable.revision;
       versionUrl = "https://channels.nixos.org/nixos-unstable/git-revision";
-      prefetchUrlLocation = {
+      prefetchList = [{
-        file = ./inputs.nix;
+        previousHash = lock.nixpkgs-unstable.sha256;
-        attrpath = "nixpkgs-unstable.url";
+        prefetchUrlLocation = {
-      };
+          file = ./inputs.nix;
+          attrpath = "nixpkgs-unstable.url";
+        };
+      }];
     };
     outPath = builtins.fetchTarball {
       inherit url;
@@ -65,14 +71,16 @@ let self = {
     url = "https://github.com/lilyinstarlight/nixos-cosmic/archive/${lock.cosmic-modules.revision}.tar.gz";
     updateScript = pkgs.den-http-get-updater {
       fileLocation = lockFile;
-      previousHash = lock.cosmic-modules.sha256;
       previousVersion = lock.cosmic-modules.revision;
       versionUrl = "https://api.github.com/repos/lilyinstarlight/nixos-cosmic/commits";
       contentParser = "jq -rc '.[0].sha' <<< \"$newVersion\"";
-      prefetchUrlLocation = {
+      prefetchList = [{
-        file = ./inputs.nix;
+        previousHash = lock.cosmic-modules.sha256;
-        attrpath = "cosmic-modules.url";
+        prefetchUrlLocation = {
-      };
+          file = ./inputs.nix;
+          attrpath = "cosmic-modules.url";
+        };
+      }];
     };
     outPath = builtins.fetchTarball {
       inherit url;

nix-os/nvidia.nix

@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ...}:
+{
+  config,
+  lib,
+  pkgs,
+  self,
+  ...
+}:
 
 {
   config = {
@@ -16,14 +22,79 @@
       powerManagement.enable = true;
       open = false;
       nvidiaSettings = true;
-      package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
+      package = let
-        version = "570.133.07";
+        mkDriverArgs = {
-        sha256_64bit = "sha256-LUPmTFgb5e9VTemIixqpADfvbUX1QoTT2dztwI3E3CY=";
+          version = "570.133.07";
-        sha256_aarch64 = "sha256-yTovUno/1TkakemRlNpNB91U+V04ACTMwPEhDok7jI0=";
+          sha256_64bit = "sha256-LUPmTFgb5e9VTemIixqpADfvbUX1QoTT2dztwI3E3CY=";
-        openSha256 = "sha256-9l8N83Spj0MccA8+8R1uqiXBS0Ag4JrLPjrU3TaXHnM=";
+          sha256_aarch64 = "sha256-yTovUno/1TkakemRlNpNB91U+V04ACTMwPEhDok7jI0=";
-        settingsSha256 = "sha256-XMk+FvTlGpMquM8aE8kgYK2PIEszUZD2+Zmj2OpYrzU=";
+          openSha256 = "sha256-9l8N83Spj0MccA8+8R1uqiXBS0Ag4JrLPjrU3TaXHnM=";
-        persistencedSha256 = "sha256-G1V7JtHQbfnSRfVjz/LE2fYTlh9okpCbE4dfX9oYSg8=";
+          settingsSha256 = "sha256-XMk+FvTlGpMquM8aE8kgYK2PIEszUZD2+Zmj2OpYrzU=";
-      };
+          persistencedSha256 = "sha256-G1V7JtHQbfnSRfVjz/LE2fYTlh9okpCbE4dfX9oYSg8=";
+        };
+      in ( config.boot.kernelPackages.nvidiaPackages.mkDriver mkDriverArgs ).overrideAttrs (super: {
+        passthru = super.passthru or {} // {
+          urls = {
+            x86_64 = [
+              "https://download.nvidia.com/XFree86/Linux-x86_64/${mkDriverArgs.version}/NVIDIA-Linux-x86_64-${mkDriverArgs.version}.run"
+              "https://us.download.nvidia.com/XFree86/Linux-x86_64/${mkDriverArgs.version}/NVIDIA-Linux-x86_64-${mkDriverArgs.version}.run"
+            ];
+            aarch64 = [
+              "https://us.download.nvidia.com/XFree86/aarch64/${mkDriverArgs.version}/NVIDIA-Linux-aarch64-${mkDriverArgs.version}.run"
+              "https://download.nvidia.com/XFree86/Linux-aarch64/${mkDriverArgs.version}/NVIDIA-Linux-aarch64-${mkDriverArgs.version}.run"
+            ];
+          };
+          updateScript = pkgs.den-http-get-updater {
+            fileLocation = ( builtins.unsafeGetAttrPos "any" { any = null; } ).file;
+            previousVersion = mkDriverArgs.version;
+            versionUrl = "https://raw.githubusercontent.com/aaronp24/nvidia-versions/master/nvidia-versions.txt";
+            extraPackages = with pkgs; [
+              coreutils
+              gawk
+              gnugrep
+            ];
+            contentParser = lib.concatStringsSep " | " [
+              "echo \"$newVersion\""
+              "grep current"
+              "awk '{print $3}'"
+              "sort -V"
+              "tail -n 1"
+            ];
+            unpack = false;
+            prefetchList = lib.map (x: {
+              inherit (x) previousHash;
+              unpack = x.unpack or true;
+              prefetchUrlLocation = {
+                file = builtins.toString self + "/outputs.nix";
+                # TODO: don't use already existing NixOS configuration
+                attrpath = "nixosConfigurations.main.config.hardware.nvidia.package.${x.locationAttrpath}";
+              };
+            }) [
+              {
+                previousHash = mkDriverArgs.sha256_64bit;
+                locationAttrpath = "urls.x86_64";
+                unpack = false;
+              }
+              {
+                previousHash = mkDriverArgs.sha256_aarch64;
+                locationAttrpath = "urls.aarch64";
+                unpack = false;
+              }
+              {
+                previousHash = mkDriverArgs.openSha256;
+                locationAttrpath = "open.src.urls";
+              }
+              {
+                previousHash = mkDriverArgs.settingsSha256;
+                locationAttrpath = "settings.src.urls";
+              }
+              {
+                previousHash = mkDriverArgs.persistencedSha256;
+                locationAttrpath = "persistenced.src.urls";
+              }
+            ];
+          };
+        };
+      });
     };
     nixpkgs.config.nvidia.acceptLicense = true;
   };

pkgs/by-name/de/den-http-get-updater/package.nix

@@ -2,7 +2,7 @@
   lib,
 
   curl,
-  gawk,
+  gnused,
   jq,
   nix,
   writeScript,
@@ -11,67 +11,111 @@
 {
   # location of file to modify
   fileLocation,
-  previousHash,
   previousVersion,
   versionUrl,
-  prefetchUrlLocation ? null,
+
+  # {
+  #   fileLocation: string?;
+  #   previousHash: string;
+  #   prefetchUrlLocation: {
+  #     file: string;
+  #     attrpath: string[]'
+  #   };
+  #   prefetchHash: string?;
+  #   targetHash: string?;
+  #   unpack: bool?;
+  #   name: string?;
+  # }[]
+  #
+  prefetchList ? [],
+
+  # extra packages to add to the path
+  extraPackages ? [],
+
   # change newVersion variable in it, if the contents of the page
   # is not plaintext version
   # (json for example)
   contentParser ? "echo \"$newVersion\"",
 
   unpack ? true,
-  name ? if unpack then "source" else null,
+  hashAlgo ? "sha256",
+  hashFormat ? "sri",
 }:
 
-assert builtins.isNull prefetchUrlLocation || lib.isAttrs prefetchUrlLocation;
-assert lib.isAttrs prefetchUrlLocation && (
-  lib.isString prefetchUrlLocation.file or null ||
-  lib.isPath prefetchUrlLocation.file or null
-);
-assert lib.isAttrs prefetchUrlLocation && lib.isString prefetchUrlLocation.attrpath or null;
-
 let
   realFileLocation = builtins.toString fileLocation;
-  mark = builtins.hashString "sha256" previousHash;
 
-  mark' = lib.escapeShellArg mark;
+  prefetchList' = lib.map (x:
-  prefetchUrlLocation' = lib.mapAttrs (_: lib.escapeShellArg) prefetchUrlLocation;
+    assert builtins.isNull x.prefetchUrlLocation || lib.isAttrs x.prefetchUrlLocation;
-  realFileLocation' = lib.escapeShellArg realFileLocation;
+    assert lib.isAttrs x.prefetchUrlLocation && (
-  versionUrl' = lib.escapeShellArg versionUrl;
+      lib.isString x.prefetchUrlLocation.file or null ||
+      lib.isPath x.prefetchUrlLocation.file or null
+    );
+    assert lib.isAttrs x.prefetchUrlLocation && lib.isString x.prefetchUrlLocation.attrpath or null;
+    rec {
+      inherit fileLocation hashAlgo hashFormat unpack;
+      name = if x.unpack or unpack then "source" else null;
+      mark = builtins.hashString "sha256" x.previousHash;
+      markRegexEscape = lib.escapeRegex mark;
+      realFileLocation = builtins.toString x.fileLocation or fileLocation;
+      realFileLocationShellEscape = lib.escapeShellArg realFileLocation;
+      prefetchUrlLocationShellEscape = lib.mapAttrs (_: lib.escapeShellArg) x.prefetchUrlLocation;
+      previousHashRegexEscape = lib.escapeRegex x.previousHash;
+  } // x) prefetchList;
 
-  mark'' = lib.escapeShellArg (lib.escapeRegex mark);
+  realFileLocationShellEscape = lib.escapeShellArg realFileLocation;
-  previousVersion'' = lib.escapeShellArg (lib.escapeRegex previousVersion);
+  versionUrlShellEscape = lib.escapeShellArg versionUrl;
 
-  nixUnpack = lib.optionalString unpack "--unpack";
+  previousVersionRegexEscape = lib.escapeRegex previousVersion;
-  nixName = lib.optionalString (!builtins.isNull name) "--name \"${lib.escapeShellArg name}\"";
 
-  path = lib.makeBinPath [
+
+  path = lib.makeBinPath ([
     curl
-    gawk
+    gnused
     jq
     nix
-  ];
+  ] ++ extraPackages);
 in
 
 writeScript "den-http-get-updater" (''
   PATH="${lib.escapeShellArg path}"
+  prefetchFailed=
 
-  newVersion=$(curl -L "${versionUrl'}")
+  newVersion=$(curl -L "${versionUrlShellEscape}")
   if [[ "$?" != 0 ]]; then
     echo "error: fetching new version failed" 1>&2
     exit 1
   fi
   newVersion=$(${contentParser})
-  awk -i inplace "{
+  sed -Ei "s!${previousVersionRegexEscape}!$newVersion!g" "${realFileLocationShellEscape}"
-    sub(/${previousVersion''}/, \"$newVersion\")
+''
-    # invalidate hash
+
-    sub(/${previousHash}/, \"${mark'}\")
+# invalidate hashes
-  }1" "${realFileLocation'}"
++ lib.concatStringsSep "\n" (lib.map ({
-'' + lib.optionalString (!builtins.isNull prefetchUrlLocation) ''
+  mark,
-  nixUrlsResult=$(nix-instantiate --eval --json \
+  previousHash,
-    "${prefetchUrlLocation'.file}" \
+  previousHashRegexEscape,
-    -A "${prefetchUrlLocation'.attrpath}"
+  realFileLocationShellEscape,
+  ...
+}: ''
+  sed -Ei "s!${previousHashRegexEscape}!${mark}!g" "${realFileLocationShellEscape}"
+'') prefetchList')
+
++ lib.concatStringsSep "\n" (lib.map ({
+  fileLocation,
+  markRegexEscape,
+  name,
+  prefetchUrlLocationShellEscape,
+  realFileLocationShellEscape,
+  unpack,
+  ...
+}: let
+  nixUnpack = lib.optionalString unpack "--unpack";
+  nixName = lib.optionalString (!builtins.isNull name) "--name \"${lib.escapeShellArg name}\"";
+in ''
+  nixUrlsResult=$(nix-instantiate --eval --json --strict \
+    "${prefetchUrlLocationShellEscape.file}" \
+    -A "${prefetchUrlLocationShellEscape.attrpath}"
   )
 
   urlsType=$(jq -rc 'type' <<< "$nixUrlsResult")
@@ -88,19 +132,28 @@ writeScript "den-http-get-updater" (''
   prefetchSucceeded=1
   for url in "''${prefetchUrls[@]}"; do
       echo "trying prefetch '$url'...";
-      expectedHash=$(nix-prefetch-url "$url" ${nixUnpack} ${nixName})
+      expectedHash=$(nix-prefetch-url "$url" ${nixUnpack} ${nixName} --type "${hashAlgo}")
+      expectedHash=$(nix --extra-experimental-features "nix-command" hash convert \
+        --hash-algo "${hashAlgo}" \
+        --to "${hashFormat}" \
+        "$expectedHash"
+      )
       if [[ -n $expectedHash ]]; then
           echo "prefetch succeeded!"
           echo "hash: $expectedHash"
-          awk -i inplace "{
+          sed -Ei "s!${markRegexEscape}!$expectedHash!g" "${realFileLocationShellEscape}"
-            sub(/${mark''}/, \"$expectedHash\")
-          }1" "${realFileLocation'}"
           prefetchSucceeded=
           break
       fi
   done
   if [[ -n "$prefetchSucceeded" ]]; then
       echo "warning: prefetch failed" 1>&2
+      prefetchFailed=1
+  fi
+'') (lib.filter (x: !builtins.isNull x.prefetchUrlLocation) prefetchList'))
+
++ ''
+  if [[ -n "$prefetchFailed" ]]; then
       exit 1
   fi
 '')

update-list.nix

@@ -11,3 +11,26 @@ in {
   "inputs/cosmic-modules" = inputsWithPackages.cosmic-modules;
   "inputs/nixos-vscode-server" = inputsWithPackages.nixos-vscode-server;
 })
+
+# MARK: NixOS modules
+// ( let
+  pkgs = self.modifiedNixpkgsPure {
+    localSystem = builtins.currentSystem;
+    config.allowUnfree = true;
+  };
+  lib = pkgs.lib;
+  mkUpdater = path: attrpath: extraModule: let
+    system = pkgs.nixos {
+      imports = [ path extraModule ];
+      config = {
+        _module.args = {
+          inherit self;
+          inherit (self) inputs;
+        };
+        system.stateVersion = lib.versions.pad 2 lib.trivial.verison;
+      };
+    };
+  in lib.getAttrFromPath ( [ "config" ] ++ attrpath ) system;
+in {
+  "NixOS/nvidia" = mkUpdater ./nix-os/nvidia.nix [ "hardware" "nvidia" "package" ] {};
+})