move nixpkgs-stable to private flake inputs

now with home-manager and nix-darwin tests, we don't want to increase the number of dependencies a user has to override in their flake.lock.
Mic92 · Nov 17, 2024 · fcff9a0 · fcff9a0
1 parent 6bed439
commit fcff9a0
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 42 deletions.
diff --git a/dev/private.narHash b/dev/private.narHash
@@ -0,0 +1 @@
+sha256-qF9EiqHqJARLtA+ZABXa2mstgbza762DwoGEIGkyqVY=
diff --git a/dev/private/flake.lock b/dev/private/flake.lock
diff --git a/dev/private/flake.nix b/dev/private/flake.nix
@@ -0,0 +1,9 @@
+{
+  description = "private inputs";
+  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05";
+
+  inputs.treefmt-nix.url = "github:numtide/treefmt-nix";
+  inputs.treefmt-nix.inputs.nixpkgs.follows = "nixpkgs-stable";
+
+  outputs = _: { };
+}
diff --git a/flake.nix b/flake.nix
@@ -1,7 +1,7 @@
 {
   description = "Integrates sops into nixos";
   inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05";
+
   nixConfig.extra-substituters = [ "https://cache.thalheim.io" ];
   nixConfig.extra-trusted-public-keys = [
     "cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="
@@ -10,21 +10,41 @@
     {
       self,
       nixpkgs,
-      nixpkgs-stable,
-    }:
+    }@inputs:
     let
+      loadPrivateFlake =
+        path:
+        let
+          flakeHash = builtins.readFile "${toString path}.narHash";
+          flakePath = "path:${toString path}?narHash=${flakeHash}";
+        in
+        builtins.getFlake (builtins.unsafeDiscardStringContext flakePath);
+
+      privateFlake = loadPrivateFlake ./dev/private;
+
+      privateInputs = privateFlake.inputs;
+
       systems = [
         "x86_64-linux"
         "x86_64-darwin"
         "aarch64-darwin"
         "aarch64-linux"
       ];
-      forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
-      suffix-version =
-        version: attrs:
-        nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs;
-      suffix-stable = suffix-version "-24_05";
+
+      eachSystem =
+        f:
+        builtins.listToAttrs (
+          builtins.map (system: {
+            name = system;
+            value = f {
+              pkgs = inputs.nixpkgs.legacyPackages.${system};
+              inherit system;
+            };
+          }) systems
+        );
+
     in
+    # public outputs
     {
       overlays.default =
         final: prev:
@@ -52,39 +72,33 @@
         sops = ./modules/nix-darwin;
         default = self.darwinModules.sops;
       };
-      packages = forAllSystems (
-        system:
-        import ./default.nix {
-          pkgs = import nixpkgs { inherit system; };
-        }
-      );
-      checks =
-        nixpkgs.lib.genAttrs
-          [
-            "x86_64-linux"
-            "aarch64-linux"
-          ]
-          (
-            system:
-            let
-              tests = self.packages.${system}.sops-install-secrets.tests;
-              packages-stable = import ./default.nix {
-                pkgs = import nixpkgs-stable { inherit system; };
-              };
-              tests-stable = packages-stable.sops-install-secrets.tests;
-            in
-            tests // (suffix-stable tests-stable) // (suffix-stable packages-stable)
-          );
+      packages = eachSystem ({ pkgs, ... }: import ./default.nix { inherit pkgs; });
+    }
+    //
+      # dev outputs
+      {
+        checks = eachSystem (
+          { system, ... }:
+          let
+            tests = self.packages.${system}.sops-install-secrets.tests;
+            packages-stable = import ./default.nix {
+              pkgs = privateInputs.nixpkgs-stable.legacyPackages.${system};
+            };
+            tests-stable = packages-stable.sops-install-secrets.tests;
+            suffix-version =
+              version: attrs:
+              nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs;
+            suffix-stable = suffix-version "-24_05";
+          in
+          tests // (suffix-stable tests-stable) // (suffix-stable packages-stable)
+        );
 
-      devShells = forAllSystems (
-        system:
-        let
-          pkgs = nixpkgs.legacyPackages.${system};
-        in
-        {
-          unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { };
-          default = pkgs.callPackage ./shell.nix { };
-        }
-      );
-    };
+        devShells = eachSystem (
+          { pkgs, ... }:
+          {
+            unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { };
+            default = pkgs.callPackage ./shell.nix { };
+          }
+        );
+      };
 }
diff --git a/shell.nix b/shell.nix
@@ -10,6 +10,11 @@ pkgs.mkShell {
     util-linux
     nix
     golangci-lint
+
+    (pkgs.writeScriptBin "update-dev-private-narHash" ''
+      nix --extra-experimental-features "nix-command flakes" flake lock ./dev/private
+      nix --extra-experimental-features "nix-command flakes" hash path ./dev/private | tr -d '\n' > ./dev/private.narHash
+    '')
   ];
   # delve does not compile with hardening enabled
   hardeningDisable = [ "all" ];
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		sha256-qF9EiqHqJARLtA+ZABXa2mstgbza762DwoGEIGkyqVY=