diff --git a/csv/oceanbox.csv b/csv/oceanbox.csv index 1449d17..efaef22 100644 --- a/csv/oceanbox.csv +++ b/csv/oceanbox.csv @@ -95,3 +95,15 @@ user,asmund.bakke@oceanbox.io@oceanbox.io,registered,user,asmund.bakke@oceanbox. user,asmund.bakke@oceanbox.io@oceanbox.io,superuser,system,atlantis,, user,asmund.bakke@oceanbox.io@oceanbox.io,admin,organization,oceanbox,, user,asmund.bakke@oceanbox.io@oceanbox.io,member,group,/oceanbox,, + +user,erlend.mundal@oceanbox.io,active,user,erlend.mundal@oceanbox.io,, +user,erlend.mundal@oceanbox.io,registered,user,erlend.mundal@oceanbox.io,, +user,erlend.mundal@oceanbox.io,superuser,system,atlantis,, +user,erlend.mundal@oceanbox.io,admin,organization,oceanbox,, +user,erlend.mundal@oceanbox.io,member,group,/oceanbox,, + +user,ole.tytlandsvik@oceanbox.io,active,user,ole.tytlandsvik@oceanbox.io,, +user,ole.tytlandsvik@oceanbox.io,registered,user,ole.tytlandsvik@oceanbox.io,, +user,ole.tytlandsvik@oceanbox.io,superuser,system,atlantis,, +user,ole.tytlandsvik@oceanbox.io,admin,organization,oceanbox,, +user,ole.tytlandsvik@oceanbox.io,member,group,/oceanbox,, diff --git a/npins/default.nix b/npins/default.nix index 6592476..884fc8c 100644 --- a/npins/default.nix +++ b/npins/default.nix @@ -9,8 +9,15 @@ */ # Generated by npins. Do not modify; will be overwritten regularly let - data = builtins.fromJSON (builtins.readFile ./sources.json); - version = data.version; + # Backwards-compatibly make something that previously didn't take any arguments take some + # The function must return an attrset, and will unfortunately be eagerly evaluated + # Same thing, but it catches eval errors on the default argument so that one may still call it with other arguments + mkFunctor = + fn: + let + e = builtins.tryEval (fn { }); + in + (if e.success then e.value else { error = fn { }; }) // { __functor = _self: fn; }; # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 range = @@ -21,7 +28,6 @@ let # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); - concatMapStrings = f: list: concatStrings (map f list); concatStrings = builtins.concatStringsSep ""; # If the environment variable NPINS_OVERRIDE_${name} is set, then use @@ -48,41 +54,87 @@ let mkSource = name: spec: + { + pkgs ? null, + }: assert spec ? type; let + # Unify across builtin and pkgs fetchers. + # `fetchGit` requires a wrapper because of slight API differences. + fetchers = + if pkgs == null then + { + inherit (builtins) fetchTarball fetchurl; + # For some fucking reason, fetchGit has a different signature than the other builtin fetchers … + fetchGit = args: (builtins.fetchGit args).outPath; + } + else + { + fetchTarball = + { + url, + sha256, + }: + pkgs.fetchzip { + inherit url sha256; + extension = "tar"; + }; + inherit (pkgs) fetchurl; + fetchGit = + { + url, + submodules, + rev, + name, + narHash, + }: + pkgs.fetchgit { + inherit url rev name; + fetchSubmodules = submodules; + hash = narHash; + }; + }; + + # Dispatch to the correct code path based on the type path = if spec.type == "Git" then - mkGitSource spec + mkGitSource fetchers spec else if spec.type == "GitRelease" then - mkGitSource spec + mkGitSource fetchers spec else if spec.type == "PyPi" then - mkPyPiSource spec + mkPyPiSource fetchers spec else if spec.type == "Channel" then - mkChannelSource spec + mkChannelSource fetchers spec else if spec.type == "Tarball" then - mkTarballSource spec + mkTarballSource fetchers spec + else if spec.type == "Container" then + mkContainerSource pkgs spec else builtins.throw "Unknown source type ${spec.type}"; in spec // { outPath = mayOverride name path; }; mkGitSource = + { + fetchTarball, + fetchGit, + ... + }: { repository, revision, url ? null, submodules, hash, - branch ? null, ... }: assert repository ? type; # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository # In the latter case, there we will always be an url to the tarball if url != null && !submodules then - builtins.fetchTarball { + fetchTarball { inherit url; - sha256 = hash; # FIXME: check nix version & use SRI hashes + sha256 = hash; } else let @@ -93,6 +145,8 @@ let "https://github.com/${repository.owner}/${repository.repo}.git" else if repository.type == "GitLab" then "${repository.server}/${repository.repo_path}.git" + else if repository.type == "Forgejo" then + "${repository.server}/${repository.owner}/${repository.repo}.git" else throw "Unrecognized repository type ${repository.type}"; urlToName = @@ -107,40 +161,89 @@ let "${if matched == null then "source" else builtins.head matched}${appendShort}"; name = urlToName url revision; in - builtins.fetchGit { + fetchGit { rev = revision; - inherit name; - # hash = hash; - inherit url submodules; + narHash = hash; + + inherit name submodules url; }; mkPyPiSource = - { url, hash, ... }: - builtins.fetchurl { + { fetchurl, ... }: + { + url, + hash, + ... + }: + fetchurl { inherit url; sha256 = hash; }; mkChannelSource = - { url, hash, ... }: - builtins.fetchTarball { + { fetchTarball, ... }: + { + url, + hash, + ... + }: + fetchTarball { inherit url; sha256 = hash; }; mkTarballSource = + { fetchTarball, ... }: { url, locked_url ? url, hash, ... }: - builtins.fetchTarball { + fetchTarball { url = locked_url; sha256 = hash; }; + + mkContainerSource = + pkgs: + { + image_name, + image_tag, + image_digest, + ... + }: + if pkgs == null then + builtins.throw "container sources require passing in a Nixpkgs value: https://github.com/andir/npins/blob/master/README.md#using-the-nixpkgs-fetchers" + else + pkgs.dockerTools.pullImage { + imageName = image_name; + imageDigest = image_digest; + finalImageTag = image_tag; + }; in -if version == 5 then - builtins.mapAttrs mkSource data.pins -else - throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" +mkFunctor ( + { + input ? ./sources.json, + }: + let + data = + if builtins.isPath input then + # while `readFile` will throw an error anyways if the path doesn't exist, + # we still need to check beforehand because *our* error can be caught but not the one from the builtin + # *piegames sighs* + if builtins.pathExists input then + builtins.fromJSON (builtins.readFile input) + else + throw "Input path ${toString input} does not exist" + else if builtins.isAttrs input then + input + else + throw "Unsupported input type ${builtins.typeOf input}, must be a path or an attrset"; + version = data.version; + in + if version == 7 then + builtins.mapAttrs (name: spec: mkFunctor (mkSource name spec)) data.pins + else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" +) diff --git a/npins/sources.json b/npins/sources.json index 1fc0e47..548621f 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -3,9 +3,9 @@ "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre885943.e99366c665bd/nixexprs.tar.xz", - "hash": "1cl8gphr2r9yz5qxn4r85bcgdba23igjc269dv4jajw9r50xgij6" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre920722.76eec3925eb9/nixexprs.tar.xz", + "hash": "sha256-IVq6jxkcTuudaj3c78xl2xG2fZSL9gS7JMPFUl3q7j4=" } }, - "version": 5 + "version": 7 }