Merge pull request 'base: add option config.virtualisation.vmVariant' (!101) from vm into main

Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/101
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>

base/default.nix

@@ -7,6 +7,7 @@
 
     ./networking.nix
     ./nix.nix
+    ./vm.nix
 
     ./services/acme.nix
     ./services/uptimed.nix
@@ -77,4 +78,3 @@
   # Trusted users on the nix builder machines
   users.groups."nix-builder-users".name = "nix-builder-users";
 }
-

base/services/auto-upgrade.nix

@@ -1,16 +1,27 @@
 { inputs, pkgs, lib, ... }:
+
+let
+  inputUrls = lib.mapAttrs (input: value: value.url) (import "${inputs.self}/flake.nix").inputs;
+in
+
 {
   system.autoUpgrade = {
     enable = true;
     flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
     flags = [
-      # --update-input is deprecated since nix 2.22, and removed in lix 2.90
-      # https://git.lix.systems/lix-project/lix/issues/400
       "--refresh"
-      "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-24.11-small"
-      "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small"
       "--no-write-lock-file"
-    ];
+      # --update-input is deprecated since nix 2.22, and removed in lix 2.90
+      # as such we instead use --override-input combined with --refresh
+      # https://git.lix.systems/lix-project/lix/issues/400
+    ] ++ (lib.pipe inputUrls [
+      (lib.intersectAttrs {
+        nixpkgs = { };
+        nixpkgs-unstable = { };
+      })
+      (lib.mapAttrsToList (input: url: ["--override-input" input url]))
+      lib.concatLists
+    ]);
   };
 
   # workaround for https://github.com/NixOS/nix/issues/6895

base/vm.nix

@@ -0,0 +1,15 @@
+{ lib, ... }:
+
+# This enables
+#     lib.mkIf (!config.virtualisation.isVmVariant) { ... }
+
+{
+  options.virtualisation.isVmVariant = lib.mkOption {
+    description = "`true` if system is build with 'nixos-rebuild build-vm'";
+    type = lib.types.bool;
+    default = false;
+  };
+  config.virtualisation.vmVariant = {
+    virtualisation.isVmVariant = true;
+  };
+}

flake.lock

@@ -139,34 +139,28 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1745526780,
-        "narHash": "sha256-LXXYBmFPMQU2lTb6alKWfjgQs08BKn+txMNcgbu00hI=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9204750b34cae1a8347ab4b5588115edfeebc6d7",
-        "type": "github"
+        "lastModified": 1748615477,
+        "narHash": "sha256-8sjG4sNIonQPK2olCGvq3/j1qtjwPaTOFU5nkz1gj2Q=",
+        "rev": "97d3ce1ceb663a24184aac92b7e9e8f5452111c1",
+        "type": "tarball",
+        "url": "https://releases.nixos.org/nixos/24.11-small/nixos-24.11.718472.97d3ce1ceb66/nixexprs.tar.xz?rev=97d3ce1ceb663a24184aac92b7e9e8f5452111c1"
       },
       "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.11-small",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "tarball",
+        "url": "https://nixos.org/channels/nixos-24.11-small/nixexprs.tar.xz"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1745688173,
-        "narHash": "sha256-fgvG1O5JvSSjeQx+ea0DJ3GfMbLPVhAQta/DqQ2y6jc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "6a2957c7978b189202e03721aab901c0a9dc1e1a",
-        "type": "github"
+        "lastModified": 1748588304,
+        "narHash": "sha256-YCnUqO9k39p0oMIBndxYTbu8m0fOA/KVcq3IekXPy9c=",
+        "rev": "b8af95f4cf511c5f056b463c3a45d2b63c7cfb03",
+        "type": "tarball",
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre807945.b8af95f4cf51/nixexprs.tar.xz?rev=b8af95f4cf511c5f056b463c3a45d2b63c7cfb03"
       },
       "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable-small",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "tarball",
+        "url": "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz"
       }
     },
     "pvv-calendar-bot": {

flake.nix

@@ -2,8 +2,8 @@
   description = "PVV System flake";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; # remember to also update the url in base/services/auto-upgrade.nix
-    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
+    nixpkgs.url = "https://nixos.org/channels/nixos-24.11-small/nixexprs.tar.xz";
+    nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz";
 
     sops-nix.url = "github:Mic92/sops-nix";
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";

justfile

@@ -1,25 +1,56 @@
+set positional-arguments # makes variables accesible as $1 $2 $@
 export GUM_FILTER_HEIGHT := "15"
-nom := `if command -v nom >/dev/null; then echo nom; else echo nix; fi`
+nom := `if [[ -t 1 ]] && command -v nom >/dev/null; then echo nom; else echo nix; fi`
+nix_eval_opts := "--log-format raw --option warn-dirty false"
 
 @_default:
   just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))"
 
-check:
-  nix flake check --keep-going
+check *_:
+  nix flake check --keep-going "$@"
 
-build-machine machine=`just _a_machine`:
-  {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel
+build-machine machine=`just _a_machine` *_:
+  {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel "${@:2}"
 
-run-vm machine=`just _a_machine`:
-  nixos-rebuild build-vm --flake .#{{ machine }}
+run-vm machine=`just _a_machine` *_:
+  nixos-rebuild build-vm --flake .#{{ machine }} "${@:2}"
   QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::8081-:443,hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
 
-@update-inputs:
-  nix eval .#inputs --apply builtins.attrNames --json \
-    | jq '.[]' -r \
-    | gum choose --no-limit --height=15 \
-    | xargs -L 1 nix flake lock --update-input
+@update-inputs *_:
+  @git reset flake.lock
+  @git restore flake.lock
+  nix eval {{nix_eval_opts}} --file flake.nix --apply 'x: builtins.attrNames x.inputs' --json \
+    | { printf "%s\n" --commit-lock-file; jq '.[]' -r | grep -vxF "self" ||:; } \
+    | gum choose --no-limit --header "Choose extra arguments:" \
+    | tee >(xargs -d'\n' echo + nix flake update "$@" >&2) \
+    | xargs -d'\n' nix flake update "$@"
+
+@repl $machine=`just _a_machine` *_:
+  set -v; nixos-rebuild --flake .#"$machine" repl "${@:2}"
+
+@eval $machine=`just _a_machine` $attrpath="system.build.toplevel.outPath" *_:
+  set -v; nix eval {{nix_eval_opts}} ".#nixosConfigurations.\"$machine\".config.$attrpath" --show-trace "${@:3}"
+
+@eval-vm $machine=`just _a_machine` $attrpath="system.build.toplevel.outPath" *_:
+  just eval "$machine" "virtualisation.vmVariant.$attrpath" "${@:3}"
 
 
+# helpers
+
+[no-exit-message]
 _a_machine:
-  nix eval .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r | gum filter
+  #!/usr/bin/env -S sh -euo pipefail
+  machines="$(
+    nix eval {{nix_eval_opts}} .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r
+  )"
+  [ -n "$machines" ] || { echo >&2 "ERROR: no machines found"; false; }
+  if [ -s .direnv/vars/last-machine.txt ]; then
+    machines="$(
+      grep <<<"$machines" -xF  "$(cat .direnv/vars/last-machine.txt)" ||:
+      grep <<<"$machines" -xFv "$(cat .direnv/vars/last-machine.txt)" ||:
+    )"
+  fi
+  choice="$(gum filter <<<"$machines")"
+  mkdir -p .direnv/vars
+  cat <<<"$choice" >.direnv/vars/last-machine.txt
+  cat <<<"$choice"