NixOS is a big
fan of reproduceability – indeed that's what i'm using it for. But then
I go read READMEs that say to do things like say "hey just download the
code here from github's master.tar.gz and
use it unconditionally". Nuh-uh, no can-do, bad idea. I'm going to
maintain versions in a single Nix module which can be imported and used
and updated when necessary.
To update this document:
- Call cce/update-nixpkgs-checkout to update nixpkgs and then possibly resolve merge conflicts myself.
M-o iwill callnix-update-branch-revsto fetch the latest revision for modules usingbuiltins.fetchGit.1C-u M-o owill callnix-update-declsto update therevandsha256for the rest. Note the prefix argument which will forcenix-prefetch-gitto fetch the latest revisions of the default (or specified) branch.
To understand why/how read on:
This document contains Magic
To get the org-auto-tangle to work with the document I have had to be quite careful in how I construct it. I would like to be able to update all the refs on the page at once, by an affirmative user-action. The process for updating this file involves using modifications I've made of jweigley's nix-update-el and is simple to operate:
There is some scaffolding and nuance required to make this work in the tangle stage.
First of all, org-auto-tangle is smart
enough to not execute Org
Babel functions by default. It's imperative to customize help:org-auto-tangle-babel-safelist.
Consider nix-update-branch-revs. These
are fetched using this code block referenced in the document as prefetch-git-rev, evaluated, and the results
inserted in to versions.nix using noweb syntax. If this
was evaluated every time I saved the document, the version of
home-manager and emacs-overlay which are imported would change every
time I save!
(require 's)
(s-chomp
(shell-command-to-string
(format "curl -s https://api.github.com/repos/%s/branches/%s | jq .commit.sha" REPO BRANCH)))This require's things which aren't a
part of Emacs by default, so I have to modify my AUTO_TANGLE document keyword with a new
feature to pass variables in to the async Emacs invocation, thus
#+AUTO_TANGLE: vars:load-path. This is,
unfortunately, much slower to load and thus tangle now.
You'll note that this prefetch-git-rev
is an elisp function, why not just use a shell-script? well, org doesn't
load ob-shell by default, and passing
org-babel-load-languages in to the async
function was not enough to get it to work. oh well. Luckily I don't need
anything too special here.
And so we are quite careful in how this document is constructed.
Consider the home-manager example. If (NAME) were attached to the inline
org-babel CALL, this would update every
save. So the results have to be named. The (invocation)
looks like a function call but will actually use the cached value.
#+CALL: prefetch-git-rev(REPO="nix-community/home-manager", BRANCH="master")
#+NAME: prefetch-hm (ref:NAME)
#+results:
: "60c6bfe322944d04bb38e76b64effcbd01258824"
#+begin_src nix :noweb-ref homeManager :noweb yes
homeManager = _: builtins.fetchGit {
url = "https://github.com/nix-community/home-manager.git";
rev =
<<prefetch-hm()>> (ref:invocation)
;
};
#+end_src
By structuring these invocations like this it is possible to write a
function contained in my nix-update page which will iterate
over all the call sections and update the builtins.fetchGit entities, and then update the
revisions and sha256 of the rest of the
document, and safely tangle the new values out on save. This is probably
a useful pattern in developing Hypermedia in
org-mode.
NEXT update my NixOS version pins and deploy
sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
{ ... }:
{
<<homeManager>>
<<emacsOverlay>>
<<nixpkgs>>
<<nixgl>>
<<mastodon>>
# org libraries
<<consult-org-roam>>
<<ox-rss>>
<<org-fc>>
<<delve>>
<<tabfs>>
<<cpmtools>>
# pythons
<<beetcamp>>
<<bandcamp-dl>>
<<mopidy-bandcamp>>
<<jisho-api>>
<<twitter-to-sqlite>>
<<inaturalist-to-sqlite>>
<<ttrss>>
}Run elisp:(cce/update-nixpkgs-checkout) first
Right now I am running off a branch of nixpkgs which builds
vsketch and vpype for my Plotter Art, so it's kind of a pain
to update rather than simply checking out the nixpkgs-unstable branch.. Might have to elisp:(magit-status
"/home/rrix/Code/nixpkgs") and resolve some merge conflicts… I
should upstream these packages!!!
Update home-manager by hand
"363c46b2480f1b73ec37cf68caac61f5daa82a2e"
homeManager = _: builtins.fetchGit {
url = "https://github.com/nix-community/home-manager.git";
rev =
<<prefetch-hm()>>
;
};Update emacs-overlay used in Arroyo Emacs by hand
"ecf16600106c319e7438803db9951eaa472d8513"
emacsOverlay = _: builtins.fetchGit {
url = "https://github.com/nix-community/emacs-overlay/";
rev =
<<prefetch-em()>>
;
};^ This is upstream; I also have a checkout which I can manage with elisp:(magit-status
"~/Code/emacs-overlay"); I can move the #+NAME keyword on the above code segment to this
one to build a local instance:
emacsOverlay = _: /home/rrix/Code/emacs-overlay;mastodon in Emacs ->
builds from https://codeberg.org/martianh/mastodon.el/commits/branch/main
mastodon = { pkgs, ... }: pkgs.fetchgit {
url = "https://codeberg.org/martianh/mastodon.el";
rev = "f42a3aea506b5258dcf3e2b55d211d89f68a6c8a";
sha256 = "10w0jmlywl51gsfc8c1vc2in1krk4qb1p7lswrcjhahzi2c42yh6";
# date = "2023-03-23T15:11:58+01:00";
};nixGL ->
nixGL = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "guibou";
repo = "nixGL";
rev = "c917918ab9ebeee27b0dd657263d3f57ba6bb8ad";
sha256 = "0rrxbgsv54p7cvhi24dc9yv5nphjmdj51pvy5awf07x3f1jica98";
# date = "2023-02-14T15:06:29+01:00";
};TabFS ->
tabfs-rev = "09d57f94b507f68ec5e16f53b1cc868fbaf6cceb";
tabfs-fetch = {pkgs, ...}: pkgs.fetchFromGitHub {
owner = "osnr";
repo = "TabFS";
rev = "e056ff9073470192ef4c8498aaa7e722edae87c2";
sha256 = "1xbnx30m6dcd10i5xrma5q0azky5w6hgas500ginqg9s9skgciiw";
# date = "2023-03-02T15:45:33-05:00";
};consult-org-roam
consult-org-roam-rev = "268f436858e1ea3b263782af466a54e4d603a7d2";
consult-org-roam = {pkgs, ...}: pkgs.fetchFromGitHub {
owner = "jgru";
repo = "consult-org-roam";
rev = "ede01c2710836f055351d2ef0d9fac70b885ac65";
sha256 = "05crx412wnffz2069l44py4acnp3qv04zg0279z427il24lincd4";
# date = "2023-03-01T16:55:00+01:00";
};ox-rss
ox-rss = rec {
version = "20220704.0450";
rev = "83dc898fa5493925b01716e5dd495d5e07c3d41a";
url = "https://gitlab.com/nsavage/ox-rss.git/";
src = { pkgs, ... }: pkgs.fetchgit {
rev = "3b8bbe8a392bbb04f17bf426400c53283fd3647a";
url = "https://gitlab.com/nsavage/ox-rss.git/";
sha256 = "02k9mbi3shjzpmc2z6w5ypjvxq9mlnw6qjkrs8bi10fqsw6fjkpq";
# date = "2023-01-22T11:36:35+00:00";
};
};org-fc
org-fc = rec {
rev = "f64b5336485a42be91cfe77850c02a41575f5984";
src = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "l3kn";
repo = "org-fc";
rev = "973a16a9561f1ed2fd7e4c5c614b5e5d15715b12";
sha256 = "07cjswmfwc1r11m77pp58rcpbxi3hayv2pnfrqz4zk4kvyb2zw2i";
# date = "2022-09-27T20:31:27+02:00";
};
};cpmtools
cpmtools = {
version = "2.21";
src = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "lipro-cpm4l";
repo = "cpmtools";
rev = "e534e20c15973a9559e981efb498a102020e5db7";
sha256 = "0klad0zpxsllqcrjqqmsjvhcbrw7pjnkksr4n84ma6gc3nxb984c";
# date = "2020-07-26T12:24:37+02:00";
};
};beetcamp
beetcamp = {
version = "unstable-2022-06-07";
src = { pkgs, ... }: pkgs.fetchFromGitHub {
repo = "beetcamp";
owner = "snejus";
rev = "25d0b8ab03095093afe86abb45a35fc83295e013";
sha256 = "1j05pnsbqj9nibp62p9wpzrzrcxz63i35qpxskkikjgsczv6nq0a";
# date = "2023-02-13T20:28:49+00:00";
};
};Mopidy Bandcamp
mopidy-bandcamp = {
version = "1.1.5";
src = { python3Packages, ... }: python3Packages.fetchPypi {
version = "1.1.5";
pname = "Mopidy-Bandcamp";
sha256 = "012w2iw09skayskbswp5dak0mp5xf3p0ld90lxhh8rczw9q763y2";
};
};delve
delve = {
version = "0.9.3";
commit = "9a3e2675ef76865e9ffd95bb49ae1c8307cbfcc1";
src = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "publicimageltd";
repo = "delve";
rev = "6cb166f397cb3f0cc0bee960ed6c198cfffdfde7";
sha256 = "04jhdky0wj1davrc4m042rnxl4ywwg2mxzbc10734fraxrg4yasx";
# date = "2022-11-07T14:39:51+01:00";
};
};jisho-api
jisho-api = {
version = "0.1.8";
src = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "pedroallenrevez";
repo = "jisho-api";
rev = "9d52dcd8a3fab23d1fadd2c9305008705b3bdb7f";
sha256 = "1sdjs640dxwxxxrg76pkrq8gvk5nf220dl39r7ljk6rkc9w64ljz";
# date = "2022-01-12T00:31:34+00:00";
};
};iNaturalist to Sqlite
inaturalist-to-sqlite = {
version = "0.2.1";
src = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "dogsheep";
repo = "inaturalist-to-sqlite";
rev = "d888c7c2f02aa0dfb1559603f02357cd0089da11";
sha256 = "0iybdjinlxinsh4fk74k65q39rn1phwg0q9xjay9w90i74dqd0nr";
# date = "2020-10-21T17:08:29-07:00";
};
};Twitter to Sqlite
twitter-to-sqlite = {
version = "0.2.1";
src = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "dogsheep";
repo = "twitter-to-sqlite";
rev = "f09d611782a8372cfb002792dfa727325afb4db6";
sha256 = "0nr2s1avb7ah7ygw5p75h0q6qsqvr97k46hi1hsc1j4w6gy2q810";
# date = "2021-12-26T10:08:40-08:00";
};
};bandcamp-dl
bandcamp-dl = {
version = "0.0.1";
src = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "iliana";
repo = "bandcamp-dl";
rev = "97061b5dc8dbff65aa15d36c3d22904e5463925d";
sha256 = "0cyalxc4zlyy3b965ryrhcx7in2i8rz4wngkh30m0y8sdjxiihwr";
# date = "2021-09-04T21:51:35-07:00";
};
};NEXT vsketch and vpype dependencies
NEXT automate fetchFromPyPi or move to GH fetchers
tt-rss plugins
large_apod = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "joshp23";
repo = "TTRSS-APOD-Fix";
rev = "d6233f7a9031eaa07649d6b4777525524827f9de";
sha256 = "11vi81vha3sv9nq36ipxisrnrk5y38582f2nk7qg057d6jm9jw0f";
# date = "2017-06-25T13:52:41-04:00";
};
ttrss_wallabag = { pkgs, ... }: pkgs.fetchFromGitHub {
owner = "joshp23";
repo = "ttrss-to-wallabag-v2";
rev = "49ade5a1a216de74e42c4942ffa9cbf1bf426bec";
sha256 = "09rspawg0by5fk1x5b3b3smzqp4zw93h8c7zdxr63z6wjs41ba0j";
# date = "2021-03-14T01:26:43-05:00";
};This is required because I couldn't get
nix-update-declsto update the revs of these without also populating asha256key which will not be valid in abuiltins.fetchGitinvocation. Both nix-community/emacs-overlay and home-manager are loaded in situations where there is no pre-existing nixpkgs to invoke, so they have to use this "impure" invocation.↩︎