Nix Flake for dev and release tooling

The change turns the repo into a Nix flake (flake.nix + flake.lock). Dependencies are now defined as flake inputs. This doesn't influence runtime behaviour of the platform and we still use versions.json/versions.nix for dependencies but versions.json is now generated by the flake with the same content as before. To modularize and provide convenient abstractions for the flake file, especially when dealing with support for multiple systems/architectures we use [flake-parts](https://flake.parts/). [devenv](devenv.sh) is used to define the development shell which replaces shell.nix and provides unified access to various helper scripts. The shell works for Macs (release tooling is usually run from there) and on Linux (typically developer VMs). As the top-level dir became too crowded, many scripts and files from the top-level which are related to dependency management and the release process moved to the `release` subdir. Their location isn't important anymore as they are meant to be called through scripts generated by devenv now. `./update-nixpkgs.py` is now invoked as `update_nixpkgs`, for example. See the comment at the top of `flake.nix` for more info. ./dev-setup still exists as script for our "muscle memory" but is only a facade now, just calling `dev_setup` running in a dev shell. During the the top-level directory cleanup, fc/ceph/__init__.py which serves no purpose was removed, too. This causes isort (for Python), which is part of the pre-commit hook, to sort imports differrently as fc.ceph is now recognized as external dependency. This explains the changes in pkgs/fc/ceph/fc/ceph. PL-131814
flyingcircusio · Feb 9, 2024 · 0e4ca81 · 0e4ca81
1 parent ab0b907
commit 0e4ca81
Show file tree

Hide file tree

Showing 26 changed files with 772 additions and 273 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,6 +7,7 @@
 .eggs/
 .envrc
 /*.sublime-*
+.devenv/
 __pycache__/
 bin/
 channels

diff --git a/README.md b/README.md
@@ -6,23 +6,67 @@ Development Mode
 
 Run in the source tree:
 
-    eval $(./dev-setup)
+    nix develop --impure
 
-This sets up the `channels` directory and NIX_PATH.
+This enters the dev shell where NIX_PATH is set properly and various scripts are available.
 
-Development on a Test VM
-------------------------
+Look at `flake.nix` to see how the dev shell is defined. The comment at the
+top shows which commands are available in the dev shell.
 
-For development on a FCIO test VM, sync the fc-nixos source tree to the target
-machine and set up the `channels` directory with:
+Running a Test VM on a local dev checkout
+-----------------------------------------
 
-    ./dev-setup
+To use a local dev checkout on a FCIO test VM, sync the `fc-nixos` source tree to the target
+machine:
 
-This can be done as regular user. Run the command again when nixpkgs changes
-in order to update the `channels` directory.
+    rsync -aP ~/git/fc-nixos example01:
+
+On the machine, enter the dev shell and set up the `channels` directory:
+
+    cd fc-nixos
+    nix develop --impure
+    build_channels_dir
+
+This can be done as regular user. Exit the shell and run the commands again
+when nixpkgs changes.
 
 The VM has to use a matching environment that points to the `channels` dir.
-`fc-manage switch` (as root) then uses the local code to rebuild the system.
+`sudo fc-manage switch` then uses the local code to rebuild the system.
+
+
+Automatically enter the dev shell with direnv
+---------------------------------------------
+
+Use `direnv` to automatically enter the dev shell when you change to the fc-nixos directory.
+
+To set it up with `home-manager`, see:
+https://github.com/nix-community/nix-direnv?tab=readme-ov-file#via-home-manager
+
+Without home-manager
+--------------------
+
+On a NixOS machine, enabling `programs.direnv.enable` should be enough.
+
+Add `/etc/local/nixos/dev_vm.nix`, for example:
+
+    { ... }:
+    {
+      nix.extraOptions = ''
+        keep-outputs = true
+      '';
+      programs.direnv.enable = true;
+    }
+
+Rebuild the system, close the shell/tmux session and log in again.
+
+In `fc-nixos`, add an `.envrc` file like:
+
+    use flake . --impure --allow-dirty
+    build_channels_dir
+
+Then, run `direnv allow` to build and enter the dev shell.
+
+Run `direnv allow` again if the dev shell disappears or doesn't reload automatically.
 
 
 Build Single Packages
@@ -34,17 +78,17 @@ Run in development mode:
 
 Or build package by directly calling a Nix expression:
 
-    nix-build -E 'with import <nixpkgs> {}; callPackage path/to/file.nix {}'
+    nix-build -E 'with import <fc> {}; callPackage path/to/file.nix {}'
 
 
 (Dry-)Build System
 ------------------
 
 Run in development mode:
 
-    nix-build '<nixpkgs/nixos>' -A system
+    sudo nix-build '<nixpkgs/nixos>' -A system
 
-Must be executed as *root* on FCIO test VMs.
+(Must be executed as *root* on FCIO test VMs).
 
 
 Execute Tests
@@ -87,18 +131,21 @@ Run the whole test suite (may take a very long time):
     nix-build release -A tested
 
 
-Update Pinned Nixpkgs
----------------------
+Update Pinned Dependencies
+--------------------------
+
+The nixpkgs and nixos-mailserver versions used by the platform are pinned in `flake.lock`. The versions and hashes are written to `release/versions.json` by our release tooling and read from there by platform code.
+
+We use our [nixpkgs fork](https://github.com/flyingcircusio/nixpkgs) and the nixos-mailserver fork from our Gitlab.
 
-We pin the used nixpkgs version in `versions.json` to a commit id from our
-[nixpkgs fork](https://github.com/flyingcircusio/nixpkgs). The typical workflow
-for a nixpkgs update looks like this:
+The typical workflow for a nixpkgs update looks like this (run in the dev shell):
 
-1. Prefetch hash for new version: `nix-prefetch-github flyingcircusio nixpkgs --rev nixos-23.11`
-2. Change rev and sha256 in `versions.json` according to the prefetch output.
-3. Create a draft PR with the changed `versions.json` and wait until Hydra finishes building.
-4. When Hydra is green, try it out on a test VM. Don't forget to run `./dev-setup`  to update the `channels` directory!
+1. Rebase local nixpkgs onto current upstream version: `update_nixpkgs --nixpkgs-path ~/worksets/nixpkgs/fc/nixos-23.11 nixpkgs`
+2. Update `versions.json` and `package-versions.json` (must be able to talk to hydra01): `update_nixpkgs fc-nixos`
+3. Create a draft PR with the changes and wait until Hydra finishes building.
+4. When Hydra is green, try it out on a test VM. Don't forget to run `build_channels_dir` if you haven't set up direnv!
 
+To learn more about our release tooling, look at the comment in `flake.nix` at the top.
 
 License
 -------

diff --git a/dev-setup b/dev-setup
@@ -1,52 +1,6 @@
 #!/usr/bin/env bash
-# Usage: eval `./dev-setup`
-set -e
-
+echo "This will set up the channels dir and show the export command to set the NIX_PATH accordingly." >&2
+echo "You can also use 'nix develop --impure' to open the dev shell and run build_channels_dir from there." >&2
 # ensure PWD is the directory this script resides in (allows calls like ../dev-setup or $HOME/fc-nixos/dev-setup)
 cd "$(dirname "$(readlink -f "$0")")"
-
-base=$PWD
-# preserve nixos-config
-config=$(nix-instantiate --find-file nixos-config 2>/dev/null) || true
-
-# bootstrapping with what we find on the system
-for candidate in \
-        $HOME/.nix-defexpr/channels/nixos \
-        $HOME/.nix-defexpr/channels_root/nixos \
-        $HOME/.nix-defexpr/channels \
-        $HOME/.nix-defexpr/channels_root; do
-    if [[ -e ${candidate} ]]; then
-        NIX_PATH="${NIX_PATH}${NIX_PATH:+:}${candidate}"
-    fi
-done
-export NIX_PATH
-channels=`nix-build -Q --quiet versions.nix -A allUpstreams --no-out-link`
-if [[ -z $channels ]]; then
-    echo "$0: failed to build nixpkgs+overlay" >&2
-    exit 1
-fi
-mkdir -p channels
-find $channels -maxdepth 1 -type l | while read channel; do
-    target="channels/${channel##*/}"
-    # don't toucn anything which is not a link into the nix store
-    if [[ ! -L $target && -d $target ]]; then
-        echo "$0: warning: $target appears to be a local dev checkout" >&2
-        continue
-    elif [[ -L $target && $(readlink $target) != /nix/store/* ]]; then
-        echo "$0: warning: $target appears to be a local dev checkout" >&2
-        continue
-    fi
-    ln -fs $channel channels
-done
-if ! [[ -e channels/fc ]]; then
-    ln -s .. channels/fc
-fi
-
-NIX_PATH="$base/channels"
-if [[ -n "$config" ]]; then
-    NIX_PATH="${NIX_PATH}:nixos-config=$config"
-else
-    NIX_PATH="${NIX_PATH}:nixos-config=${base}/nixos"
-fi
-
-echo "export NIX_PATH=$NIX_PATH"
+nix develop --impure "$@" --command dev_setup
diff --git a/fc-get-current-channel-url.sh b/fc-get-current-channel-url.sh
diff --git a/fc/ceph/__init__.py b/fc/ceph/__init__.py