New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
autobrr: init at 1.36.0 #287593
base: master
Are you sure you want to change the base?
autobrr: init at 1.36.0 #287593
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Three commits please:
- maintainers: add av-gal
- autobrr: init at 1.36.0
- nixos/autobrr: init
I think I've addressed all remaining concerns. @ambroisie please let me know if I've missed anything from your original review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There should be a settings
option to create config.toml
. See NixOS/rfcs#42.
DynamicUser = true; | ||
StateDirectory = "autobrr"; | ||
StateDirectoryMode = "0700"; | ||
ExecStart = "${pkgs.autobrr}/bin/autobrr --config '${WorkingDirectory}'"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ExecStart = "${pkgs.autobrr}/bin/autobrr --config '${WorkingDirectory}'"; | |
ExecStart = "${lib.getExe pkgs.autobrr} --config '${WorkingDirectory}'"; |
|
||
vendorHash = "sha256-SkwSKFEZAmjVnaSowIbrdH667vB5WqNrPuRs/Yh6BLc="; | ||
|
||
preBuild = "cp -r ${autobrr-web}/* web/dist"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
preBuild = "cp -r ${autobrr-web}/* web/dist"; | |
preBuild = '' | |
cp -r ${autobrr-web}/* web/dist | |
''; |
DynamicUser = true; | ||
StateDirectory = "autobrr"; | ||
StateDirectoryMode = "0700"; | ||
ExecStart = "${pkgs.autobrr}/bin/autobrr --config '${WorkingDirectory}'"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is WorkingDirectory
defined?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And please use lib.getExe
:
ExecStart = "${pkgs.autobrr}/bin/autobrr --config '${WorkingDirectory}'"; | |
ExecStart = "${lib.getExe pkgs.autobrr} --config '${WorkingDirectory}'"; |
autobrr-web = stdenvNoCC.mkDerivation { | ||
pname = "${pname}-web"; | ||
inherit src version; | ||
|
||
nativeBuildInputs = [ | ||
nodePackages.pnpm | ||
cacert | ||
]; | ||
|
||
buildPhase = '' | ||
runHook preBuild | ||
|
||
export HOME=$(mktemp -d) | ||
pnpm --dir web install | ||
pnpm --dir web run build | ||
|
||
mv web/dist $out | ||
|
||
runHook postBuild | ||
''; | ||
|
||
dontInstall = true; | ||
|
||
outputHashMode = "recursive"; | ||
outputHash = "sha256-IOrW26Nq+9PYWlzUSpPBfkv3jzs5VlfF0JVFaUCDMmw="; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So at least we're not using an FOD to store the pnpm
dependencies. But I still worry that the output is not bit-for-bit reproducible.
My recommendation is to:
- Try to use
pnpm-export
and usebuildNpmPackage
ormkYarnPackage
. - If
pnpm-export
doesn't work, just generate a lock file manually.
In either case, this would mean vendoring the lock file to the repository.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this derivation should be bit-for-bit reproducible. Different versions of pnpm might have different store or cache formats, but each module in node_modules
will be consistent with its hash in pnpm-lock.yaml
. dist
just contains the final bundle created by Vite. Why would that change because the dependencies are grabbed with a different package manager?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What makes you believe the output of pnpm --dir web run build
is reproducible? Do TypeScript and Vite claim to be reproducible?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
error: build of '/nix/store/cfcl0gpb9p5nnphw25g9mc6hifjpf3wl-autobrr-web-1.36.0.drv' on 'ssh://nix@willard' failed: hash mismatch in fixed-output derivation '/nix/store/cfcl0gpb9p5nnphw25g9mc6hifjpf3wl-autobrr-web-1.36.0.drv':
specified: sha256-IOrW26Nq+9PYWlzUSpPBfkv3jzs5VlfF0JVFaUCDMmw=
got: sha256-SkwSKFEZAmjVnaSowIbrdH667vB5WqNrPuRs/Yh6BLc=
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pnpm --dir web run build
just runs tsc && vite build
, as specified in package.json
. Neither of these claim to be reproducible build tools (I don't think), but I believe that buildNpmPackage
or mkYarnPackage
would execute those commands in the same way. Please correct me if I'm wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May I ask if you did anything to cause the hash mismatch? Or did you just try to build it on your machine
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The latter.
Neither of these claim to be reproducible build tools (I don't think), but I believe that
buildNpmPackage
ormkYarnPackage
would execute those commands in the same way.
Yes but those aren't used in FODs.
|
||
vendorHash = "sha256-SkwSKFEZAmjVnaSowIbrdH667vB5WqNrPuRs/Yh6BLc="; | ||
|
||
preBuild = "cp -r ${autobrr-web}/* web/dist"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For easy diffs, I'd use a multi-line string:
preBuild = "cp -r ${autobrr-web}/* web/dist"; | |
preBuild = '' | |
cp -r ${autobrr-web}/* web/dist | |
''; |
@@ -0,0 +1,70 @@ | |||
{ config, pkgs, lib, ... }: | |||
|
|||
with lib; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
openFirewall = mkOption { | ||
type = types.bool; | ||
default = false; | ||
description = lib.mdDoc "Open ports in the firewall for the Autobrr web interface."; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We just released v1.38.0 so might be a good idea to bump the version in this pr 😄 |
Description of changes
Reopening #283389. Closes #224560.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.