squashed from https://gitlab.com/famedly/conduit/-/merge_requests/596
ported the relevant parts to GitHub Actions
Co-authored-by: strawberry <strawberry@puppygock.gay>
Signed-off-by: strawberry <strawberry@puppygock.gay>
This uses flakes-compat to read the `flake.nix` and expose it
to non-flake users.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Signed-off-by: strawberry <strawberry@puppygock.gay>
This fixes a bug where the aarch64 OCI image had metadata saying it was
an x86_64 OCI image. On top of that, I think the metadata was actually
right (aside from Conduit's binary): since all other packages were being
pulled from `pkgsHost`, an OCI image cross compiled for aarch64 from a
different architecture would result in unexecutable binaries (e.g. tini)
since they were compiled for the completely wrong architecture.
from: https://gitlab.com/famedly/conduit/-/merge_requests/579
Signed-off-by: strawberry <strawberry@puppygock.gay>
Thanks to the crane maintainer to fixing my issue in a way that doesn't
suck, unlike my attempt in the fork we were briefly using.
from: https://gitlab.com/famedly/conduit/-/merge_requests/576
Signed-off-by: strawberry <strawberry@puppygock.gay>
Well, kinda. It crashed on me after 10 minutes because the tests timed
out like in <https://github.com/matrix-org/complement/issues/394>.
Sounds like this means it's a them problem though.
I want to use Nix to build this image instead in the future but this
will at least make it work for now and give me a reference for while I'm
porting it. I also want to make Conduit natively understand Complement's
requirements instead of `sed`ing a bunch of stuff and needing a reverse
proxy in the container. Should be more reliable that way.
I'm not making this run in CI until the above stuff is addressed and
until I can decide on a way to pin the revision of Complement being
tested against.
from: https://gitlab.com/famedly/conduit/-/merge_requests/575
Signed-off-by: strawberry <strawberry@puppygock.gay>
Without this, checking the authority of TLS certificates fails, making
Conduit (rightly) refuse to connect to anything.
Signed-off-by: strawberry <strawberry@puppygock.gay>
`nixos-unstable` is the rolling release channel of NixOS. The default is
the master branch, which doesn't always have a populated binary cache
and so may result in compiling a bunch of stuff unnecessarily.
Also add `.envrc` for direnv + Nix users. This makes developing locally
easier for us NixOS folks.
The flake itself will allow NixOS users to pull code directly from
Conduit's repository, making it completely trivial to stay up-to-date
with every commit.
I'd also like to add a NixOS module directly to this repository at some
point so that new configuration options will be available in the NixOS
module faster. But for now, NixOS users can simply override
`serivces.matrix-conduit.package` and get pretty much all the
functionality.
I've added myself to the `CODEOWNERS` file for the Nix files, since I am
willing to maintain this stuff. I use Conduit on NixOS so I'm personally
invested in having this work.
Lastly, `.gitignore` was updated to exclude symlinks created by `direnv`
and `nix build` and other such Nix commands.
This doesn't come without maintenance burden, however:
* The `sha256` in `flake.nix` will need to be updated whenever Conduit's
MSRV is updated, but that should be pretty infrequent.
* `nix flake update` should be run every so often to pull in updates to
`nixpkgs` and other flake inputs. I think downstream users can also
override this themselves with `inputs.<name>.inputs.<name>.follows`.
* `nix flake check` should be run in CI to ensure Nix builds keep
working.
* `nixpkgs-fmt --check $(fd '\.nix')` (or similar) should be run in CI
to ensure style uniformity.
Charles Hall