weasel: nix-serve bind to 0.0.0.0

Proper override for haskell package

madness

Fix nix-serve-ng override

.gitea/workflows/ci.yaml

@@ -12,9 +12,4 @@ jobs:
     runs-on: native
     steps:
       - uses: https://gitea.com/ScMi1/checkout@v1.4
-      - run: nix build -L --no-link --print-out-paths .#bsc.ci.all
+      - run: nix build -L --no-link --print-out-paths .#bsc-ci.all
-  build:cross:
-    runs-on: native
-    steps:
-      - uses: https://gitea.com/ScMi1/checkout@v1.4
-      - run: nix build -L --no-link --print-out-paths .#bsc.ci.cross

flake.lock

@@ -2,14 +2,12 @@
   "nodes": {
     "agenix": {
       "inputs": {
-        "darwin": [],
+        "darwin": "darwin",
-        "home-manager": [],
+        "home-manager": "home-manager",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": [
+        "systems": "systems"
-          "systems"
-        ]
       },
       "locked": {
         "lastModified": 1750173260,
@@ -25,6 +23,49 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1744478979,
+        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1752436162,
@@ -44,21 +85,23 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs"
-        "systems": "systems"
       }
     },
     "systems": {
-      "flake": false,
       "locked": {
-        "path": "./pkgs/systems.nix",
+        "lastModified": 1681028828,
-        "type": "path"
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
       },
       "original": {
-        "path": "./pkgs/systems.nix",
+        "owner": "nix-systems",
-        "type": "path"
+        "repo": "default",
-      },
+        "type": "github"
-      "parent": []
+      }
     }
   },
   "root": "root",

flake.nix

@@ -1,15 +1,8 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
-
-    systems.url = "path:./pkgs/systems.nix";
-    systems.flake = false;
-
     agenix.url = "github:ryantm/agenix";
     agenix.inputs.nixpkgs.follows = "nixpkgs";
-    agenix.inputs.systems.follows = "systems";
-    agenix.inputs.darwin.follows = "";
-    agenix.inputs.home-manager.follows = "";
   };
 
   outputs = { self, nixpkgs, agenix, ... }:
@@ -49,7 +42,9 @@ in
     # full nixpkgs with our overlay applied
     legacyPackages.${system} = pkgs;
 
-    hydraJobs = self.legacyPackages.${system}.bsc.hydraJobs;
+    hydraJobs = {
+      inherit (self.legacyPackages.${system}.bsc-ci) tests pkgs cross;
+    };
 
     # propagate nixpkgs lib, so we can do bscpkgs.lib
     inherit (nixpkgs) lib;

m/common/base.nix

@@ -18,5 +18,6 @@
     ./base/users.nix
     ./base/watchdog.nix
     ./base/zsh.nix
+    ./base/fish.nix
   ];
 }

m/common/base/env.nix

@@ -5,6 +5,8 @@
     vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
     nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
     ncdu config.boot.kernelPackages.perf ldns pv
+    nix-output-monitor
+    nixfmt-rfc-style
     # From bsckgs overlay
     osumb
   ];

m/common/base/fish.nix

@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.fish.enable = true;
+}

m/common/base/users.nix

@@ -87,6 +87,12 @@
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc"
         ];
+        shell = pkgs.fish;
+        packages = with pkgs; [
+          starship
+          jujutsu
+          neovim
+        ];
       };
 
       vlopez = {

m/weasel/configuration.nix

@@ -1,9 +1,11 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
 
 {
   imports = [
     ../common/ssf.nix
     ../module/hut-substituter.nix
+    ./virtualization.nix
+    ./hydra.nix
   ];
 
   # Select this using the ID to avoid mismatches
@@ -30,4 +32,23 @@
       prefixLength = 24;
     } ];
   };
+
+  services.nix-serve = {
+    enable = true;
+    bindAddress = "0.0.0.0";
+    port = 5000;
+    package = pkgs.haskell.lib.overrideSrc (pkgs.haskell.packages.ghc96.nix-serve-ng.override { nix = pkgs.nixVersions.nix_2_28; }) {
+      src = pkgs.fetchgit {
+        url = "https://jungle.bsc.es/git/abonerib/nix-serve-ng.git";
+        rev = "9c056641300a826db66b66d7e584b2541d38927a";
+        hash = "sha256-y69ZchFiZOU71eyeljcQgLxkLk5JUzZfanq8Yzw4MkI=";
+      };
+      version = "unstable";
+    };
+
+    secretKeyFile = "/var/cache-priv-key.pem";
+    # Public key:
+    # 10.0.40.6:8jBhIdXEBap+Qo+vc1/fnV9vj43A2oDk839EEheRr/U=
+  };
+
 }

m/weasel/hydra.nix

@@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }:
+{
+  services.hydra = {
+    enable = true;
+
+    # Wrap hydra so it puts quiet flag every time... This is dumb and annoying,
+    # but i can't override the systemd ExecStart without running into infinite
+    # recursion.
+    package = pkgs.symlinkJoin {
+      name = "hydra-quiet";
+      paths = [ pkgs.hydra ];
+      postBuild = ''
+        for prog in hydra-queue-runner hydra-evaluator ; do
+          prev=$(realpath $out/bin/$prog)
+          rm $out/bin/$prog
+          cat >$out/bin/$prog <<EOF
+        #!/bin/sh
+        args=()
+        for arg in "\$@"; do
+          if [ "\$arg" != "-v" ]; then
+            args+=("\$arg")
+          fi
+        done
+        exec $prev --quiet "\''${args[@]}"
+        EOF
+
+          chmod +x $out/bin/$prog
+        done
+      '';
+    };
+
+    hydraURL = "http://localhost:3001"; # externally visible URL
+    notificationSender = "hydra@jungle.bsc.es"; # e-mail of Hydra service
+    port = 3001;
+    # a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
+    buildMachinesFiles = [ ];
+    # you will probably also want, otherwise *everything* will be built from scratch
+    useSubstitutes = true;
+    listenHost = "0.0.0.0"; # Force IPv4
+  };
+
+  systemd.services.hydra-send-stats.enable = lib.mkForce false;
+
+  networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
+
+  nix.settings.extra-allowed-uris = [
+    "git+ssh://git@bscpm04.bsc.es"
+    "git+ssh://git@gitlab-internal.bsc.es"
+    "https://github.com"
+    "git+ssh://github.com"
+  ];
+}

m/weasel/virtualization.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+{
+  # Enable common container config files in /etc/containers
+  virtualisation.containers.enable = true;
+  virtualisation = {
+    podman = {
+      enable = true;
+
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+
+  # We cannot use /home since nfs does not support fileattrs needed by podman
+  systemd.tmpfiles.settings = {
+    "podman-users" = lib.mapAttrs' (
+      name: value:
+      lib.nameValuePair ("/var/lib/podman-users/" + name) {
+        d = {
+          group = value.group;
+          mode = value.homeMode;
+          user = name;
+        };
+      }
+    ) (lib.filterAttrs (_: x: x.isNormalUser) config.users.users);
+  };
+
+  # Useful other development tools
+  environment.systemPackages = with pkgs; [
+    dive # look into docker image layers
+    podman-tui # status of containers in the terminal
+    podman-compose # start group of containers for dev
+  ];
+}

overlay.nix

@@ -94,18 +94,12 @@ let
     };
   };
 
-  # For now, only build toplevel packages in CI/Hydra
+  pkgs = filterAttrs (_: isDerivation) bscPkgs;
-  pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs;
 
-  # Native build in that platform doesn't imply cross build works
+  crossTargets = [ "riscv64" ];
-  canCrossCompile = platform: pkg:
+  cross = prev.lib.genAttrs crossTargets (target:
-    (isDerivation pkg) &&
+    final.pkgsCross.${target}.bsc-ci.pkgs
-    # Must be defined explicitly
+  );
-    (pkg.meta.cross or false) &&
-    (meta.availableOn platform pkg);
-
-  # For now only RISC-V
-  crossSet = { riscv64 = final.pkgsCross.riscv64.bsc.pkgsTopLevel; };
 
   buildList = name: paths:
     final.runCommandLocal name { } ''
@@ -119,31 +113,22 @@ let
       printf '%s\n' $deps >$out
     '';
 
-  pkgsList = buildList "ci-pkgs" (builtins.attrValues pkgsTopLevel);
+  crossList = builtins.mapAttrs (t: v: buildList t (builtins.attrValues v)) cross;
-  testsList = buildList "ci-tests" (collect isDerivation tests);
+
-  allList = buildList' "ci-all" [ pkgsList testsList ];
+  pkgsList = buildList "ci-pkgs" (builtins.attrValues pkgs);
-  # For now only RISC-V
+  testList = buildList "ci-tests" (collect isDerivation tests);
-  crossList = buildList "ci-cross"
+
-    (filter
+  all = buildList' "ci-all" [ pkgsList testList ];
-      (canCrossCompile final.pkgsCross.riscv64.stdenv.hostPlatform)
-        (builtins.attrValues crossSet.riscv64));
 
 in bscPkgs // {
-  # Prevent accidental usage of bsc-ci attribute
+  # Prevent accidental usage of bsc attribute
-  bsc-ci = throw "the bsc-ci attribute is deprecated, use bsc.ci";
+  bsc = throw "the bsc attribute is deprecated, packages are now in the root";
 
   # Internal for our CI tests
-  bsc = {
+  bsc-ci = {
-    # CI targets for nix build
+    inherit pkgs pkgsList;
-    ci = { pkgs = pkgsList; tests = testsList; all = allList; cross = crossList; };
+    inherit tests testList;
-
+    inherit cross crossList;
-    # Direct access to package sets
+    inherit all;
-    tests = tests;
-    pkgs = bscPkgs;
-    pkgsTopLevel = pkgsTopLevel;
-    cross = crossSet;
-
-    # Hydra uses attribute sets of pkgs
-    hydraJobs = { tests = tests; pkgs = pkgsTopLevel; cross = crossSet; };
   };
 }

pkgs/extrae/default.nix

@@ -20,7 +20,6 @@
 #, python3Packages
 , installShellFiles
 , symlinkJoin
-, enablePapi ? stdenv.hostPlatform == stdenv.buildPlatform # Disabled when cross-compiling
 }:
 
 let
@@ -88,7 +87,7 @@ stdenv.mkDerivation rec {
       --enable-sampling
       --with-unwind=${libunwind.dev}
       --with-xml-prefix=${libxml2.dev}
-      ${lib.optionalString enablePapi "--with-papi=${papi}"}
+      --with-papi=${papi}
       ${if (mpi != null) then ''--with-mpi=${mpi}''
         else ''--without-mpi''}
       --without-dyninst)

pkgs/lmbench/default.nix

@@ -35,8 +35,6 @@ stdenv.mkDerivation rec {
       CFLAGS=-Wno-implicit-int
       CPPFLAGS=-I${libtirpc.dev}/include/tirpc
       LDFLAGS=-ltirpc
-      CC=$CC
-      AR=$AR
     )
   '';
 

pkgs/nanos6/default.nix

@@ -16,7 +16,6 @@
 , jemallocNanos6 ? null
 , cachelineBytes ? 64
 , enableGlibcxxDebug ? false
-, enablePapi ? stdenv.hostPlatform == stdenv.buildPlatform # Disabled when cross-compiling
 , useGit ? false
 , gitUrl ? "ssh://git@bscpm04.bsc.es/nanos6/nanos6"
 , gitBranch ? "master"
@@ -48,8 +47,6 @@ let
   };
 
   source = if (useGit) then git else release;
-
-  isCross = stdenv.hostPlatform != stdenv.buildPlatform;
 in
   stdenv.mkDerivation (source // {
     pname = "nanos6";
@@ -74,13 +71,9 @@ in
       "--disable-all-instrumentations"
       "--enable-ovni-instrumentation"
       "--with-ovni=${ovni}"
-      "--with-boost=${boost.dev}"
     ] ++
       (optional enableJemalloc "--with-jemalloc=${jemallocNanos6}") ++
-      (optional enableGlibcxxDebug "CXXFLAGS=-D_GLIBCXX_DEBUG") ++
+      (optional enableGlibcxxDebug "CXXFLAGS=-D_GLIBCXX_DEBUG");
-      # Most nanos6 api symbols are resolved at runtime, so prefer
-      # ifunc by default
-      (optional isCross "--with-symbol-resolution=ifunc");
 
     postConfigure = lib.optionalString (!enableDebug) ''
       # Disable debug
@@ -104,14 +97,16 @@ in
       # TODO: papi_version is needed for configure:
       # ./configure: line 27378: papi_version: command not found
       # This probably breaks cross-compilation
-    ] ++ lib.optionals enablePapi [ papi ];
+      papi
+    ];
 
     buildInputs = [
       boost
       numactl
       hwloc
+      papi
       ovni
-    ] ++ lib.optionals enablePapi [ papi ];
+    ];
 
     # Create a script that sets NANOS6_HOME
     postInstall = ''

pkgs/nosv/default.nix

@@ -7,7 +7,7 @@
 , numactl
 , hwloc
 , papi
-, enablePapi ? stdenv.hostPlatform == stdenv.buildPlatform # Disabled when cross-compiling
+, enablePapi ? true
 , cacheline ? 64 # bits
 , ovni ? null
 , useGit ? false

pkgs/ovni/default.nix

@@ -55,7 +55,4 @@ in
     doCheck = true;
     checkTarget = "test";
     hardeningDisable = [ "all" ];
-    meta = {
-      cross = true;
-    };
   }

pkgs/systems.nix

@@ -1,4 +0,0 @@
-# See https://github.com/nix-systems/nix-systems
-[
-  "x86_64-linux"
-]