rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: split mediaserver onto nixos-25.11, keep desktops on unstable

Browse source 
The mediaserver kept hard-freezing on local builds (gnupg, openldap,
deno/rusty-v8) whenever a fresh unstable revision outran Hydra's
binary cache. It doesn't need bleeding-edge packages — every service
it runs is mature enough that 6-month-old versions are fine — so move
it onto the stable channel where the cache is essentially always
warm. Gaming and Macbook stay on unstable for fresh GPU/kernel work.

Implementation: add nixpkgs-stable + home-manager-stable inputs,
parameterise mkHost to accept a (nixpkgs, home-manager) pair.

Drive-by:
- Switch homepage.nix from environmentFiles (plural, unstable-only)
  to environmentFile (singular, present on both channels).
- Gate the openldap-skip-tests overlay to non-mediaserver hosts so
  it doesn't force a local rebuild on stable, where openldap is
  always cached.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
ediblerope 2026-04-29 13:26:07 +01:00
parent 47a72a0a81
commit 34a45af357
4 changed files with 85 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

10
common.nix
View file

@ -85,11 +85,11 @@
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# openldap 2.6.13's test017-syncreplication-refresh is timing-flaky and
# fails reliably on local builds when the binary cache hasn't yet served
# the upstream-built artifact. Skip its test phase. Remove this overlay
# once Hydra's substituter has populated openldap for the pinned nixpkgs.
nixpkgs.overlays = [
# openldap 2.6.13's test017-syncreplication-refresh is timing-flaky on
# unstable's freshly-bumped revisions before Hydra has cached them. The
# mediaserver runs on the stable channel where openldap is always cached,
# so don't change its hash there — that would force a local rebuild.
nixpkgs.overlays = lib.optionals (config.networking.hostName != "FredOS-Mediaserver") [
(final: prev: {
openldap = prev.openldap.overrideAttrs (_: { doCheck = false; });
})

39
flake.lock generated
View file

@ -86,6 +86,27 @@
"type": "github"
}
},
"home-manager-stable": {
"inputs": {
"nixpkgs": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1775425411,
"narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"nix-cachyos-kernel": {
"inputs": {
"cachyos-kernel": "cachyos-kernel",
@ -140,6 +161,22 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1777077449,
"narHash": "sha256-AIiMJiqvGrN4HyLEbKAoCSRRYn0rnlW5VbKNIMIYqm4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a4bf06618f0b5ee50f14ed8f0da77d34ecc19160",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1777268161,
@ -159,8 +196,10 @@
"root": {
"inputs": {
"home-manager": "home-manager",
"home-manager-stable": "home-manager-stable",
"nix-cachyos-kernel": "nix-cachyos-kernel",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable",
"zen-browser": "zen-browser"
}
},

60
flake.nix
View file

@ -1,11 +1,21 @@
{
description = "FredOS NixOS configuration";
inputs = {
# Unstable: gaming desktop & laptop want bleeding-edge GPU/kernel updates.
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# Stable: mediaserver values cache hit-rate over fresh packages so it
# doesn't have to compile gnupg/openldap/v8 locally on every flake bump.
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-stable = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
zen-browser = {
url = "github:0xc000022070/zen-browser-flake";
inputs = {
@ -13,27 +23,37 @@
home-manager.follows = "home-manager";
};
};
nix-cachyos-kernel.url = "github:xddxdd/nix-cachyos-kernel/release";
};
outputs = { self, nixpkgs, home-manager, zen-browser, nix-cachyos-kernel, ... } @ inputs:
let
system = "x86_64-linux";
mkHost = hostname: nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
./hosts/${hostname}.nix
./hosts/hardware/${hostname}.nix
./common.nix
home-manager.nixosModules.home-manager
];
outputs =
{ self
, nixpkgs
, nixpkgs-stable
, home-manager
, home-manager-stable
, zen-browser
, nix-cachyos-kernel
, ...
} @ inputs:
let
system = "x86_64-linux";
mkHost = hostname: pkgsInput: hmInput: pkgsInput.lib.nixosSystem {
inherit system;
specialArgs = { inherit inputs; };
modules = [
./hosts/${hostname}.nix
./hosts/hardware/${hostname}.nix
./common.nix
hmInput.nixosModules.home-manager
];
};
in
{
nixosConfigurations = {
FredOS-Gaming = mkHost "FredOS-Gaming" nixpkgs home-manager;
FredOS-Mediaserver = mkHost "FredOS-Mediaserver" nixpkgs-stable home-manager-stable;
FredOS-Macbook = mkHost "FredOS-Macbook" nixpkgs home-manager;
};
};
in {
nixosConfigurations = {
FredOS-Gaming = mkHost "FredOS-Gaming";
FredOS-Mediaserver = mkHost "FredOS-Mediaserver";
FredOS-Macbook = mkHost "FredOS-Macbook";
};
};
}

2
services/homepage.nix
View file

@ -118,7 +118,7 @@ in
allowedHosts = "localhost:8082,127.0.0.1:8082,homepage.nordhammer.it";
# API keys auto-extracted by homepage-extract-secrets.service
environmentFiles = [ "/etc/homepage-secrets" ];
environmentFile = "/etc/homepage-secrets";
settings = {
title = "FredOS Mediaserver";