Lift the s390x rustc symlink_file patch overlay into overlays.s390xRustcSymlink
so nixos-ci consumes one definition (patch travels with it) instead of
duplicating it. Add nixfmt-rfc-style formatter. Refresh fleet-pins + parity
inputs to HEAD so the lock collapses to a single nixpkgs (1c3fe55).
Replace the bespoke ci/publish.py attic-push logic with parity-lib's
mkAtticClosurePublish builder (attic-closure archetype, cluster#104,
emmett#44). Adds the parity input (locked at d265a79) and wires the
per-arch package closures through builders.mkAtticClosurePublish, with
the endpoint (nix-cache-upload.oleks.space) and passEntry
(infra/attic/ci_token) overridden so the attic push is byte-for-byte the
pre-parity behaviour.
.woodpecker/{amd64,arm64}.yaml thinned to PUBLISH=1 nix run .#publish /
.#publish-aarch64-linux so CI and a local run share one audited impl.
Dead ci/publish.py + ci/build.py removed.
pipeline-doctor: 9 passed / 0 failed / 0 warned.
attic-closure archetype: no parity-lib builder exists for attic pushes, so
wrap the existing per-arch package build in ci/publish.py (woodpecker-peek
pattern) and expose `nix run .#{stage,publish}-amd64` + `.#publish`.
Two-halves rule: STAGE nix-builds every package in the arch list into the
local store (emmett-buildable); PUBLISH additionally attic-pushes each
closure. Local runs DRY-RUN unless --push/PUBLISH=1; CI sets PUBLISH=1.
The .woodpecker/{amd64,arm64}.yaml now call the same ci/publish.py so CI
and local runs can't drift. arm64 stays node-bound (no emmett cross path),
so it has no local-parity app. ci/build.py becomes a forwarding shim.
Adds mcp-chrome as a flake input (mirroring the woodpecker-peek pattern)
and re-exposes two packages: mcp-chrome-wasm-simd (proven green, ~22 s)
and mcp-chrome-extension (KNOWN-BROKEN under nix-daemon; exposed for
local builds but kept out of the CI matrix to avoid red pipelines).
CI warms attic with mcp-chrome-wasm-simd on x86_64-linux and aarch64-linux
only; s390x cross and Darwin are out of scope.
Closesoleks/mcp-chrome#5.
Re-exposes oleks/woodpecker-peek as packages.<sys>.woodpecker-peek for
x86_64-linux and aarch64-linux, and adds it to ci/build.py so the
amd64/arm64 workflows push the closure to attic-infra-cache-k3s-1.
Consumers (emmett) then set services.woodpecker-peek.package = pkgs.woodpecker-peek
and pull the cached binary instead of rebuilding.
Adds nix-deps as an input following our nixpkgs and re-exports its
package via mkPackages (gated to native x86_64/aarch64, since its
flake only emits eachDefaultSystem and would break the s390x cross).
Also adds .gitignore for build result symlinks.
Single-derivation pnpm/Turbo monorepo build producing:
- metamcp full orchestrator (waits for PG, runs drizzle
migrations, launches backend :12009 + frontend :12008)
- metamcp-backend bare backend launcher
- metamcp-frontend Next.js standalone server.js launcher
Notes:
- Upstream pins packageManager: pnpm@9.0.0; rewrite to match the nixpkgs
pnpm (Turbo requires the field but won't fight a matching version).
- Frontend uses next.config 'output: standalone'; we copy .next/static
and public/ into the standalone tree since Next doesn't.
- HOSTNAME defaults to 0.0.0.0 (override with METAMCP_HOSTNAME) — Next
standalone otherwise inherits the system hostname and is unreachable
on 127.0.0.1.
The fork tracked by this derivation is no longer a single-feature
branch ("feat/projects-api") but the integration tip of Oleks's
local gitea fork ($HOME/projects/gitea, branch oleks/main), carrying
upstream/main + PR #37518 Projects REST API + a CI gate + fork-local
commits. Reflect the broader scope in the package and attribute name,
and document the local fork path + branch in the derivation header.
Builds oleks/gitea feat/projects-api (Gitea 1.27.0-dev + Projects REST API)
as `nix build .#gitea-projects-api`. Exposes `out` (binary) and `data`
(templates, options, frontend bundle, locale files) matching the layout
nixpkgs' `services.gitea` module expects.
Notes:
- Pins Go 1.26.3 (built from upstream src) because the fork's go.mod
requires it, while pinned nixpkgs only has 1.26.0.
- Patches package.json to drop engines.pnpm before fetchPnpmDeps runs:
gitea wants pnpm >= 11, but nixpkgs only packages pnpm 10. The
pnpm-lock.yaml is v9 (forward-compatible) so pnpm 10 produces the
same install closure.
- Platforms: x86_64-linux, aarch64-linux (skipped on s390x cross since
the frontend pnpm step has no s390x toolchain).
- packages/xontribs.nix: xontrib-prompt-starship, -broot, -term-integrations
wheels for use with `programs.xonsh.extraPackages` (or xonsh.override)
- packages/hyprspace.nix + hyprspace flake input (flake=false): rebuild
plugin against the consumer's hyprland; exposed via overlays.hyprspace
- overlays/gcc15-fixes.nix: hotdoc/kitty/libsecret/xdg-desktop-portal/afdko
workarounds so fleet nodes on the same pin can opt in with one line
- flake.nix: lift overlays out of eachSystem to the root (overlays.default
was previously nested per-system, which doesn't match flake schema)
- packages/xontribs.nix: xontrib-prompt-starship, -broot, -term-integrations
wheels for use with `programs.xonsh.extraPackages` (or xonsh.override)
- packages/hyprspace.nix + hyprspace flake input (flake=false): rebuild
plugin against the consumer's hyprland; exposed via overlays.hyprspace
- overlays/gcc15-fixes.nix: hotdoc/kitty/libsecret/xdg-desktop-portal/afdko
workarounds so fleet nodes on the same pin can opt in with one line
- flake.nix: lift overlays out of eachSystem to the root (overlays.default
was previously nested per-system, which doesn't match flake schema)
Move attic-client s390x cross-compilation from building/s390x/attic-client-s390x
and geesefs from building/s390x/geesefs-s390x into flake-hub. Replace ci/build.sh
with ci/build.xsh. All packages now built and pushed to attic via the existing
Woodpecker pipeline on push to main.
Use fetchFromGitHub with tag = version so the version string and
source are inherently linked via rec. Adds .woodpecker.yaml to
build all flake packages on tag push.
Oleks