The previous pin's pnpm-lock.yaml drifted between snapshots; the
cached fetchPnpmDeps output was stale on hosts without a warmed
store, causing ERR_PNPM_NO_OFFLINE_TARBALL on remote builders.
Recomputed via nix build with empty hash, captured the 'got:'
value.
Picks up oleks/gitea#2 (user-scope and org-scope project board REST
endpoints under /api/v1/users/{username}/projects/... and
/api/v1/orgs/{org}/projects/...) plus the missing MoveProjectIssue
test for repo scope.
Single-derivation pnpm/Turbo monorepo build producing:
- metamcp full orchestrator (waits for PG, runs drizzle
migrations, launches backend :12009 + frontend :12008)
- metamcp-backend bare backend launcher
- metamcp-frontend Next.js standalone server.js launcher
Notes:
- Upstream pins packageManager: pnpm@9.0.0; rewrite to match the nixpkgs
pnpm (Turbo requires the field but won't fight a matching version).
- Frontend uses next.config 'output: standalone'; we copy .next/static
and public/ into the standalone tree since Next doesn't.
- HOSTNAME defaults to 0.0.0.0 (override with METAMCP_HOSTNAME) — Next
standalone otherwise inherits the system hostname and is unreachable
on 127.0.0.1.
Add the renamed gitea-local-fork derivation to the Woodpecker
build matrix on x86_64 and aarch64 (the only platforms the
derivation supports — see flake.nix). Resulting closure is
pushed to attic-infra-cache-k3s-1 so subsequent
`just gitea-run` invocations resolve from cache rather than
recompile Go 1.26.3 locally.
The fork tracked by this derivation is no longer a single-feature
branch ("feat/projects-api") but the integration tip of Oleks's
local gitea fork ($HOME/projects/gitea, branch oleks/main), carrying
upstream/main + PR #37518 Projects REST API + a CI gate + fork-local
commits. Reflect the broader scope in the package and attribute name,
and document the local fork path + branch in the derivation header.
A single-workflow with steps spanning amd64 and arm64 shares one
PVC. The clone step binds the PV to whichever arch ran first, and
the other arch's pod is then permanently Unschedulable (node
affinity mismatch on the PV). Splitting into separate workflow
files gives each arch its own clone, its own PVC, and its own node
binding.
Refactor so `src` is a direct `fetchgit` (instead of a wrapper drv), and
move the package.json engine-strip into a `frontendSrc` derivation that
only fetchPnpmDeps sees. nix-update needs to introspect `src.url` and
`src.rev`; the previous wrapper hid them.
Expose `frontend.pnpmDeps` via passthru so nix-update finds the third
hash. Now `just gitea-update` does the full cycle:
1. git ls-remote → latest commit on feat/projects-api
2. set src.hash / pnpmDeps.hash / goModules.vendorHash to fakeHash
3. nix-build each to capture real hashes
4. nom build the package for final verification
nix-update rewrites version to nixpkgs `<tag>-unstable-<date>` style. Lose
the descriptive "-projects-api" suffix in the version, but pname is
unchanged so store paths still read `gitea-projects-api-*`.
Builds oleks/gitea feat/projects-api (Gitea 1.27.0-dev + Projects REST API)
as `nix build .#gitea-projects-api`. Exposes `out` (binary) and `data`
(templates, options, frontend bundle, locale files) matching the layout
nixpkgs' `services.gitea` module expects.
Notes:
- Pins Go 1.26.3 (built from upstream src) because the fork's go.mod
requires it, while pinned nixpkgs only has 1.26.0.
- Patches package.json to drop engines.pnpm before fetchPnpmDeps runs:
gitea wants pnpm >= 11, but nixpkgs only packages pnpm 10. The
pnpm-lock.yaml is v9 (forward-compatible) so pnpm 10 produces the
same install closure.
- Platforms: x86_64-linux, aarch64-linux (skipped on s390x cross since
the frontend pnpm step has no s390x toolchain).
Pipeline #41 died with exit 127 on `free -h` — procps isn't in the
nix-ci image. New info() helper runs the command and ignores the exit
code, so missing tools no longer abort the build. Also switched to
/proc/meminfo since it's always available on Linux.
google-antigravity pulls in google-chrome, which transitively builds
liberation-fonts; fontforge segfaults while generating the .ttf files
(pipeline #40). Package definitions stay in the flake for local
builds — re-enable in CI once upstream fontforge is fixed.
setup.sh now traces each command (set -ex) so /etc/hosts, nix.conf,
and netrc setup are visible in pipeline logs.
build.py replaces capture() with a streaming build() helper for
nix builds: stderr is inherited (live --print-build-logs output)
while stdout is captured for the out path. Also dumps nix version,
uname, disk, and memory at the start so failures have context.
s390x had no dedicated builder and ran as a cross-compile pinned to
amd64 via nodeSelector, colliding with the x86_64-linux step on the
same node — Woodpecker's k8s backend couldn't create the per-step
secret twice and the workflow failed with either "secrets already
exists" or "Canceled". Disable until a real s390x builder is wired up.
Step names now match the kubernetes.io/arch label they target; the
ci/build.py argument keeps the Nix system tuple (x86_64-linux,
aarch64-linux).
- packages/xontribs.nix: xontrib-prompt-starship, -broot, -term-integrations
wheels for use with `programs.xonsh.extraPackages` (or xonsh.override)
- packages/hyprspace.nix + hyprspace flake input (flake=false): rebuild
plugin against the consumer's hyprland; exposed via overlays.hyprspace
- overlays/gcc15-fixes.nix: hotdoc/kitty/libsecret/xdg-desktop-portal/afdko
workarounds so fleet nodes on the same pin can opt in with one line
- flake.nix: lift overlays out of eachSystem to the root (overlays.default
was previously nested per-system, which doesn't match flake schema)
- packages/xontribs.nix: xontrib-prompt-starship, -broot, -term-integrations
wheels for use with `programs.xonsh.extraPackages` (or xonsh.override)
- packages/hyprspace.nix + hyprspace flake input (flake=false): rebuild
plugin against the consumer's hyprland; exposed via overlays.hyprspace
- overlays/gcc15-fixes.nix: hotdoc/kitty/libsecret/xdg-desktop-portal/afdko
workarounds so fleet nodes on the same pin can opt in with one line
- flake.nix: lift overlays out of eachSystem to the root (overlays.default
was previously nested per-system, which doesn't match flake schema)
Move attic-client s390x cross-compilation from building/s390x/attic-client-s390x
and geesefs from building/s390x/geesefs-s390x into flake-hub. Replace ci/build.sh
with ci/build.xsh. All packages now built and pushed to attic via the existing
Woodpecker pipeline on push to main.
Oleks
oleks