From f60a50607db5f421fd50cde3534b1ae7ca5f66af Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:21 +0100 Subject: [PATCH 01/12] update-flake.sh: remove support for Nix < 2.19 Nix 2.24 is the default in NixOS 24.11. This is required by the following commit that uses a `flake update` command syntax only supported by Nix >= 2.19. --- helper/update-flake.sh | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/helper/update-flake.sh b/helper/update-flake.sh index 002fd0b..2267c69 100755 --- a/helper/update-flake.sh +++ b/helper/update-flake.sh @@ -39,22 +39,8 @@ if [[ $forceRun ]] && ! git diff --quiet ../flake.{nix,lock}; then exit 1 fi -# Support Nix >=2.19 -{ - versionGreaterThanOrEqual() { - [[ $1 != $(echo -e "$1\n$2" | sort -V | head -n1) || $1 == "$2" ]] - } - nixVersion=$(nix --version | cut -d\ -f 3) - if versionGreaterThanOrEqual "$nixVersion" 2.19; then - # https://nixos.org/manual/nix/stable/release-notes/rl-2.19#:~:text=nix%20flake%20update - nixUpdateArg=--flake - else - nixUpdateArg= - fi -} - echo "Updating flake 'nixos-search'" -nix flake update $nixUpdateArg ../test/nixos-search +nix flake update --flake ../test/nixos-search echo versions=$(nix eval --json -f update-flake.nix versions) @@ -66,7 +52,7 @@ echo "Updating main flake" if [[ $nixosVersion ]]; then sed -Ei "s|(nixpkgs.url = .*nixos-)[^\"]+|\1$nixosVersion|" ../flake.nix fi -nix flake update $nixUpdateArg .. +nix flake update --flake .. echo nix eval --raw -f update-flake.nix --argstr prevVersions "$versions" showUpdates; echo From ba46d20a25e641b77b92d06d6804278f6b6e1411 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:22 +0100 Subject: [PATCH 02/12] update-flake.sh: add workflow for updating the NixOS version --- dev/README.md | 3 +-- helper/update-flake.sh | 16 +++++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/dev/README.md b/dev/README.md index 0e37eb3..522f106 100644 --- a/dev/README.md +++ b/dev/README.md @@ -97,8 +97,7 @@ It's easiest to use an existing service as a template: Most other services use packages that are already included in nixpkgs. ## Switching to a new NixOS release - -- [flake.nix](../flake.nix): update `nixpkgs.url` +- Run command `update-flake.sh 24.11` - [cirrus.yml](../.cirrus.yml): update toplevel container -> image attribute - [examples/configuration.nix](../examples/configuration.nix): update `system.stateVersion` - [examples/flakes/flake.nix](../examples/flakes/flake.nix): update `inputs.nix-bitcoin.url` diff --git a/helper/update-flake.sh b/helper/update-flake.sh index 2267c69..62b771a 100755 --- a/helper/update-flake.sh +++ b/helper/update-flake.sh @@ -2,7 +2,9 @@ set -euo pipefail # This script does the following: -# - Update all flake inputs, including nixpkgs +# - When called without arguments, update all flake inputs, including nixpkgs. +# - When called with a version argument, set input `nixpkgs` in `flake.nix` to the +# specified version and only update this input. # - Print version updates of pinned pkgs like so: # Pkg updates in nixpkgs unstable: # bitcoin: 0.20.0 -> 0.21.1 @@ -39,9 +41,11 @@ if [[ $forceRun ]] && ! git diff --quiet ../flake.{nix,lock}; then exit 1 fi -echo "Updating flake 'nixos-search'" -nix flake update --flake ../test/nixos-search -echo +if [[ ! $nixosVersion ]]; then + echo "Updating flake 'nixos-search'" + nix flake update --flake ../test/nixos-search + echo +fi versions=$(nix eval --json -f update-flake.nix versions) @@ -51,8 +55,10 @@ versions=$(nix eval --json -f update-flake.nix versions) echo "Updating main flake" if [[ $nixosVersion ]]; then sed -Ei "s|(nixpkgs.url = .*nixos-)[^\"]+|\1$nixosVersion|" ../flake.nix + nix flake update nixpkgs --flake .. +else + nix flake update --flake .. fi -nix flake update --flake .. echo nix eval --raw -f update-flake.nix --argstr prevVersions "$versions" showUpdates; echo From a3ded4cf7461e49b2b4f077a8924cf030ad8363b Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:23 +0100 Subject: [PATCH 03/12] update to NixOS 24.11 --- .cirrus.yml | 2 +- examples/configuration.nix | 2 +- examples/flakes/flake.nix | 2 +- flake.lock | 8 ++++---- flake.nix | 2 +- pkgs/pinned.nix | 15 ++++++++------- 6 files changed, 16 insertions(+), 15 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index ec1a317..058ea3e 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -9,7 +9,7 @@ task: container: # Defined in https://github.com/nix-community/docker-nixpkgs - image: nixpkgs/nix-flakes:nixos-24.05 + image: nixpkgs/nix-flakes:nixos-24.11 matrix: - name: modules_test diff --git a/examples/configuration.nix b/examples/configuration.nix index f4871a9..0f4918f 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -318,7 +318,7 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? + system.stateVersion = "24.11"; # Did you read the comment? # The nix-bitcoin release version that your config is compatible with. # When upgrading to a backwards-incompatible release, nix-bitcoin will display an diff --git a/examples/flakes/flake.nix b/examples/flakes/flake.nix index d273cee..63b69c4 100644 --- a/examples/flakes/flake.nix +++ b/examples/flakes/flake.nix @@ -10,7 +10,7 @@ inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release"; # You can also use a version branch to track a specific NixOS release - # inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/nixos-24.05"; + # inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/nixos-24.11"; inputs.nixpkgs.follows = "nix-bitcoin/nixpkgs"; inputs.nixpkgs-unstable.follows = "nix-bitcoin/nixpkgs-unstable"; diff --git a/flake.lock b/flake.lock index 72117e1..0381945 100644 --- a/flake.lock +++ b/flake.lock @@ -43,16 +43,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732749044, - "narHash": "sha256-T38FQOg0BV5M8FN1712fovzNakSOENEYs+CSkg31C9Y=", + "lastModified": 1733808091, + "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0c5b4ecbed5b155b705336aa96d878e55acd8685", + "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 04c4a24..b78e459 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ ''; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-utils.url = "github:numtide/flake-utils"; extra-container = { diff --git a/pkgs/pinned.nix b/pkgs/pinned.nix index c113af0..4bf6082 100644 --- a/pkgs/pinned.nix +++ b/pkgs/pinned.nix @@ -2,24 +2,25 @@ pkgs: pkgsUnstable: { inherit (pkgs) - charge-lnd - elementsd - extra-container - lightning-pool - lndconnect; - - inherit (pkgsUnstable) bitcoin bitcoind btcpayserver + charge-lnd clboss clightning electrs + elementsd + extra-container fulcrum hwi lightning-loop + lightning-pool lnd + lndconnect nbxplorer; + inherit (pkgsUnstable) + ; + inherit pkgs pkgsUnstable; } From 3ce3a000b255da3a6c82f16e27b87c5d1b30f51a Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:24 +0100 Subject: [PATCH 04/12] modules: update to NixOS 24.11 --- modules/netns-isolation.nix | 2 +- test/clightning-replication.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix index a521d58..602eb7f 100644 --- a/modules/netns-isolation.nix +++ b/modules/netns-isolation.nix @@ -91,7 +91,7 @@ let enabledServices = filterAttrs (n: v: isEnabled n) cfg.services; isEnabled = x: config.services.${x}.enable; - ip = "${pkgs.iproute}/bin/ip"; + ip = "${pkgs.iproute2}/bin/ip"; iptables = "${config.networking.firewall.package}/bin/iptables"; bridgeIp = "169.254.${toString cfg.addressblock}.10"; diff --git a/test/clightning-replication.nix b/test/clightning-replication.nix index 729dd85..65382ea 100644 --- a/test/clightning-replication.nix +++ b/test/clightning-replication.nix @@ -14,6 +14,8 @@ let clientBaseConfig = { imports = [ ../modules/modules.nix ]; + system.switch.enable = true; + nixpkgs.pkgs = pkgs; nix-bitcoin.generateSecrets = true; From c66a6aab3abcbd6e8da9e2302f997991b347abe6 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:25 +0100 Subject: [PATCH 05/12] python3Packages.joinmarket: allow Python 3.12 Python 3.12 is the default in Nixos 24.11. All tests succeed with Python 3.12. Context: Related issue: https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/1589 This issue contains no hints on what changes caused joinmarket to be incompatible/compatible with Python 3.12. The restriction to Python <3.12 was added here (https://github.com/JoinMarket-Org/joinmarket-clientserver/pull/1587) in Oct 2023. This post (https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/1589#issuecomment-2119278070) in the above issue mentions on 2024-05-19 that tests are running again with Python 3.12. The current joinmarket version (0.9.11) was released on 2024-02-22. --- pkgs/python-packages/joinmarket/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkgs/python-packages/joinmarket/default.nix b/pkgs/python-packages/joinmarket/default.nix index 854f1e5..d524282 100644 --- a/pkgs/python-packages/joinmarket/default.nix +++ b/pkgs/python-packages/joinmarket/default.nix @@ -29,9 +29,8 @@ buildPythonPackage rec { inherit version src; format = "pyproject"; - # Since v0.9.11, Python older than v3.8 is not supported. Python v3.12 is - # still not supported. - disabled = (pythonOlder "3.8") || (pythonAtLeast "3.12"); + # Since v0.9.11, Python older than v3.8 is not supported. + disabled = pythonOlder "3.8"; nativeBuildInputs = [ setuptools From 8af7fc4b80f8fa00fe702976779f070daafa55b7 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:26 +0100 Subject: [PATCH 06/12] python3Packages.joinmarket: update to NixOS 24.11 - Cryptography contains no relevant backwards-incompatible changes https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#4300---2024-07-20 - Txtorcon 24.8.0 is a minor maintenance release: https://github.com/meejah/txtorcon/releases/tag/v24.8.0 --- pkgs/python-packages/joinmarket/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/python-packages/joinmarket/default.nix b/pkgs/python-packages/joinmarket/default.nix index d524282..2cdbb55 100644 --- a/pkgs/python-packages/joinmarket/default.nix +++ b/pkgs/python-packages/joinmarket/default.nix @@ -74,9 +74,10 @@ buildPythonPackage rec { postPatch = '' substituteInPlace pyproject.toml \ - --replace-fail 'twisted==23.10.0' 'twisted==24.3.0' \ + --replace-fail 'twisted==23.10.0' 'twisted==24.7.0' \ --replace-fail 'service-identity==21.1.0' 'service-identity==24.1.0' \ - --replace-fail 'cryptography==41.0.6' 'cryptography==42.0.5' + --replace-fail 'cryptography==41.0.6' 'cryptography==43.0.1' \ + --replace-fail 'txtorcon==23.11.0' 'txtorcon==24.8.0' \ # Modify pyproject.toml to include only specific modules. Do not include 'jmqtui'. sed -i '/^\[tool.setuptools.packages.find\]/a include = ["jmbase", "jmbitcoin", "jmclient", "jmdaemon"]' pyproject.toml From dc8f969eea9e27c4731fdfc929b5d35d46703de5 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:27 +0100 Subject: [PATCH 07/12] python3Packages.pyln-proto: update to NixOS 24.11 Cryptography contains no relevant backwards-incompatible changes: https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#4300---2024-07-20 --- pkgs/python-packages/pyln-proto/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/python-packages/pyln-proto/default.nix b/pkgs/python-packages/pyln-proto/default.nix index cde5e44..98f7d6b 100644 --- a/pkgs/python-packages/pyln-proto/default.nix +++ b/pkgs/python-packages/pyln-proto/default.nix @@ -29,4 +29,9 @@ buildPythonPackage rec { checkInputs = [ pytestCheckHook ]; postUnpack = "sourceRoot=$sourceRoot/contrib/pyln-proto"; + + postPatch = '' + substituteInPlace pyproject.toml \ + --replace-fail 'cryptography = "^42"' 'cryptography = "43.0.1"' + ''; } From b78116b0da6c76d310ba08fc195cf0dc4de26fc5 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:28 +0100 Subject: [PATCH 08/12] python3Packages.clnrest: use `--replace-fail` --- pkgs/python-packages/clnrest/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/python-packages/clnrest/default.nix b/pkgs/python-packages/clnrest/default.nix index 7f0e204..e24db0e 100644 --- a/pkgs/python-packages/clnrest/default.nix +++ b/pkgs/python-packages/clnrest/default.nix @@ -26,8 +26,8 @@ let postPatch = '' substituteInPlace pyproject.toml \ - --replace 'gevent = "^23.9.0.post1"' 'gevent = "24.2.1"' \ - --replace 'flask = "^2.3.3"' 'flask = "3.0.3"' + --replace-fail 'gevent = "^23.9.0.post1"' 'gevent = "24.2.1"' \ + --replace-fail 'flask = "^2.3.3"' 'flask = "3.0.3"' # Add extra required src files that are missing in pyproject.toml sed -i '/authors/a include = [ { path = "utilities", format = ["sdist", "wheel"] } ]' pyproject.toml From d6bae0a9ebd742df868138e142c069ac65dfca24 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:29 +0100 Subject: [PATCH 09/12] python3Packages.clnrest: update to NixOS 24.11 Gunicorn 22 and 23 mostly include security fixes: https://github.com/benoitc/gunicorn/releases --- pkgs/python-packages/clnrest/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/python-packages/clnrest/default.nix b/pkgs/python-packages/clnrest/default.nix index e24db0e..9a45c04 100644 --- a/pkgs/python-packages/clnrest/default.nix +++ b/pkgs/python-packages/clnrest/default.nix @@ -27,6 +27,7 @@ let postPatch = '' substituteInPlace pyproject.toml \ --replace-fail 'gevent = "^23.9.0.post1"' 'gevent = "24.2.1"' \ + --replace-fail 'gunicorn = "^21.2.0"' 'gunicorn = "23.0.0"' \ --replace-fail 'flask = "^2.3.3"' 'flask = "3.0.3"' # Add extra required src files that are missing in pyproject.toml From 09ba739719cc763286d19fca11222bac658b0a40 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:30 +0100 Subject: [PATCH 10/12] nbxplorer: remove deprecated option Fixes this warning: Explorer: Options 'automigrate' is obsolete and ignored... --- modules/btcpayserver.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/btcpayserver.nix b/modules/btcpayserver.nix index 2ea7e0e..97bbc87 100644 --- a/modules/btcpayserver.nix +++ b/modules/btcpayserver.nix @@ -168,7 +168,6 @@ in { lbtcnodeendpoint=${nbLib.addressWithPort liquidd.address liquidd.whitelistedPort} ''} postgres=User ID=${cfg.nbxplorer.user};Host=/run/postgresql;Database=nbxplorer - automigrate=1 ''; in rec { wantedBy = [ "multi-user.target" ]; From 2d53b57636f32862567ea2a658ba7db1d93d3614 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:31 +0100 Subject: [PATCH 11/12] tests.py: fix syntax warning Fixes this warning from the NixOS VM test script linter: SyntaxWarning: invalid escape sequence '\[' --- test/tests.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/tests.py b/test/tests.py index 4dee84c..fb0fe05 100644 --- a/test/tests.py +++ b/test/tests.py @@ -452,10 +452,10 @@ def _(): def expect_clightning_log(str): machine.wait_until_succeeds(log_has_string("clightning", str)) - expect_clightning_log("plugin-trustedcoin[^^]\[0m\s+bitcoind RPC working") + expect_clightning_log(r"plugin-trustedcoin\b.*?\bbitcoind RPC working") if "regtest" in enabled_tests: num_blocks = test_data["num_blocks"] - expect_clightning_log(f"plugin-trustedcoin[^^]\[0m\s+returning block {num_blocks}") + expect_clightning_log(rf"plugin-trustedcoin\b.*?\breturning block {num_blocks}") if "netns-isolation" in enabled_tests: From b5e5974b8a14596280571761eb75c6de957ab9dc Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 13 Dec 2024 23:21:32 +0100 Subject: [PATCH 12/12] flake: update extra-container Adds support for NixOS 24.11 --- flake.lock | 7 ++++--- flake.nix | 2 +- test/lib/extra-container-check-version.sh | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0381945..baba37f 100644 --- a/flake.lock +++ b/flake.lock @@ -10,15 +10,16 @@ ] }, "locked": { - "lastModified": 1722175938, - "narHash": "sha256-HKyB4HD+NdX3T233bY31hm76v3/tdQBNeLLvopKbZeY=", + "lastModified": 1734005403, + "narHash": "sha256-vgh3TqfkFdnPxREBedw4MQehIDc3N8YyxBOB45n+AvU=", "owner": "erikarvstedt", "repo": "extra-container", - "rev": "37e7207ac9f857eedb58b208b9dc91cd6b24e651", + "rev": "f4de6c329b306a9d3a9798a30e060c166f781baa", "type": "github" }, "original": { "owner": "erikarvstedt", + "ref": "0.13", "repo": "extra-container", "type": "github" } diff --git a/flake.nix b/flake.nix index b78e459..b5dd486 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; flake-utils.url = "github:numtide/flake-utils"; extra-container = { - url = "github:erikarvstedt/extra-container"; + url = "github:erikarvstedt/extra-container/0.13"; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; diff --git a/test/lib/extra-container-check-version.sh b/test/lib/extra-container-check-version.sh index 1daf42e..a78a0bd 100644 --- a/test/lib/extra-container-check-version.sh +++ b/test/lib/extra-container-check-version.sh @@ -1,7 +1,7 @@ containerBin=$(type -P extra-container) || true -if [[ ! ($containerBin && $(realpath "$containerBin") == *extra-container-0.12*) ]]; then +if [[ ! ($containerBin && $(realpath "$containerBin") == *extra-container-0.13*) ]]; then echo - echo "Building extra-container. Skip this step by adding extra-container 0.12 to PATH." + echo "Building extra-container. Skip this step by adding extra-container 0.13 to PATH." nix build --out-link /tmp/extra-container "${BASH_SOURCE[0]%/*}"/../..#extra-container # When this script is run as root, e.g. when run in an extra-container shell, # chown the gcroot symlink to the regular (login) user so that the symlink can be