Fetch flake-registry.json from channels.nixos.org
Using fastly is slightly faster, provides some resilience due to a high stale TTL, and allows some usage metrics.
This commit is contained in:
parent
3c57db1a0f
commit
4b6cc3da62
|
@ -70,7 +70,7 @@ struct FetchSettings : public Config
|
||||||
Setting<bool> warnDirty{this, true, "warn-dirty",
|
Setting<bool> warnDirty{this, true, "warn-dirty",
|
||||||
"Whether to warn about dirty Git/Mercurial trees."};
|
"Whether to warn about dirty Git/Mercurial trees."};
|
||||||
|
|
||||||
Setting<std::string> flakeRegistry{this, "https://github.com/NixOS/flake-registry/raw/master/flake-registry.json", "flake-registry",
|
Setting<std::string> flakeRegistry{this, "https://channels.nixos.org/flake-registry.json", "flake-registry",
|
||||||
"Path or URI of the global flake registry."};
|
"Path or URI of the global flake registry."};
|
||||||
|
|
||||||
Setting<bool> useRegistries{this, true, "use-registries",
|
Setting<bool> useRegistries{this, true, "use-registries",
|
||||||
|
|
|
@ -7,7 +7,7 @@ with import (nixpkgs + "/nixos/lib/testing-python.nix") {
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
# Generate a fake root CA and a fake github.com certificate.
|
# Generate a fake root CA and a fake api.github.com / channels.nixos.org certificate.
|
||||||
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
|
cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
|
||||||
''
|
''
|
||||||
mkdir -p $out
|
mkdir -p $out
|
||||||
|
@ -18,7 +18,7 @@ let
|
||||||
|
|
||||||
openssl req -newkey rsa:2048 -nodes -keyout $out/server.key \
|
openssl req -newkey rsa:2048 -nodes -keyout $out/server.key \
|
||||||
-subj "/C=CN/ST=Denial/L=Springfield/O=Dis/CN=github.com" -out server.csr
|
-subj "/C=CN/ST=Denial/L=Springfield/O=Dis/CN=github.com" -out server.csr
|
||||||
openssl x509 -req -extfile <(printf "subjectAltName=DNS:api.github.com,DNS:github.com,DNS:raw.githubusercontent.com") \
|
openssl x509 -req -extfile <(printf "subjectAltName=DNS:api.github.com,DNS:channels.nixos.org") \
|
||||||
-days 36500 -in server.csr -CA $out/ca.crt -CAkey ca.key -CAcreateserial -out $out/server.crt
|
-days 36500 -in server.csr -CA $out/ca.crt -CAkey ca.key -CAcreateserial -out $out/server.crt
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -67,7 +67,7 @@ makeTest (
|
||||||
name = "github-flakes";
|
name = "github-flakes";
|
||||||
|
|
||||||
nodes =
|
nodes =
|
||||||
{ # Impersonate github.com and api.github.com.
|
{
|
||||||
github =
|
github =
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{ networking.firewall.allowedTCPPorts = [ 80 443 ];
|
{ networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
@ -77,12 +77,12 @@ makeTest (
|
||||||
services.httpd.extraConfig = ''
|
services.httpd.extraConfig = ''
|
||||||
ErrorLog syslog:local6
|
ErrorLog syslog:local6
|
||||||
'';
|
'';
|
||||||
services.httpd.virtualHosts."github.com" =
|
services.httpd.virtualHosts."channels.nixos.org" =
|
||||||
{ forceSSL = true;
|
{ forceSSL = true;
|
||||||
sslServerKey = "${cert}/server.key";
|
sslServerKey = "${cert}/server.key";
|
||||||
sslServerCert = "${cert}/server.crt";
|
sslServerCert = "${cert}/server.crt";
|
||||||
servedDirs =
|
servedDirs =
|
||||||
[ { urlPath = "/NixOS/flake-registry/raw/master";
|
[ { urlPath = "/";
|
||||||
dir = registry;
|
dir = registry;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -109,7 +109,7 @@ makeTest (
|
||||||
nix.extraOptions = "experimental-features = nix-command flakes";
|
nix.extraOptions = "experimental-features = nix-command flakes";
|
||||||
environment.systemPackages = [ pkgs.jq ];
|
environment.systemPackages = [ pkgs.jq ];
|
||||||
networking.hosts.${(builtins.head nodes.github.config.networking.interfaces.eth1.ipv4.addresses).address} =
|
networking.hosts.${(builtins.head nodes.github.config.networking.interfaces.eth1.ipv4.addresses).address} =
|
||||||
[ "github.com" "api.github.com" "raw.githubusercontent.com" ];
|
[ "channels.nixos.org" "api.github.com" ];
|
||||||
security.pki.certificateFiles = [ "${cert}/ca.crt" ];
|
security.pki.certificateFiles = [ "${cert}/ca.crt" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -123,7 +123,7 @@ makeTest (
|
||||||
|
|
||||||
github.wait_for_unit("httpd.service")
|
github.wait_for_unit("httpd.service")
|
||||||
|
|
||||||
client.succeed("curl -v https://github.com/ >&2")
|
client.succeed("curl -v https://api.github.com/ >&2")
|
||||||
client.succeed("nix registry list | grep nixpkgs")
|
client.succeed("nix registry list | grep nixpkgs")
|
||||||
|
|
||||||
rev = client.succeed("nix flake info nixpkgs --json | jq -r .revision")
|
rev = client.succeed("nix flake info nixpkgs --json | jq -r .revision")
|
||||||
|
|
Loading…
Reference in a new issue