about summary refs log tree commit diff
path: root/tools/nixery
AgeCommit message (Collapse)AuthorFilesLines
2019-08-14 refactor(server): Use wrapper script to avoid path dependencyVincent Ambo7-9/+73
Instead of requiring the server component to be made aware of the location of the Nix builder via environment variables, this commit introduces a wrapper script for the builder that can simply exist on the builders $PATH. This is one step towards a slightly nicer out-of-the-box experience when using `nix-build -A nixery-bin`.
2019-08-14 chore(docs): Move mdBook derivation to docs/default.nixVincent Ambo2-23/+20
2019-08-14 refactor: Move registry server to a subfolderVincent Ambo4-29/+18
2019-08-14 chore(build): Update Go dependencies & add gonumVincent Ambo1-4/+13
2019-08-14 feat(group-layers): Finish layering algorithm implementationVincent Ambo1-58/+103
This commit adds the actual logic for extracting layer groupings and merging them until the layer budget is satisfied. The implementation conforms to the design doc as of the time of this commit.
2019-08-14 feat(group-layers): Add initial popcount scriptsVincent Ambo2-0/+64
This script generates an entry in a text file for each time a derivation is referred to by another in nixpkgs. For initial testing, this output can be turned into group-layers compatible JSON with this *trivial* invocation: cat output | awk '{ print "{\"" $2 "\":" $1 "}"}' | jq -s '. | add | with_entries(.key |= sub("/nix/store/[a-z0-9]+-";""))' > test-data.json
2019-08-14 feat(group-layers): Add preliminary size & popularity considerationsVincent Ambo1-26/+66
As described in the design document, this adds considerations for closure size and popularity. All closures meeting a certain threshold for either value will have an extra edge from the image root to themselves inserted in the graph, which will cause them to be considered for inclusion in a separate layer. This is preliminary because popularity is considered as a boolean toggle (the input I generated only contains the top ~200 most popular packages), but it should be using either absolute popularity values or percentiles (needs some experimentation).
2019-08-14 feat(group-layers): Implement first half of new layering strategyVincent Ambo1-0/+267
The strategy is described in-depth in the comment at the top of the implementation file, as well as in the design document: https://storage.googleapis.com/nixdoc/nixery-layers.html
2019-08-08 docs: Update embedded nix-1pVincent Ambo1-2/+2
The new commit has an operator table, which is nice to have!
2019-08-08 chore(nix): Increase maximum number of layers to 96Vincent Ambo2-6/+5
This uses a significantly larger percentage of the total available layers (125) than before, which means that cache hits for layers become more likely between images.
2019-08-08 fix(go): Fix breakage in unsigned URLsVincent Ambo1-1/+1
This affected the public instance which is still running without URL signing. Should add some monitoring!
2019-08-05 docs: Minor fixes to README after new website releaseVincent Ambo1-5/+6
2019-08-05 docs: Add a section on Nix itselfVincent Ambo1-0/+31
2019-08-05 docs: Add a section on running your own NixeryVincent Ambo2-2/+145
2019-08-05 docs: Add an "under-the-hood" page explaining the build processVincent Ambo3-4/+110
This page describes the various steps that Nixery goes through when "procuring" an image. The intention is to give users some more visibility into what is going on and to make it clear that this is not just an image storage service.
2019-08-05 feat(build): Build Nixery book and embed it into Nixery imageVincent Ambo2-8/+46
Executes the previously added mdBook on the previously added book source to yield a directory that can be served by Nixery on its index page. This is one of those 'I <3 Nix' things due to how easy it is to do.
2019-08-05 feat(build): Add mdBook 0.3.1 to build environmentVincent Ambo1-0/+18
Upstream nixpkgs currently only has an older versin of mdBook. Until that changes, we keep a different version in here.
2019-08-05 docs: Replace static page with mdBook siteVincent Ambo11-108/+97
Uses mdBook[1] to generate a documentation overview page instead of the previous HTML site. This makes it possible to add more elaborate documentation without having to deal with finicky markup. [1]: https://github.com/rust-lang-nursery/mdBook
2019-08-04 feat(build): Configure Cachix for build caching in CIVincent Ambo1-0/+5
The CI setup is configured with an appropriate key to enable pushes to the nixery.cachix.org binary cache.
2019-08-04 feat(build): Support additional pre-launch commands in imageVincent Ambo1-1/+4
This makes it possible for users to hook basically arbitrary things into the Nixery container image.
2019-08-03 fix(nix): Support retrieving differently cased top-level attributesVincent Ambo1-4/+29
As described in issue #14, the registry API does not allow image names with uppercase-characters in them. However, the Nix package set has several top-level keys with uppercase characters in them which could previously not be retrieved using Nixery. This change implements a method for retrieving those keys, but it is explicitly only working for the top-level package set as nested sets (such as `haskellPackages`) often contain packages that differ in case only.
2019-08-03 docs: Add GCS signing envvars to READMEVincent Ambo1-0/+4
2019-08-03 feat(go): Support signed GCS URLs with static keysVincent Ambo1-20/+57
Google Cloud Storage supports granting access to protected objects via time-restricted URLs that are cryptographically signed. This makes it possible to store private data in buckets and to distribute it to eligible clients without having to make those clients aware of GCS authentication methods. Nixery now uses this feature to sign URLs for GCS buckets when returning layer URLs to clients on image pulls. This means that a private Nixery instance can run a bucket with restricted access just fine. Under the hood Nixery uses a key provided via environment variables to sign the URL with a 5 minute expiration time. This can be set up by adding the following two environment variables: * GCS_SIGNING_KEY: Path to the PEM file containing the signing key. * GCS_SIGNING_ACCOUNT: Account ("e-mail" address) to use for signing. If the variables are not set, the previous behaviour is not modified.
2019-08-03 fix(go): Registry API acknowledgement URI has a trailing slashVincent Ambo1-6/+6
Previously the acknowledgement calls from Docker were receiving a 404 (which apparently doesn't bother it?!). This corrects the URL, which meant that acknowledgement had to move inside of the registryHandler.
2019-08-03 chore: Prevent accidental key leaks via gitignoreVincent Ambo1-0/+6
2019-08-03 fix(static): Fix logo nitpick (smoothened λ edges)Vincent Ambo1-0/+0
2019-08-03 style(static): Fix favicon background colourVincent Ambo1-0/+0
2019-08-03 chore(go): Remove 'builder' metapackageVincent Ambo1-5/+2
This metapackage isn't actually particularly useful (stdenv is rarely what users want).
2019-08-02 docs: Update all nixery.appspot.com references to nixery.devVincent Ambo3-9/+9
Shiny, new domain is much better and eliminates the TLS redirect issue because there is a HSTS preload for the entire .dev TLD (which, by the way, is awesome!)
2019-08-02 style(static): Update Nixery logo to a healthier versionVincent Ambo2-0/+0
This might not yet be the final version, but it's going in the right direction. Additionally the favicon has been reduced to just the coloured Nix logo, because details are pretty much invisible at that size anyways.
2019-08-02 fix(build): coreutils are still required by launch scriptVincent Ambo1-0/+1
Mea culpa!
2019-08-02 docs(static): Note that the demo instance is just a demoVincent Ambo1-0/+10
People should not start depending on the demo instance. There have been discussions around making a NixOS-official instance, but the project needs to mature a little bit first.
2019-08-02 fix(nix): Calculate MD5 sum of config layer correctlyVincent Ambo1-1/+1
The MD5 sum is used for verifying contents in the layer cache before accidentally re-uploading, but the syntax of the hash invocation was incorrect leading to a cache-bust on the manifest layer on every single build (even for identical images).
2019-08-02 feat(go): Return error responses in registry formatVincent Ambo1-9/+35
The registry specifies a format for how errors should be returned and this commit implements it: https://docs.docker.com/registry/spec/api/#errors
2019-08-02 feat(go): Return errors with correct status codes to clientsVincent Ambo1-3/+17
Uses the structured errors feature introduced in the Nix code to return more sensible errors to clients. For now this is quite limited, but already a lot better than before: * packages that could not be found result in 404s * all other errors result in 500s This way the registry clients will not attempt to interpret the returned garbage data/empty response as something useful.
2019-08-02 fix(go): Return response code 500 if Nix builds failVincent Ambo1-0/+1
2019-08-02 feat(nix): Return structured errors if packages are not foundVincent Ambo1-10/+37
Changes the return format of Nixery's build procedure to return a JSON structure that can indicate which errors have occured. The server can use this information to send appropriate status codes back to clients.
2019-07-31 docs(README): Revamp with updated information on package sourcesVincent Ambo1-24/+53
Adds documentation for configuration options and supported features.
2019-07-31 feat(go): Add environment configuration for package set sourcesVincent Ambo1-11/+74
Adds environment variables with which users can configure the package set source to use. Not setting a source lets Nix default to a recent NixOS channel (currently nixos-19.03).
2019-07-31 feat(nix): Support package set imports from different sourcesVincent Ambo1-5/+57
This extends the package set import mechanism in build-registry-image.nix with several different options: 1. Importing a nixpkgs channel from Github (the default, pinned to nixos-19.03) 2. Importing a custom Nix git repository. This uses builtins.fetchGit and can thus rely on git/SSH configuration in the environment (such as keys) 3. Importing a local filesystem path As long as the repository pointed at is either a checkout of nixpkgs, or nixpkgs overlaid with custom packages this will work. A special syntax has been defined for how these three options are passed in, but users should not need to concern themselves with it as it will be taken care of by the server component. This relates to #3.
2019-07-31 feat(build): Add dependencies for custom repo clonesVincent Ambo1-4/+4
Adds git & SSH as part of the Nixery image, which are required to use Nix's builtins.fetchGit. The dependency on interactive tools is dropped, as it was only required during development when debugging the image building process itself.
2019-07-31 fix(nix): Add empty image config to allow k8s usageVincent Ambo1-0/+2
Introduce an empty runtime configuration object in each built layer. This is required because Kubernetes expects the configuration to be present (even if it's just empty values). Providing an empty configuration will make Docker's API return a full configuration struct with default (i.e. empty) values rather than `null`, which works for Kubernetes. This fixes issue #1. See the issue for additional details.
2019-07-30 docs(static): Update index page with post-launch informationVincent Ambo1-33/+36
Points people at the repository and removes some outdated information.
2019-07-30 docs(README): Add logo & build statusVincent Ambo1-3/+9
2019-07-30 feat(static): Add logo & favicon resourcesVincent Ambo3-0/+1
2019-07-30 refactor(main): Introduce more flexible request routingVincent Ambo1-57/+62
Instead of just dispatching on URL regexes, use handlers to split the routes into registry-related handlers and otherwise(tm). For now the otherwise(tm) consists of a file server serving the static directory, rather than just a plain match on the index route.
2019-07-30 feat(build): Add Travis configuration to build everythingVincent Ambo2-1/+2
The default Travis build command for Nix is `nix-build`, which will build all derivations specified in the default.nix.
2019-07-29 docs(CONTRIBUTING): Mention commit message formatVincent Ambo1-0/+7
2019-07-29 docs(README): Update roadmap informationVincent Ambo1-27/+17
Adds information about Kubernetes integration & custom repository support as well as links to the relevant tracking issues.
2019-07-29 docs(README): Remove known issues from READMEVincent Ambo1-20/+0
These issues have been moved to the issue tracker.