Skip to content

Testing iptables + CI/CD updates #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zestrada wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Testing iptables + CI/CD updates #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
bad5d78
forgot to add pkgs
zestrada May 17, 2026
efdbea3
build on PRs
zestrada May 17, 2026
bc3a501
try skipping devdoc for gnutls
zestrada May 18, 2026
db54f44
try without man pages?
zestrada May 18, 2026
fa279d7
skip openssl checks?
zestrada May 18, 2026
90ceadf
trying to fix deps
zestrada May 19, 2026
0ac5e6f
cachix: set USER
zestrada May 19, 2026
016e0c8
rehosting-arc: nix installed?
zestrada May 19, 2026
cb2fb4d
try nix-action
zestrada May 19, 2026
2dada6d
chown?
zestrada May 19, 2026
ab31618
chown?
zestrada May 19, 2026
537e518
pkg-config from buildPackages
zestrada May 19, 2026
6e43ad0
debug
zestrada May 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 16 additions & 3 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ name: Build
on:
push:
branches: main
pull_request:
branches: main

env:
USER: root

jobs:
build:
Expand All @@ -11,25 +16,31 @@ jobs:
- uses: actions/checkout@v3
- run: sudo apt-get update
- run: sudo apt-get install xz-utils curl p7zip-full jq sqlite3 -y
- run: sudo mkdir -p /nix && sudo chown -R "$(id -u):$(id -g)" /nix
- uses: cachix/install-nix-action@v27
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
extra_nix_config: |
max-jobs = 8
cores = 8
- uses: nix-community/cache-nix-action@v5
# install-nix-action writes /etc/nix/nix.conf as root; loosen perms so
# the runner user (used by cachix-action) can append substituter lines.
- run: sudo chmod 666 /etc/nix/nix.conf
- uses: cachix/cachix-action@v17
with:
primary-key: ${{ runner.os }}-nix-store
name: rehosting
authToken: ${{ secrets.CACHIX_REHOSTING }}
- uses: DeterminateSystems/flake-checker-action@main
- run: nix flake check
- run: nix build
- run: nix build -L
- run: tar -chzvf hyperfs.tar.gz result
- uses: reecetech/version-increment@2023.10.1
id: version
with:
use_api: true

- name: Create release
if: github.event_name == 'push'
id: create_release
uses: actions/create-release@v1
env:
Expand All @@ -42,6 +53,7 @@ jobs:
prerelease: false

- name: Upload release asset
if: github.event_name == 'push'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -52,6 +64,7 @@ jobs:
asset_content_type: application/gzip

- name: Publish release
if: github.event_name == 'push'
uses: StuYarrow/publish-release@v1.1.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
26 changes: 23 additions & 3 deletions src/cross-overlays.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,24 @@
p11-kit = super.p11-kit.overrideAttrs { doCheck = false; };
})

# GnuTLS' docs build runs generated target binaries such as lt-errcodes.
# OpenSSL's 04-test_bio_dgram.t fails in restricted CI sandboxes that lack
# proper DGRAM/IPv6 loopback. Skip the test phase rather than carry an
# upstream-specific patch.
(self: super: {
openssl = super.openssl.overrideAttrs { doCheck = false; };
})

# GnuTLS' docs build runs generated target binaries such as lt-errcodes,
# which fails when cross-compiling. Disable the build and also drop the
# devdoc/man outputs, otherwise nix fails with "failed to produce output
# path for output 'devdoc'" / "'man'" since the directories are never
# created.
(self: super: {
gnutls = super.gnutls.overrideAttrs (o: {
configureFlags = (o.configureFlags or [ ]) ++ [ "--disable-doc" ];
outputs = builtins.filter
(x: !(builtins.elem x [ "devdoc" "man" ]))
(o.outputs or [ "out" ]);
});
})

Expand All @@ -37,9 +51,15 @@
});
})

# Disable unused and/or broken-on-some-platforms elfutils features
# Disable unused and/or broken-on-some-platforms elfutils features, and
# ensure pkg-config is available at build time. Must use
# buildPackages.pkg-config (the build-host variant) rather than
# self.pkg-config — the latter is the cross/target pkg-config and the
# build sandbox can't execute it.
(self: super: {
elfutils = super.elfutils.override { enableDebuginfod = false; };
elfutils = (super.elfutils.override { enableDebuginfod = false; }).overrideAttrs (o: {
nativeBuildInputs = (o.nativeBuildInputs or [ ]) ++ [ self.buildPackages.pkg-config ];
});
})

]
8 changes: 8 additions & 0 deletions src/pkgs/iptables-legacy.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
pkgs:

# In modern nixpkgs, the plain "iptables" symlink points to the NFT backend,
# so we must explicitly request "iptables-legacy" (→ xtables-legacy-multi).
pkgs.iptables // {
iglooName = "iptables-legacy";
meta = pkgs.iptables.meta // { mainProgram = "iptables-legacy"; };
}
8 changes: 8 additions & 0 deletions src/pkgs/iptables-nft.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
pkgs:

# xtables-nft-multi is the multi-call binary for the nf_tables frontend.
# Override mainProgram so getExe resolves to the nft variant's symlink.
pkgs.iptables // {
iglooName = "iptables-nft";
meta = pkgs.iptables.meta // { mainProgram = "iptables-nft"; };
}
Loading