commit c5ed69c003d177cc76c82c25d669920f802ebf6f
author Skyler Grey <minion@clicks.codes> Sat Dec 23 02:25:41 2023 +0000
committer Skyler Grey <minion@clicks.codes> Sat Dec 23 19:35:19 2023 +0000
tree d511597c1930dec2e2bb0e0fb02bc78009b2c45b
parent 4d5e2f23a4b21ebe6a8c5ebe489e9dc7b195b6f2

Move gerrit oauth to flake input

Previously, we used fetchurl to get the gerrit oauth plugin. This had
the disadvantage that auto-updates did not work, and additionally did
not have the advantage that the config would continue to work with old
versions as the artifact URL was removed when a new version was built.

This will allow us to update gerrit oauth with 'nix flake lock' and will
break no more commonly than before

Change-Id: I6d82752c380aea6301c26de169b01480d260a830
Reviewed-on: https://git.clicks.codes/c/Clicks/NixFiles/+/201
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Samuel Shuert <coded@clicks.codes>

flake.lock

diff --git a/flake.lock b/flake.lock
index 800bfac..7595c4b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -54,6 +54,18 @@
         "type": "github"
       }
     },
+    "gerrit-oauth": {
+      "flake": false,
+      "locked": {
+        "narHash": "sha256-hkOMnVvI00SxrONIiD6hIy/Z4Ovi9R3Izs7ZZKiaXiE=",
+        "type": "file",
+        "url": "https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-master/lastBuild/artifact/bazel-bin/plugins/oauth/oauth.jar"
+      },
+      "original": {
+        "type": "file",
+        "url": "https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-master/lastBuild/artifact/bazel-bin/plugins/oauth/oauth.jar"
+      }
+    },
     "helpers": {
       "inputs": {
         "nixpkgs": "nixpkgs_2"
@@ -207,6 +219,7 @@
       "inputs": {
         "deploy-rs": "deploy-rs",
         "flake-utils": "flake-utils",
+        "gerrit-oauth": "gerrit-oauth",
         "helpers": "helpers",
         "home-manager": "home-manager",
         "nixpkgs": "nixpkgs_3",

flake.nix

diff --git a/flake.nix b/flake.nix
index 482f247..722899c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,6 +23,11 @@
   inputs.scalpel.inputs.nixpkgs.follows = "nixpkgs";
   inputs.scalpel.inputs.sops-nix.follows = "sops-nix";
 
+  inputs.gerrit-oauth = {
+    url = "https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-master/lastBuild/artifact/bazel-bin/plugins/oauth/oauth.jar";
+    flake = false;
+  };
+
   outputs = { self, nixpkgs, deploy-rs, home-manager, sops-nix, scalpel
     , nixpkgs-privatebin, ... }@inputs:
     let

modules/common/gerrit.nix

diff --git a/modules/common/gerrit.nix b/modules/common/gerrit.nix
index 87793b1..27588eb 100644
--- a/modules/common/gerrit.nix
+++ b/modules/common/gerrit.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, lib, base, system, ... }:
+{ pkgs, config, lib, base, system, gerrit-oauth, ... }:
 let cfg = config.services.gerrit;
 in lib.recursiveUpdate {
   users.users.gerrit = {
@@ -114,10 +114,7 @@
     };
 
     plugins = [
-      (pkgs.fetchurl {
-        url = "https://gerrit-ci.gerritforge.com/job/plugin-oauth-bazel-master-master/55/artifact/bazel-bin/plugins/oauth/oauth.jar";
-        hash = "sha256-Qil1CIh/+XC15rKfW0iYR9u370eF2TXnCNSmQfr+7/8=";
-      })
+      (builtins.path { path = gerrit-oauth; name = "oauth.jar"; })
     ];
     builtinPlugins = [
       "codemirror-editor"