From bbc8126569b6ff8f6677ad641d1cc4bfe627fdc7 Mon Sep 17 00:00:00 2001 From: Maximilian Held Date: Sat, 13 Jun 2026 21:29:06 +0200 Subject: [PATCH 1/8] try without vanilla nixpkgs, use fh nixpkgs instead --- flake.lock | 57 +++++++++++++++++++++++++++++++++++++++--------------- flake.nix | 5 ----- 2 files changed, 41 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 4eaef04..cd78046 100644 --- a/flake.lock +++ b/flake.lock @@ -187,9 +187,7 @@ "crane": "crane_2", "easy-template": "easy-template", "fenix": "fenix_3", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1780192580, @@ -209,7 +207,7 @@ "crane": "crane_4", "fenix": "fenix_4", "flake-schemas": "flake-schemas", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1764128805, @@ -226,9 +224,7 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { "lastModified": 1778716662, @@ -328,7 +324,36 @@ "url": "https://flakehub.com/f/NixOS/nixpkgs/0" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1777168982, + "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs_2": { + "locked": { + "lastModified": 1777954456, + "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", + "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", + "revCount": 992384, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.992384%2Brev-549bd84d6279f9852cae6225e372cc67fb91a4c1/019df915-70b5-73a2-a5a4-63c620b45d9f/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1763948260, "narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=", @@ -342,21 +367,21 @@ "url": "https://flakehub.com/f/NixOS/nixpkgs/0" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { - "lastModified": 1780902259, - "narHash": "sha256-q8yYEC5f1mFlQO9RGna4LTc9QrcvWunX6FYp83munkQ=", - "rev": "bd0ff2d3eac24699c3664d5966b9ef36f388e2ca", - "revCount": 1005841, + "lastModified": 1781216227, + "narHash": "sha256-9mUW6gNwoN2SWc/l0fW4svPNOulXLl8ijqKyeSOGgJE=", + "rev": "a0374025a863d007d98e3297f6aa46cc3141c2f0", + "revCount": 1006238, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2605.1005841%2Brev-bd0ff2d3eac24699c3664d5966b9ef36f388e2ca/019ea877-a51e-7d63-a6c5-85b9b069aa6c/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2605.1006238%2Brev-a0374025a863d007d98e3297f6aa46cc3141c2f0/019ec222-4173-7a63-9e83-5062b70a9018/source.tar.gz" }, "original": { "type": "tarball", "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2605.%2A" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -380,7 +405,7 @@ "flake-parts": "flake-parts", "flake-schemas": "flake-schemas_2", "nix-unit": "nix-unit", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "treefmt-nix": "treefmt-nix_2" } }, @@ -475,7 +500,7 @@ }, "treefmt-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1780220602, diff --git a/flake.nix b/flake.nix index a79bcb7..1e38d0f 100644 --- a/flake.nix +++ b/flake.nix @@ -6,16 +6,11 @@ # keep-sorted start fh.url = "https://flakehub.com/f/DeterminateSystems/fh/0.1.*"; flake-checker = { - # must use non-flakehub inputs, - # b/c flake-checker was build with DetSys Secure Packages - # which are not available without subscription - inputs.nixpkgs.follows = "nixpkgs"; url = "https://flakehub.com/f/DeterminateSystems/flake-checker/0.2.*"; }; # keep-sorted end flake-iter.url = "https://flakehub.com/f/DeterminateSystems/flake-iter/0.1.*"; flake-parts = { - inputs.nixpkgs-lib.follows = "nixpkgs"; url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; }; flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/0.5.*"; From da2e4126dc792ab60cd4695839b84de5d0039823 Mon Sep 17 00:00:00 2001 From: Maximilian Held Date: Sun, 14 Jun 2026 12:12:56 +0200 Subject: [PATCH 2/8] remove all manual nixpkgs overrides --- flake.lock | 26 ++++++++++++++++++++------ flake.nix | 17 ++++------------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index cd78046..16703cf 100644 --- a/flake.lock +++ b/flake.lock @@ -291,9 +291,7 @@ "nix-unit": { "inputs": { "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs_4", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -368,6 +366,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1778124196, + "narHash": "sha256-pYEytCNic/czazbV9r3tbQ6BZzqRBg/41x2dIC5ymOo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "68a8af93ff4297686cb68880845e61e5e2e41d92", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1781216227, "narHash": "sha256-9mUW6gNwoN2SWc/l0fW4svPNOulXLl8ijqKyeSOGgJE=", @@ -381,7 +395,7 @@ "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2605.%2A" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -405,7 +419,7 @@ "flake-parts": "flake-parts", "flake-schemas": "flake-schemas_2", "nix-unit": "nix-unit", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix_2" } }, @@ -500,7 +514,7 @@ }, "treefmt-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1780220602, diff --git a/flake.nix b/flake.nix index 1e38d0f..122bfba 100644 --- a/flake.nix +++ b/flake.nix @@ -5,22 +5,13 @@ nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.2605.*"; # keep-sorted start fh.url = "https://flakehub.com/f/DeterminateSystems/fh/0.1.*"; - flake-checker = { - url = "https://flakehub.com/f/DeterminateSystems/flake-checker/0.2.*"; - }; - # keep-sorted end + flake-checker.url = "https://flakehub.com/f/DeterminateSystems/flake-checker/0.2.*"; flake-iter.url = "https://flakehub.com/f/DeterminateSystems/flake-iter/0.1.*"; - flake-parts = { - url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; - }; + flake-parts.url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/0.5.*"; - nix-unit = { - url = "github:nix-community/nix-unit/?tag=v2.34.0"; - inputs = { - nixpkgs.follows = "nixpkgs"; - }; - }; + nix-unit.url = "github:nix-community/nix-unit/?tag=v2.34.0"; treefmt-nix.url = "https://flakehub.com/f/numtide/treefmt-nix/0.1.*"; + # keep-sorted end }; outputs = From 6cad227a767c7957e8e69375f503bf01bb52dab0 Mon Sep 17 00:00:00 2001 From: Maximilian Held Date: Sun, 14 Jun 2026 15:01:19 +0200 Subject: [PATCH 3/8] try with nixpkgs overwritten for nix-unit --- flake.lock | 26 ++++++-------------------- flake.nix | 7 ++++++- 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 16703cf..cd78046 100644 --- a/flake.lock +++ b/flake.lock @@ -291,7 +291,9 @@ "nix-unit": { "inputs": { "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_4", + "nixpkgs": [ + "nixpkgs" + ], "treefmt-nix": "treefmt-nix" }, "locked": { @@ -366,22 +368,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1778124196, - "narHash": "sha256-pYEytCNic/czazbV9r3tbQ6BZzqRBg/41x2dIC5ymOo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "68a8af93ff4297686cb68880845e61e5e2e41d92", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1781216227, "narHash": "sha256-9mUW6gNwoN2SWc/l0fW4svPNOulXLl8ijqKyeSOGgJE=", @@ -395,7 +381,7 @@ "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2605.%2A" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -419,7 +405,7 @@ "flake-parts": "flake-parts", "flake-schemas": "flake-schemas_2", "nix-unit": "nix-unit", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "treefmt-nix": "treefmt-nix_2" } }, @@ -514,7 +500,7 @@ }, "treefmt-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1780220602, diff --git a/flake.nix b/flake.nix index 122bfba..97c424c 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,12 @@ flake-iter.url = "https://flakehub.com/f/DeterminateSystems/flake-iter/0.1.*"; flake-parts.url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/0.5.*"; - nix-unit.url = "github:nix-community/nix-unit/?tag=v2.34.0"; + nix-unit = { + url = "github:nix-community/nix-unit/?tag=v2.34.0"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; treefmt-nix.url = "https://flakehub.com/f/numtide/treefmt-nix/0.1.*"; # keep-sorted end }; From 58295040af2254db90fe49afd58d6eaf3a43bae5 Mon Sep 17 00:00:00 2001 From: Maximilian Held Date: Sun, 14 Jun 2026 15:09:43 +0200 Subject: [PATCH 4/8] fix lint --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 97c424c..b301607 100644 --- a/flake.nix +++ b/flake.nix @@ -15,8 +15,8 @@ nixpkgs.follows = "nixpkgs"; }; }; - treefmt-nix.url = "https://flakehub.com/f/numtide/treefmt-nix/0.1.*"; # keep-sorted end + treefmt-nix.url = "https://flakehub.com/f/numtide/treefmt-nix/0.1.*"; }; outputs = From c772187c457df2a2aa488e74789932b06cb28d84 Mon Sep 17 00:00:00 2001 From: Maximilian Held Date: Sun, 14 Jun 2026 15:43:01 +0200 Subject: [PATCH 5/8] overwrite nixpkgs in flake-parts --- flake.lock | 19 +++---------------- flake.nix | 5 ++++- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index cd78046..ce580ce 100644 --- a/flake.lock +++ b/flake.lock @@ -224,7 +224,9 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1778716662, @@ -324,21 +326,6 @@ "url": "https://flakehub.com/f/NixOS/nixpkgs/0" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1777168982, - "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1777954456, diff --git a/flake.nix b/flake.nix index b301607..fef0298 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,10 @@ fh.url = "https://flakehub.com/f/DeterminateSystems/fh/0.1.*"; flake-checker.url = "https://flakehub.com/f/DeterminateSystems/flake-checker/0.2.*"; flake-iter.url = "https://flakehub.com/f/DeterminateSystems/flake-iter/0.1.*"; - flake-parts.url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; + flake-parts = { + url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/0.5.*"; nix-unit = { url = "github:nix-community/nix-unit/?tag=v2.34.0"; From b647d8a3413506be78ab99e6b02da4ad000a0bba Mon Sep 17 00:00:00 2001 From: Maximilian Held Date: Sun, 14 Jun 2026 15:51:48 +0200 Subject: [PATCH 6/8] minimize diff --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index fef0298..caee976 100644 --- a/flake.nix +++ b/flake.nix @@ -8,8 +8,8 @@ flake-checker.url = "https://flakehub.com/f/DeterminateSystems/flake-checker/0.2.*"; flake-iter.url = "https://flakehub.com/f/DeterminateSystems/flake-iter/0.1.*"; flake-parts = { - url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; inputs.nixpkgs-lib.follows = "nixpkgs"; + url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; }; flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/0.5.*"; nix-unit = { From 30d12eb16d74f3cb459763089d62729e4efd30ca Mon Sep 17 00:00:00 2001 From: Maximilian Held Date: Sun, 14 Jun 2026 16:25:28 +0200 Subject: [PATCH 7/8] update direnv --- templates/base/.envrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/base/.envrc b/templates/base/.envrc index a93dec4..4cacafe 100644 --- a/templates/base/.envrc +++ b/templates/base/.envrc @@ -1,6 +1,6 @@ #!/bin/bash -if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM=" +if ! has nix_direnv_version || ! nix_direnv_version 3.1.1; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.1.1/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM=" fi use flake From c98ff803fadd974b3f4d245bc3d2b24151f6b044 Mon Sep 17 00:00:00 2001 From: Maximilian Held Date: Sun, 14 Jun 2026 16:36:14 +0200 Subject: [PATCH 8/8] fix keep-sorted --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index caee976..3b9aef1 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,7 @@ fh.url = "https://flakehub.com/f/DeterminateSystems/fh/0.1.*"; flake-checker.url = "https://flakehub.com/f/DeterminateSystems/flake-checker/0.2.*"; flake-iter.url = "https://flakehub.com/f/DeterminateSystems/flake-iter/0.1.*"; + # keep-sorted end flake-parts = { inputs.nixpkgs-lib.follows = "nixpkgs"; url = "https://flakehub.com/f/hercules-ci/flake-parts/0.1.*"; @@ -18,7 +19,6 @@ nixpkgs.follows = "nixpkgs"; }; }; - # keep-sorted end treefmt-nix.url = "https://flakehub.com/f/numtide/treefmt-nix/0.1.*"; };