Monorepo for Aesthetic.Computer
aesthetic.computer
fix: unblock oven nix builds
+138
-32
+3
-3
fedac/native/ac-os
+3
-3
fedac/native/ac-os
···
1458
1458
build)
1459
1459
log "Building NixOS image..."
1460
1460
cd "${NIXOS_DIR}"
1461
-
nix build .#usb-image --print-out-paths
1461
+
AC_NIX_NATIVE_SRC="${SCRIPT_DIR}" nix build .#usb-image --impure --print-out-paths
1462
1462
log "NixOS image built"
1463
1463
;;
1464
1464
flash)
1465
1465
require_login
1466
1466
log "Building + flashing NixOS image to USB..."
1467
1467
cd "${NIXOS_DIR}"
1468
-
IMAGE_PATH=$(nix build .#usb-image --print-out-paths --no-link)
1468
+
IMAGE_PATH=$(AC_NIX_NATIVE_SRC="${SCRIPT_DIR}" nix build .#usb-image --impure --print-out-paths --no-link)
1469
1469
ISO=$(find "${IMAGE_PATH}" -name '*.iso' -type f | head -1)
1470
1470
if [ -z "${ISO}" ]; then
1471
1471
err "No ISO found in nix build output"
···
1482
1482
require_clean
1483
1483
log "Building + uploading NixOS image..."
1484
1484
cd "${NIXOS_DIR}"
1485
-
IMAGE_PATH=$(nix build .#usb-image --print-out-paths --no-link)
1485
+
IMAGE_PATH=$(AC_NIX_NATIVE_SRC="${SCRIPT_DIR}" nix build .#usb-image --impure --print-out-paths --no-link)
1486
1486
ISO=$(find "${IMAGE_PATH}" -name '*.iso' -type f | head -1)
1487
1487
if [ -z "${ISO}" ]; then
1488
1488
err "No ISO found in nix build output"
+2
-2
fedac/nixos/configuration.nix
+2
-2
fedac/nixos/configuration.nix
···
1
-
{ config, pkgs, lib, self ? null, gitHash ? "unknown", version ? "dev", ... }:
1
+
{ config, pkgs, lib, self ? null, gitHash ? "unknown", version ? "dev", nativeSrc, ... }:
2
2
3
3
let
4
-
ac-native = pkgs.callPackage ./packages/ac-native { inherit gitHash version; };
4
+
ac-native = pkgs.callPackage ./packages/ac-native { inherit gitHash version nativeSrc; };
5
5
in
6
6
{
7
7
imports = [
+12
-3
fedac/nixos/flake.nix
+12
-3
fedac/nixos/flake.nix
···
15
15
pkgs = import nixpkgs { inherit system; };
16
16
version = builtins.substring 0 8 (self.lastModifiedDate or "unknown");
17
17
gitHash = self.shortRev or "dirty";
18
+
nativeSrcPath = builtins.getEnv "AC_NIX_NATIVE_SRC";
19
+
nativeSrc =
20
+
if nativeSrcPath != "" then
21
+
builtins.path {
22
+
path = nativeSrcPath;
23
+
name = "ac-native-source";
24
+
}
25
+
else
26
+
throw "AC_NIX_NATIVE_SRC is required for fedac/nixos builds; run nix with --impure and point it at fedac/native.";
18
27
in
19
28
{
20
29
# The ac-native binary as a standalone package
21
30
packages.${system} = {
22
31
ac-native = pkgs.callPackage ./packages/ac-native {
23
-
inherit gitHash version;
32
+
inherit gitHash version nativeSrc;
24
33
};
25
34
26
35
# Bootable ISO image (no KVM needed to build)
···
28
37
inherit system;
29
38
modules = [ ./configuration.nix ];
30
39
format = "iso";
31
-
specialArgs = { inherit self gitHash version; };
40
+
specialArgs = { inherit self gitHash version nativeSrc; };
32
41
};
33
42
34
43
default = self.packages.${system}.usb-image;
···
38
47
nixosConfigurations.ac-native-os = nixpkgs.lib.nixosSystem {
39
48
inherit system;
40
49
modules = [ ./configuration.nix ];
41
-
specialArgs = { inherit self gitHash version; };
50
+
specialArgs = { inherit self gitHash version nativeSrc; };
42
51
};
43
52
};
44
53
}
+2
-2
fedac/nixos/modules/kiosk.nix
+2
-2
fedac/nixos/modules/kiosk.nix
···
1
-
{ config, pkgs, lib, gitHash ? "unknown", version ? "dev", ... }:
1
+
{ config, pkgs, lib, gitHash ? "unknown", version ? "dev", nativeSrc, ... }:
2
2
3
3
let
4
-
ac-native = pkgs.callPackage ../packages/ac-native { inherit gitHash version; };
4
+
ac-native = pkgs.callPackage ../packages/ac-native { inherit gitHash version nativeSrc; };
5
5
in
6
6
{
7
7
# seatd for unprivileged GPU/input access
+2
-1
fedac/nixos/packages/ac-native/default.nix
+2
-1
fedac/nixos/packages/ac-native/default.nix
···
2
2
, libdrm, alsa-lib, flite, openssl, curl
3
3
, wayland, wayland-protocols, wayland-scanner
4
4
, ffmpeg
5
+
, nativeSrc
5
6
, gitHash ? "unknown", version ? "dev"
6
7
}:
7
8
···
15
16
pname = "ac-native";
16
17
inherit version;
17
18
18
-
src = ../../../native;
19
+
src = nativeSrc;
19
20
20
21
nativeBuildInputs = [
21
22
pkg-config
+22
oven/deploy.sh
+22
oven/deploy.sh
···
95
95
else
96
96
curl -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm 2>&1 | tail -10
97
97
fi
98
+
NIX_BIN=""
99
+
for candidate in \
100
+
/nix/var/nix/profiles/default/bin/nix \
101
+
/root/.nix-profile/bin/nix \
102
+
/home/oven/.nix-profile/bin/nix; do
103
+
if [ -x "$candidate" ]; then
104
+
NIX_BIN="$candidate"
105
+
break
106
+
fi
107
+
done
108
+
if [ -n "$NIX_BIN" ]; then
109
+
ln -sf "$NIX_BIN" /usr/local/bin/nix
110
+
NIX_GC_BIN="$(dirname "$NIX_BIN")/nix-collect-garbage"
111
+
if [ -x "$NIX_GC_BIN" ]; then
112
+
ln -sf "$NIX_GC_BIN" /usr/local/bin/nix-collect-garbage
113
+
fi
114
+
echo "Nix binary: $NIX_BIN"
115
+
else
116
+
echo "WARNING: nix binary not found after install"
117
+
fi
98
118
# Enable flakes
99
119
mkdir -p /etc/nix
100
120
grep -q 'experimental-features' /etc/nix/nix.conf 2>/dev/null || \
···
253
273
else
254
274
echo 'OVEN_VERSION=$GIT_VERSION' >> .env
255
275
fi
276
+
install -m 0644 $REMOTE_DIR/infra/oven.service /etc/systemd/system/oven.service
256
277
# Rewrite systemd override from scratch so stale directives do not survive deploys.
257
278
mkdir -p /etc/systemd/system/oven.service.d
258
279
cat > /etc/systemd/system/oven.service.d/override.conf <<EOF
259
280
[Service]
260
281
Environment=OVEN_VERSION=$GIT_VERSION
282
+
Environment=PATH=/usr/local/bin:/nix/var/nix/profiles/default/bin:/home/oven/.nix-profile/bin:/root/.nix-profile/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
261
283
LimitNOFILE=65536
262
284
EOF
263
285
systemctl daemon-reload
+1
oven/infra/oven.service
+1
oven/infra/oven.service
···
7
7
User=oven
8
8
WorkingDirectory=/opt/oven
9
9
Environment=NODE_ENV=production
10
+
Environment=PATH=/usr/local/bin:/nix/var/nix/profiles/default/bin:/home/oven/.nix-profile/bin:/root/.nix-profile/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
10
11
ExecStart=/usr/bin/node /opt/oven/server.mjs
11
12
Restart=always
12
13
RestartSec=10
+94
-21
oven/native-builder.mjs
+94
-21
oven/native-builder.mjs
···
10
10
import { spawn } from "child_process";
11
11
import { MongoClient } from "mongodb";
12
12
13
-
function runSync(cmd, args, cwd) {
13
+
function runSync(cmd, args, cwd, env = null) {
14
14
return new Promise((resolve) => {
15
-
const proc = spawn(cmd, args, { cwd, stdio: ['ignore', 'pipe', 'ignore'] });
15
+
const proc = spawn(cmd, args, {
16
+
cwd,
17
+
env: env ? { ...process.env, ...env } : process.env,
18
+
stdio: ['ignore', 'pipe', 'ignore'],
19
+
});
16
20
let out = '';
17
21
proc.stdout.on('data', d => out += d);
18
22
proc.on('close', () => resolve(out.trim()));
···
29
33
const NATIVE_DIR =
30
34
process.env.NATIVE_DIR || "/opt/oven/native-git/fedac/native";
31
35
const NATIVE_BRANCH = process.env.NATIVE_GIT_BRANCH || "main";
36
+
const NIX_BIN_CANDIDATES = [
37
+
process.env.NIX_BIN || "",
38
+
"/usr/local/bin/nix",
39
+
"/nix/var/nix/profiles/default/bin/nix",
40
+
"/home/oven/.nix-profile/bin/nix",
41
+
"/root/.nix-profile/bin/nix",
42
+
];
43
+
const NIX_GC_CANDIDATES = [
44
+
process.env.NIX_GC_BIN || "",
45
+
"/usr/local/bin/nix-collect-garbage",
46
+
"/nix/var/nix/profiles/default/bin/nix-collect-garbage",
47
+
"/home/oven/.nix-profile/bin/nix-collect-garbage",
48
+
"/root/.nix-profile/bin/nix-collect-garbage",
49
+
];
32
50
33
51
// Kernel build cache: symlinked from fedac/native/build so kernel object
34
52
// files survive rsync --delete between commits (5-10x faster warm builds).
···
50
68
51
69
function nowISO() {
52
70
return new Date().toISOString();
71
+
}
72
+
73
+
function uniqueNonEmpty(items) {
74
+
return [...new Set((items || []).filter(Boolean))];
53
75
}
54
76
55
77
function toDateOrNull(v) {
···
101
123
commitMsg: job.commitMsg || null,
102
124
flags: Array.isArray(job.flags) ? job.flags : [],
103
125
changedPaths: job.changedPaths || "",
126
+
variant: job.variant || "c",
104
127
createdAt: toDateOrNull(job.createdAt),
105
128
startedAt,
106
129
updatedAt: toDateOrNull(job.updatedAt),
···
121
144
122
145
function stripAnsi(s) {
123
146
return String(s || "").replace(/\u001b\[[0-9;]*m/g, "");
147
+
}
148
+
149
+
async function resolveBinary(cmd, candidates = [], cwd = NATIVE_DIR) {
150
+
const fromPath = await runSync("bash", ["-lc", `command -v ${cmd} || true`], cwd);
151
+
if (fromPath) return fromPath.split("\n").pop().trim();
152
+
for (const candidate of uniqueNonEmpty(candidates)) {
153
+
try {
154
+
await fs.access(candidate);
155
+
return candidate;
156
+
} catch {}
157
+
}
158
+
return "";
124
159
}
125
160
126
161
function addLogLine(job, stream, line) {
···
511
546
if (buildNix) {
512
547
const nixosDir = path.resolve(NATIVE_DIR, "../nixos");
513
548
const nixUploadDir = `/tmp/oven-nix-upload-${job.id}`;
549
+
const nixBin = await resolveBinary("nix", NIX_BIN_CANDIDATES, nixosDir);
550
+
if (!nixBin) {
551
+
throw new Error(
552
+
"Nix binary not found on oven host. Checked PATH and: " +
553
+
uniqueNonEmpty(NIX_BIN_CANDIDATES).join(", "),
554
+
);
555
+
}
556
+
const nixGcBin = await resolveBinary(
557
+
"nix-collect-garbage",
558
+
[
559
+
path.join(path.dirname(nixBin), "nix-collect-garbage"),
560
+
...NIX_GC_CANDIDATES,
561
+
],
562
+
nixosDir,
563
+
);
564
+
const nixEnv = {
565
+
NIX_CONFIG: "experimental-features = nix-command flakes",
566
+
AC_NIX_NATIVE_SRC: NATIVE_DIR,
567
+
PATH: uniqueNonEmpty([
568
+
path.dirname(nixBin),
569
+
nixGcBin ? path.dirname(nixGcBin) : "",
570
+
process.env.PATH || "",
571
+
]).join(":"),
572
+
};
573
+
addLogLine(job, "stdout", `Phase N: using nix at ${nixBin}`);
514
574
515
575
// Preflight: garbage collect old nix store entries
516
576
addLogLine(job, "stdout", "Phase N: NixOS — cleaning Nix store...");
517
-
try {
518
-
await runPhase(job, "nix-gc", "bash", ["-c",
519
-
"nix-collect-garbage --delete-older-than 3d 2>&1 | tail -3 || true"
520
-
], nixosDir, { NIX_CONFIG: "experimental-features = nix-command flakes" });
521
-
} catch {}
577
+
if (nixGcBin) {
578
+
try {
579
+
await runPhase(
580
+
job,
581
+
"nix-gc",
582
+
nixGcBin,
583
+
["--delete-older-than", "3d"],
584
+
nixosDir,
585
+
nixEnv,
586
+
);
587
+
} catch {}
588
+
} else {
589
+
addLogLine(job, "stdout", "Phase N: skipping Nix GC — nix-collect-garbage not found");
590
+
}
522
591
523
592
addLogLine(job, "stdout", "Phase N: NixOS — building image with Nix...");
524
593
job.stage = "nix-build";
525
594
job.percent = Math.max(job.percent, 60);
526
595
if (progressCallback) progressCallback(makeSnapshot(job));
527
596
597
+
// fedac/nixos reads AC_NIX_NATIVE_SRC from the host env to import fedac/native.
528
598
// Build the NixOS ISO image
529
-
await runPhase(job, "nix-build", "nix", [
599
+
await runPhase(job, "nix-build", nixBin, [
530
600
"build", ".#usb-image",
601
+
"--impure",
531
602
"--no-link", "--print-out-paths",
532
-
], nixosDir, { NIX_CONFIG: "experimental-features = nix-command flakes" });
603
+
], nixosDir, nixEnv);
533
604
534
605
job.percent = Math.max(job.percent, 85);
535
606
536
607
// Extract ISO path from nix build output
537
-
const nixOutResult = await new Promise((resolve, reject) => {
538
-
const { execSync } = require("child_process");
539
-
try {
540
-
const out = execSync(
541
-
"nix build .#usb-image --no-link --print-out-paths",
542
-
{ cwd: nixosDir, env: { ...process.env, NIX_CONFIG: "experimental-features = nix-command flakes" }, encoding: "utf-8" }
543
-
).trim();
544
-
resolve(out);
545
-
} catch (e) { reject(e); }
546
-
});
608
+
const nixOutResult = await runSync(
609
+
nixBin,
610
+
["build", ".#usb-image", "--impure", "--no-link", "--print-out-paths"],
611
+
nixosDir,
612
+
nixEnv,
613
+
);
614
+
if (!nixOutResult) {
615
+
throw new Error("NixOS build finished without returning an output path");
616
+
}
547
617
548
618
// Find the ISO in the output directory
549
-
const { execSync } = require("child_process");
550
-
const isoPath = execSync(`find ${nixOutResult} -name '*.iso' -type f | head -1`, { encoding: "utf-8" }).trim();
619
+
const isoPath = await runSync(
620
+
"bash",
621
+
["-lc", "find \"$1\" -name '*.iso' -type f | head -1", "_", nixOutResult],
622
+
nixosDir,
623
+
);
551
624
552
625
if (!isoPath) {
553
626
throw new Error("NixOS build produced no ISO file");