From 3465f006d7d294a543a39e4608dd2d75bb17839d Mon Sep 17 00:00:00 2001 From: Yadunand Prem Date: Sat, 4 Oct 2025 19:54:17 +0800 Subject: [PATCH] Migrate flux to v2.7 APIs --- apps/base/proxmox.yaml | 4 +- apps/base/yadunut-dev.yaml | 4 +- cluster/base/apps.yaml | 2 +- flake.lock | 24 ++++---- flake.nix | 123 ++++++++++++++++++++++++++++--------- 5 files changed, 112 insertions(+), 45 deletions(-) diff --git a/apps/base/proxmox.yaml b/apps/base/proxmox.yaml index c850d2b..e0f2859 100644 --- a/apps/base/proxmox.yaml +++ b/apps/base/proxmox.yaml @@ -84,7 +84,7 @@ spec: targetPort: https type: ClusterIP --- -apiVersion: image.toolkit.fluxcd.io/v1beta2 +apiVersion: image.toolkit.fluxcd.io/v1 kind: ImageRepository metadata: name: tcp-proxy @@ -93,7 +93,7 @@ spec: image: harbor.yadunut.dev/yadunut/tcp_proxy interval: 1m0s --- -apiVersion: image.toolkit.fluxcd.io/v1beta2 +apiVersion: image.toolkit.fluxcd.io/v1 kind: ImagePolicy metadata: name: tcp-proxy diff --git a/apps/base/yadunut-dev.yaml b/apps/base/yadunut-dev.yaml index 0387ce6..997a391 100644 --- a/apps/base/yadunut-dev.yaml +++ b/apps/base/yadunut-dev.yaml @@ -61,7 +61,7 @@ spec: port: name: http --- -apiVersion: image.toolkit.fluxcd.io/v1beta2 +apiVersion: image.toolkit.fluxcd.io/v1 kind: ImageRepository metadata: name: yadunut-dev @@ -70,7 +70,7 @@ spec: image: harbor.yadunut.dev/yadunut/yadunut.dev interval: 1m0s --- -apiVersion: image.toolkit.fluxcd.io/v1beta2 +apiVersion: image.toolkit.fluxcd.io/v1 kind: ImagePolicy metadata: name: yadunut-dev diff --git a/cluster/base/apps.yaml b/cluster/base/apps.yaml index 4a9a905..da76f70 100644 --- a/cluster/base/apps.yaml +++ b/cluster/base/apps.yaml @@ -16,7 +16,7 @@ spec: timeout: 5m0s wait: true --- -apiVersion: image.toolkit.fluxcd.io/v1beta2 +apiVersion: image.toolkit.fluxcd.io/v1 kind: ImageUpdateAutomation metadata: name: flux-system diff --git a/flake.lock b/flake.lock index 3537782..88d6cb4 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -52,11 +52,11 @@ ] }, "locked": { - "lastModified": 1746729224, - "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "owner": "nix-community", "repo": "disko", - "rev": "85555d27ded84604ad6657ecca255a03fd878607", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "type": "github" }, "original": { @@ -127,11 +127,11 @@ ] }, "locked": { - "lastModified": 1742568034, - "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", "type": "github" }, "original": { @@ -142,11 +142,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746576598, - "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=", + "lastModified": 1759826507, + "narHash": "sha256-vwXL9H5zDHEQA0oFpww2one0/hkwnPAjc47LRph6d0I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55", + "rev": "bce5fe2bb998488d8e7e7856315f90496723793c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 1577f17..7a9e3fd 100644 --- a/flake.nix +++ b/flake.nix @@ -18,36 +18,102 @@ }; }; - outputs = { flake-utils,nixpkgs, nixos-generators, agenix, ... }: { - packages.x86_64-linux = { - create-vm = let - pkgs = import nixpkgs { system = "x86_64-linux"; }; - script-name = "create-vm"; - src = builtins.readFile ./nixos/proxmox/create-vm.sh; - script = (pkgs.writeScriptBin script-name src).overrideAttrs(old: { - buildCommand = "${old.buildCommand}\n patchShebangs $out"; - }); - buildInputs = with pkgs; [ gum jq ]; - in pkgs.symlinkJoin { - name = script-name; - paths = [ script ] ++ buildInputs; - nativeBuildInputs = with pkgs; [makeWrapper]; - postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin"; + outputs = + { + flake-utils, + nixpkgs, + nixos-generators, + agenix, + ... + }: + { + packages.x86_64-linux = { + create-vm = + let + pkgs = import nixpkgs { system = "x86_64-linux"; }; + script-name = "create-vm"; + src = builtins.readFile ./nixos/proxmox/create-vm.sh; + script = (pkgs.writeScriptBin script-name src).overrideAttrs (old: { + buildCommand = "${old.buildCommand}\n patchShebangs $out"; + }); + buildInputs = with pkgs; [ + gum + jq + ]; + in + pkgs.symlinkJoin { + name = script-name; + paths = [ script ] ++ buildInputs; + nativeBuildInputs = with pkgs; [ makeWrapper ]; + postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin"; + }; + generate-iso = nixos-generators.nixosGenerate { + format = "iso"; + system = "x86_64-linux"; + modules = [ + ./nixos/proxmox/iso.nix # base configuration of the image + ]; }; - generate-iso = nixos-generators.nixosGenerate { - format = "iso"; - system = "x86_64-linux"; - modules = [ - ./nixos/proxmox/iso.nix # base configuration of the image - ]; }; - }; - } // flake-utils.lib.eachDefaultSystem (system: - let pkgs = import nixpkgs { - inherit system; - }; in - { + } + // flake-utils.lib.eachDefaultSystem ( + system: + let + fluxOverlay = ( + final: prev: + let + version = "2.7.1"; + srcHash = "sha256-UJiH6dunTKrHtjc1FudyGugSAJYrBC7TMQp+3PdywPI="; + manifestsHash = "sha256-/57wRJ2Sj5vkPsuDQp4q+gbs6C4Qy1PfS3KNt2I5IlU="; + vendorHash = "sha256-C5s+/OwZ3cjJZmj39j69LJS3qwQXGJuxyRK1vHVgXGg="; + + manifests = prev.fetchzip { + url = "https://github.com/fluxcd/flux2/releases/download/v${version}/manifests.tar.gz"; + # First build with a dummy, then replace with the `got:` hash from the error + hash = manifestsHash; + stripRoot = false; + }; + in + { + fluxcd = prev.fluxcd.overrideAttrs (old: { + inherit version vendorHash; + src = prev.fetchFromGitHub { + owner = "fluxcd"; + repo = "flux2"; + rev = "v${version}"; + # First build with a dummy, then replace with the `got:` hash + hash = srcHash; + }; + postUnpack = '' + cp -r ${manifests} source/cmd/flux/manifests + # disable tests that require network access + rm source/cmd/flux/create_secret_git_test.go + ''; + + ldflags = [ + "-s" + "-w" + "-X main.VERSION=${version}" + ]; + + # keep install check aligned with the new version + installCheckPhase = '' + $out/bin/flux --version | grep ${version} > /dev/null + ''; + + meta = old.meta // { + changelog = "https://github.com/fluxcd/flux2/releases/tag/v${version}"; + }; + }); + } + ); + pkgs = import nixpkgs { + inherit system; + overlays = [ fluxOverlay ]; + }; + in + { devShells = { default = pkgs.mkShell { buildInputs = [ @@ -63,5 +129,6 @@ ]; }; }; - }); + } + ); }