Migrate flux to v2.7 APIs

apps/base/proxmox.yaml

@@ -84,7 +84,7 @@ spec:
       targetPort: https
   type: ClusterIP
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta2
+apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImageRepository
 metadata:
   name: tcp-proxy
@@ -93,7 +93,7 @@ spec:
   image: harbor.yadunut.dev/yadunut/tcp_proxy
   interval: 1m0s
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta2
+apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImagePolicy
 metadata:
   name: tcp-proxy

apps/base/yadunut-dev.yaml

@@ -61,7 +61,7 @@ spec:
                 port:
                   name: http
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta2
+apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImageRepository
 metadata:
   name: yadunut-dev
@@ -70,7 +70,7 @@ spec:
   image: harbor.yadunut.dev/yadunut/yadunut.dev
   interval: 1m0s
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta2
+apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImagePolicy
 metadata:
   name: yadunut-dev

cluster/base/apps.yaml

@@ -16,7 +16,7 @@ spec:
   timeout: 5m0s
   wait: true
 ---
-apiVersion: image.toolkit.fluxcd.io/v1beta2
+apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImageUpdateAutomation
 metadata:
   name: flux-system

flake.lock

@@ -10,11 +10,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1745630506,
+        "lastModified": 1754433428,
-        "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
+        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
+        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
         "type": "github"
       },
       "original": {
@@ -52,11 +52,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1746729224,
+        "lastModified": 1758287904,
-        "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=",
+        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "85555d27ded84604ad6657ecca255a03fd878607",
+        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
         "type": "github"
       },
       "original": {
@@ -127,11 +127,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742568034,
+        "lastModified": 1751903740,
-        "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
         "type": "github"
       },
       "original": {
@@ -142,11 +142,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1746576598,
+        "lastModified": 1759826507,
-        "narHash": "sha256-FshoQvr6Aor5SnORVvh/ZdJ1Sa2U4ZrIMwKBX5k2wu0=",
+        "narHash": "sha256-vwXL9H5zDHEQA0oFpww2one0/hkwnPAjc47LRph6d0I=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b3582c75c7f21ce0b429898980eddbbf05c68e55",
+        "rev": "bce5fe2bb998488d8e7e7856315f90496723793c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -18,36 +18,102 @@
     };
   };
 
-  outputs = { flake-utils,nixpkgs, nixos-generators, agenix, ... }: {
+  outputs =
-    packages.x86_64-linux = {
+    {
-      create-vm = let
+      flake-utils,
-        pkgs = import nixpkgs { system = "x86_64-linux"; };
+      nixpkgs,
-        script-name = "create-vm";
+      nixos-generators,
-        src = builtins.readFile ./nixos/proxmox/create-vm.sh;
+      agenix,
-        script = (pkgs.writeScriptBin script-name src).overrideAttrs(old: {
+      ...
-          buildCommand = "${old.buildCommand}\n patchShebangs $out";
+    }:
-        });
+    {
-        buildInputs = with pkgs; [ gum jq ];
+      packages.x86_64-linux = {
-      in pkgs.symlinkJoin {
+        create-vm =
-          name = script-name;
+          let
-          paths = [ script ] ++ buildInputs;
+            pkgs = import nixpkgs { system = "x86_64-linux"; };
-          nativeBuildInputs = with pkgs; [makeWrapper];
+            script-name = "create-vm";
-          postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin";
+            src = builtins.readFile ./nixos/proxmox/create-vm.sh;
+            script = (pkgs.writeScriptBin script-name src).overrideAttrs (old: {
+              buildCommand = "${old.buildCommand}\n patchShebangs $out";
+            });
+            buildInputs = with pkgs; [
+              gum
+              jq
+            ];
+          in
+          pkgs.symlinkJoin {
+            name = script-name;
+            paths = [ script ] ++ buildInputs;
+            nativeBuildInputs = with pkgs; [ makeWrapper ];
+            postBuild = "wrapProgram $out/bin/${script-name} --prefix PATH : $out/bin";
+          };
+        generate-iso = nixos-generators.nixosGenerate {
+          format = "iso";
+          system = "x86_64-linux";
+          modules = [
+            ./nixos/proxmox/iso.nix # base configuration of the image
+          ];
         };
-      generate-iso = nixos-generators.nixosGenerate {
-        format = "iso";
-        system = "x86_64-linux";
-        modules = [
-          ./nixos/proxmox/iso.nix # base configuration of the image
-        ];
       };
-    };
 
-  } // flake-utils.lib.eachDefaultSystem (system:
+    }
-      let pkgs = import nixpkgs {
+    // flake-utils.lib.eachDefaultSystem (
-        inherit system;
+      system:
-      }; in
+      let
-        {
+        fluxOverlay = (
+          final: prev:
+          let
+            version = "2.7.1";
+            srcHash = "sha256-UJiH6dunTKrHtjc1FudyGugSAJYrBC7TMQp+3PdywPI=";
+            manifestsHash = "sha256-/57wRJ2Sj5vkPsuDQp4q+gbs6C4Qy1PfS3KNt2I5IlU=";
+            vendorHash = "sha256-C5s+/OwZ3cjJZmj39j69LJS3qwQXGJuxyRK1vHVgXGg=";
+
+            manifests = prev.fetchzip {
+              url = "https://github.com/fluxcd/flux2/releases/download/v${version}/manifests.tar.gz";
+              # First build with a dummy, then replace with the `got:` hash from the error
+              hash = manifestsHash;
+              stripRoot = false;
+            };
+          in
+          {
+            fluxcd = prev.fluxcd.overrideAttrs (old: {
+              inherit version vendorHash;
+              src = prev.fetchFromGitHub {
+                owner = "fluxcd";
+                repo = "flux2";
+                rev = "v${version}";
+                # First build with a dummy, then replace with the `got:` hash
+                hash = srcHash;
+              };
+              postUnpack = ''
+                cp -r ${manifests} source/cmd/flux/manifests
+                # disable tests that require network access
+                rm source/cmd/flux/create_secret_git_test.go
+              '';
+
+              ldflags = [
+                "-s"
+                "-w"
+                "-X main.VERSION=${version}"
+              ];
+
+              # keep install check aligned with the new version
+              installCheckPhase = ''
+                $out/bin/flux --version | grep ${version} > /dev/null
+              '';
+
+              meta = old.meta // {
+                changelog = "https://github.com/fluxcd/flux2/releases/tag/v${version}";
+              };
+            });
+          }
+        );
+        pkgs = import nixpkgs {
+          inherit system;
+          overlays = [ fluxOverlay ];
+        };
+      in
+      {
         devShells = {
           default = pkgs.mkShell {
             buildInputs = [
@@ -63,5 +129,6 @@
             ];
           };
         };
-      });
+      }
+    );
 }