From 35d43e0c3f681684515310173f688e740eee84bb Mon Sep 17 00:00:00 2001 From: Erica Marigold Date: Thu, 6 Feb 2025 11:52:42 +0530 Subject: [PATCH] Move to complete nixos docker image instead of just nixpkg --- nixos/programs/shell.nix | 2 +- vendor/docker-nixos/.gitignore | 1 + vendor/docker-nixos/Dockerfile | 64 +++++++-- vendor/docker-nixos/LICENSE | 21 +++ vendor/docker-nixos/README.txt | 2 +- vendor/docker-nixos/config/configuration.nix | 4 + vendor/docker-nixos/config/flake.nix | 17 +++ vendor/docker-nixos/configuration.nix | 126 ++++++++++++++++++ .../container-base-config-flake.nix | 6 + vendor/docker-nixos/editline-setup.sh | 29 ++++ vendor/docker-nixos/lowdown-setup.sh | 31 +++++ vendor/docker-nixos/nix-setup.sh | 30 +++++ vendor/docker-nixos/nixos-setup.sh | 24 ++++ vendor/docker-nixos/nixpkgs-setup.sh | 29 ++++ vendor/docker-nixos/options.nix | 4 + vendor/docker-nixos/setup-remote.sh | 13 -- vendor/docker-nixos/update-versions.py | 94 +++++++++++++ 17 files changed, 471 insertions(+), 26 deletions(-) create mode 100644 vendor/docker-nixos/.gitignore create mode 100644 vendor/docker-nixos/LICENSE create mode 100644 vendor/docker-nixos/config/configuration.nix create mode 100644 vendor/docker-nixos/config/flake.nix create mode 100644 vendor/docker-nixos/configuration.nix create mode 100644 vendor/docker-nixos/container-base-config-flake.nix create mode 100644 vendor/docker-nixos/editline-setup.sh create mode 100644 vendor/docker-nixos/lowdown-setup.sh create mode 100644 vendor/docker-nixos/nix-setup.sh create mode 100644 vendor/docker-nixos/nixos-setup.sh create mode 100644 vendor/docker-nixos/nixpkgs-setup.sh create mode 100644 vendor/docker-nixos/options.nix delete mode 100755 vendor/docker-nixos/setup-remote.sh create mode 100644 vendor/docker-nixos/update-versions.py diff --git a/nixos/programs/shell.nix b/nixos/programs/shell.nix index 6fc8c7e..0037b75 100644 --- a/nixos/programs/shell.nix +++ b/nixos/programs/shell.nix @@ -35,7 +35,7 @@ installPhase = '' fisher install catppuccin/fish fish_config theme save "Catppuccin Mocha" - ''; + '' }) ]; } diff --git a/vendor/docker-nixos/.gitignore b/vendor/docker-nixos/.gitignore new file mode 100644 index 0000000..b0ac3ed --- /dev/null +++ b/vendor/docker-nixos/.gitignore @@ -0,0 +1 @@ +.aider* diff --git a/vendor/docker-nixos/Dockerfile b/vendor/docker-nixos/Dockerfile index c2221e1..6794ea8 100644 --- a/vendor/docker-nixos/Dockerfile +++ b/vendor/docker-nixos/Dockerfile @@ -1,13 +1,55 @@ -FROM nixos/nix:2.24.11 +# FROM quay.io/skiffos/ubuntu:focal as builder +FROM archlinux:base-devel as builder -# Enable flakes -RUN echo -e "experimental-features = nix-command flakes\n\ -builders-use-substitutes = true\n" >> /etc/nix/nix.conf -# Enable remote builders substitutes -# https://nix.dev/manual/nix/2.18/command-ref/conf-file.html?highlight=builders-use-substitutes#conf-builders-use-substitutes -RUN echo "builders-use-substitutes = true" >> /etc/nix/nix.conf -# Trust all directory to run flake commands as root on different volumes -RUN git config --global --add safe.directory '*' +RUN pacman --noconfirm -Syu +RUN pacman --noconfirm -S shadow wget pkg-config autoconf-archive jq boost boost \ + editline libsodium libcpuid gtest rapidcheck nlohmann-json libgit2 +RUN pacman --noconfirm -Scc -# Copy the setup script -COPY --chown=root:root --chmod=700 ./setup-remote.sh /setup-remote.sh +# nyx nyx nyx nyx nyx! +RUN \ + groupadd nixbld && \ + useradd --home /home/builder --shell /bin/bash builder && \ + usermod -a -G nixbld builder && \ + echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder && \ + chmod 600 /etc/sudoers.d/builder && \ + mkdir -p /home/builder/sys-config /home/builder/scripts + +ADD ./nix-setup.sh ./editline-setup.sh ./lowdown-setup.sh /home/builder/scripts/ +RUN \ + chmod +x /home/builder/scripts/* && \ + chown -R builder /home/builder && \ + sudo -u builder bash -c "cd /home/builder && bash ./scripts/editline-setup.sh" +RUN sudo -u builder bash -c "cd /home/builder && bash ./scripts/lowdown-setup.sh" +RUN sudo -u builder bash -c "cd /home/builder && bash ./scripts/nix-setup.sh" + +ADD nixpkgs-setup.sh /home/builder/scripts/ +RUN sudo -u builder bash -c "cd /home/builder && bash ./scripts/nixpkgs-setup.sh" + +ADD nixos-setup.sh *.nix /home/builder/sys-config/ +RUN \ + mkdir -p /sys-root && \ + cd /home/builder/sys-config && bash ./nixos-setup.sh && \ + rm /sys-root/etc && \ + mkdir -m 0755 -p /sys-root/etc/nixos && \ + touch /sys-root/etc/NIXOS && \ + cp /home/builder/sys-config/*.nix \ + /sys-root/etc/nixos/ + + +# create the final Docker image using the output of the build. +FROM scratch + +STOPSIGNAL SIGRTMIN+3 + +WORKDIR / +ENV container docker + +COPY --from=builder /nix /nix +COPY --from=builder /sys-root/ / +COPY options.nix /options.nix +COPY container-base-config-flake.nix /baseconfig/flake.nix +COPY configuration.nix /baseconfig/container.nix +COPY config /config + +ENTRYPOINT ["/init"] diff --git a/vendor/docker-nixos/LICENSE b/vendor/docker-nixos/LICENSE new file mode 100644 index 0000000..d5ce952 --- /dev/null +++ b/vendor/docker-nixos/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020-2024 Christian Stewart + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/docker-nixos/README.txt b/vendor/docker-nixos/README.txt index 4724581..9dcd861 100644 --- a/vendor/docker-nixos/README.txt +++ b/vendor/docker-nixos/README.txt @@ -1 +1 @@ -Slightly modified from [joshuachp/containers](https://github.com/joshuachp/containers/tree/e55ba5e5b8a3a39438e34f18459e358210742724/nixos). +Slightly modified from https://github.com/TRPB/docker-nixos. diff --git a/vendor/docker-nixos/config/configuration.nix b/vendor/docker-nixos/config/configuration.nix new file mode 100644 index 0000000..a1fc94d --- /dev/null +++ b/vendor/docker-nixos/config/configuration.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + system.stateVersion = "24.05"; +} diff --git a/vendor/docker-nixos/config/flake.nix b/vendor/docker-nixos/config/flake.nix new file mode 100644 index 0000000..002f6d1 --- /dev/null +++ b/vendor/docker-nixos/config/flake.nix @@ -0,0 +1,17 @@ +{ + description = "Container test"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + }; + + outputs = { self, nixpkgs, ... }@inputs: + { + nixosConfigurations.default = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + ]; + }; + }; +} \ No newline at end of file diff --git a/vendor/docker-nixos/configuration.nix b/vendor/docker-nixos/configuration.nix new file mode 100644 index 0000000..c3f5955 --- /dev/null +++ b/vendor/docker-nixos/configuration.nix @@ -0,0 +1,126 @@ +{ config, pkgs, lib, ... }: +let + options = import ./options.nix; + flake = '' + { + description = "Container"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + container-base-config.url = "path:/baseconfig"; + user-config.url = "${options.flakeUrl}"; + }; + + outputs = { nixpkgs, user-config, container-base-config, ... }@inputs: { + nixosConfigurations.container = user-config.nixosConfigurations.${options.nixosConfiguration}.extendModules { + modules = [container-base-config.nixosModules.containerConfig]; + }; + }; + } + ''; +in { + system.stateVersion = "24.05"; + + boot.initrd.availableKernelModules = [ ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.isContainer = true; + + fileSystems."/" = + { device = "overlay"; + fsType = "overlay"; + noCheck = true; + }; + + fileSystems."/run" = + { device = "none"; + fsType = "tmpfs"; + options = [ "defaults" "size=2G" "mode=777" ]; + }; + + swapDevices = [ ]; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + + environment.noXlibs = lib.mkForce true; + nix.settings.sandbox = false; + networking.firewall.enable = lib.mkDefault false; + networking.hostName = lib.mkForce ""; + networking.interfaces.eth0.useDHCP = false; + networking.nameservers = [ "1.1.1.1" "8.8.8.8" ]; + networking.networkmanager.enable = lib.mkForce false; + #networking.resolvconf.dnsExtensionMechanism = false; + networking.useDHCP = false; + networking.wireless.enable = false; + nix.distributedBuilds = true; + security.audit.enable = false; + security.sudo.enable = true; + systemd.enableEmergencyMode = false; + systemd.services.console-getty.enable = lib.mkForce false; + systemd.services.rescue.enable = false; + systemd.services.systemd-firstboot.enable = lib.mkForce false; + systemd.services.systemd-hostnamed.enable = lib.mkForce false; + + # minimal.nix + documentation.enable = lib.mkDefault false; + documentation.doc.enable = lib.mkDefault false; + documentation.info.enable = lib.mkDefault false; + documentation.man.enable = lib.mkDefault false; + documentation.nixos.enable = lib.mkDefault false; + + # Perl is a default package. + environment.defaultPackages = lib.mkDefault [ ]; + + environment.stub-ld.enable = false; + + # The lessopen package pulls in Perl. + programs.less.lessopen = lib.mkDefault null; + + # This pulls in nixos-containers which depends on Perl. + boot.enableContainers = lib.mkDefault false; + + programs.command-not-found.enable = lib.mkDefault false; + + services.logrotate.enable = lib.mkDefault false; + + services.udisks2.enable = lib.mkDefault false; + + xdg.autostart.enable = lib.mkDefault false; + xdg.icons.enable = lib.mkDefault false; + xdg.mime.enable = lib.mkDefault false; + xdg.sounds.enable = lib.mkDefault false; + + systemd.mounts = [{ + where = "/sys/kernel/debug"; + enable = false; + }]; + + #boot.isContainer = true; + boot.loader = { + systemd-boot.enable = false; + efi.canTouchEfiVariables = false; + }; + + boot.postBootCommands = lib.mkForce ""; + system.activationScripts.specialfs = lib.mkForce ""; + + # don't set sycstl values in a container + #systemd.services.systemd-sysctl.restartTriggers = lib.mkDefault [ ]; + environment.etc."sysctl.d/60-nixos.conf" = lib.mkForce { text = "# disabled\n"; }; + environment.etc."sysctl.d/50-default.conf" = lib.mkForce { text = "# diasbled\n"; }; + environment.etc."sysctl.d/50-coredump.conf" = lib.mkForce { text = "# disabled\n"; }; + # Docker makes this read only + environment.etc."hosts".enable = false; + boot.kernel.sysctl = lib.mkForce { "kernel.dmesg_restrict" = 0; }; + + systemd.services.create-switch-script = { + enable = true; + script = '' + mkdir -p /build + echo '${flake}' > /build/flake.nix + cp /options.nix /baseconfig/options.nix + /run/current-system/sw/bin/nixos-rebuild switch --flake /build#container + ''; + wantedBy = [ "multi-user.target" ]; + }; +} \ No newline at end of file diff --git a/vendor/docker-nixos/container-base-config-flake.nix b/vendor/docker-nixos/container-base-config-flake.nix new file mode 100644 index 0000000..4260b62 --- /dev/null +++ b/vendor/docker-nixos/container-base-config-flake.nix @@ -0,0 +1,6 @@ +{ + outputs = { self }: { + nixosModules.containerConfig = import ./container.nix; + nixosModule = self.nixosModules.containerConfig; + }; +} diff --git a/vendor/docker-nixos/editline-setup.sh b/vendor/docker-nixos/editline-setup.sh new file mode 100644 index 0000000..9c6fb2d --- /dev/null +++ b/vendor/docker-nixos/editline-setup.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -eo pipefail + +EDITLINE_VERSION=1.17.1 +EDITLINE_HASH=df223b3333a545fddbc67b49ded3d242c66fadf7a04beb3ada20957fcd1ffc0e +# EDITLINE_SOURCE=https://github.com/troglobit/editline/archive/${EDITLINE_VERSION}/editline-${EDITLINE_VERSION}.tar.gz +EDITLINE_SOURCE=http://gentoo.osuosl.org/distfiles/88/editline-${EDITLINE_VERSION}.tar.xz + +echo "Downloading editline version ${EDITLINE_VERSION}..." +wget -O editline.tar.xz ${EDITLINE_SOURCE} +DL_SUM=$(sha256sum editline.tar.xz | cut -d" " -f1) +if [ $DL_SUM != $EDITLINE_HASH ]; then + echo "Downloaded file hash mismatch!" + echo "URL: $EDITLINE_SOURCE" + echo "Got: $DL_SUM" + echo "Expected: $EDITLINE_HASH" + exit 1 +fi + +mkdir -p editline +tar --strip-components=1 -C editline -xf ./editline.tar.xz +rm editline.tar.xz +cd editline +# ./autogen.sh +./configure --prefix=/usr/local --disable-seccomp-sandboxing --disable-manual +make -j4 +sudo make install +cd .. +rm -rf editline diff --git a/vendor/docker-nixos/lowdown-setup.sh b/vendor/docker-nixos/lowdown-setup.sh new file mode 100644 index 0000000..950d81b --- /dev/null +++ b/vendor/docker-nixos/lowdown-setup.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -eo pipefail + +LOWDOWN_VERSION=1200b9f4ceceb5795ccc0a02a2105310f0819222 +LOWDOWN_SOURCE=https://github.com/kristapsdz/lowdown/archive/${LOWDOWN_VERSION}.tar.gz + +# wget -q -O- https://github.com/kristapsdz/lowdown/archive/${LOWDOWN_VERSION}.tar.gz | \ +# tee >(sha256sum | cut -d' ' -f1 | \ +# xargs -I {} sed -i 's/LOWDOWN_HASH=.*/LOWDOWN_HASH={}/' lowdown-setup.sh) >/dev/null +LOWDOWN_HASH=ace39b836bff0acedae9f0acdcbe33f18322145b2faa22b4d4a74b75b8e69637 + +echo "Downloading lowdown version ${LOWDOWN_VERSION}..." +wget -q -O lowdown.tar.gz ${LOWDOWN_SOURCE} +DL_SUM=$(sha256sum lowdown.tar.gz | cut -d" " -f1) +if [ $DL_SUM != $LOWDOWN_HASH ]; then + echo "Downloaded file hash mismatch!" + echo "URL: $LOWDOWN_SOURCE" + echo "Got: $DL_SUM" + echo "Expected: $LOWDOWN_HASH" + exit 1 +fi + +mkdir -p lowdown +tar -C lowdown -xf ./lowdown.tar.gz --strip-components=1 +rm lowdown.tar.gz +cd lowdown +CFLAGS="-fPIC" ./configure PREFIX=/usr/local +make -j$(nproc) +sudo make install +cd ../ +rm -rf lowdown diff --git a/vendor/docker-nixos/nix-setup.sh b/vendor/docker-nixos/nix-setup.sh new file mode 100644 index 0000000..ffdcbea --- /dev/null +++ b/vendor/docker-nixos/nix-setup.sh @@ -0,0 +1,30 @@ +#!/bin/bash +set -eo pipefail + +NIX_VERSION=2.23.1 +NIX_HASH=c7cf1492f642fdfdc3f1ca8ebaad03274282720565b55f5144aba4850a44a3da +NIX_SOURCE=https://github.com/NixOS/nix/archive/${NIX_VERSION}/nix-${NIX_VERSION}.tar.gz + +echo "Downloading nix version ${NIX_VERSION}..." +wget -q -O nix.tar.gz ${NIX_SOURCE} +DL_SUM=$(sha256sum nix.tar.gz | cut -d" " -f1) +if [ $DL_SUM != $NIX_HASH ]; then + echo "Downloaded file hash mismatch!" + echo "URL: $NIX_SOURCE" + echo "Got: $DL_SUM" + echo "Expected: $NIX_HASH" + exit 1 +fi + +mkdir -p nix +tar --strip-components=1 -C nix -xf ./nix.tar.gz +rm nix.tar.gz +cd nix +autoreconf -vfi +bash ./configure --prefix=/usr/local --disable-doc-gen CFLAGS="-fPIC" +make -j32 +sudo make install +sudo nix-store --realise +cd ../ +rm -rf ./nix + diff --git a/vendor/docker-nixos/nixos-setup.sh b/vendor/docker-nixos/nixos-setup.sh new file mode 100644 index 0000000..4616aa6 --- /dev/null +++ b/vendor/docker-nixos/nixos-setup.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -eo pipefail + +source /usr/local/etc/profile.d/nix.sh + +# install nixos +export NIX_PATH=/home/builder/nix-path +cd /home/builder/sys-config +nix-build \ + --option sandbox false \ + -I nixos-config=$(pwd)/configuration.nix \ + -A system \ + '' +# target_system=$(readlink -f ./result) +# nix-env -p /nix/var/nix/profiles/system --set $target_system + +touch ./result/etc/NIXOS +mkdir -p ./result/etc/nixos/ +cp configuration.nix ./result/etc/nixos/ + +cp -r $(pwd)/result/* /sys-root/ +mkdir -p /sys-root/run/systemd/ +mkdir -p /sys-root/root +rm result diff --git a/vendor/docker-nixos/nixpkgs-setup.sh b/vendor/docker-nixos/nixpkgs-setup.sh new file mode 100644 index 0000000..9c01e87 --- /dev/null +++ b/vendor/docker-nixos/nixpkgs-setup.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -eo pipefail + +# previous working version: +# NIXPKGS_VERSION=v208 +# NIXPKGS_HASH=b49b7aa90e89fe1016036d2f770975f3322b8724401b534b4a356046cba424ee + +NIXPKGS_VERSION=24.05 +NIXPKGS_HASH=911314b81780f26fdaf87e17174210bdbd40c86bac1795212f257cdc236a1e78 + +NIXPKGS_SOURCE=https://github.com/NixOS/nixpkgs/archive/${NIXPKGS_VERSION}/nixos-${NIXPKGS_VERSION}.tar.gz + +echo "Downloading nixpkgs version ${NIXPKGS_VERSION}..." +cd ~ +wget -q -O nixpkgs.tar.gz ${NIXPKGS_SOURCE} +DL_SUM=$(sha256sum nixpkgs.tar.gz | cut -d" " -f1) +if [ $DL_SUM != $NIXPKGS_HASH ]; then + echo "Downloaded file hash mismatch!" + echo "URL: $NIXPKGS_SOURCE" + echo "Got: $DL_SUM" + echo "Expected: $NIXPKGS_HASH" + exit 1 +fi + +mkdir -p nix-path/nixpkgs +tar --strip-components=1 -C nix-path/nixpkgs -xf ./nixpkgs.tar.gz +rm nixpkgs.tar.gz +#cd nix-path/nixpkgs +#cd ../../ diff --git a/vendor/docker-nixos/options.nix b/vendor/docker-nixos/options.nix new file mode 100644 index 0000000..c82acea --- /dev/null +++ b/vendor/docker-nixos/options.nix @@ -0,0 +1,4 @@ +{ + flakeUrl = "git+https://git.devcomp.xyz/coder-devenv"; + nixosConfiguration = "default"; +} diff --git a/vendor/docker-nixos/setup-remote.sh b/vendor/docker-nixos/setup-remote.sh deleted file mode 100755 index 3302b05..0000000 --- a/vendor/docker-nixos/setup-remote.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -set -exEuo pipefail - -mkdir -p ~/.ssh -echo "$BUILDER_KEY" >>~/.ssh/id_ed25519 -echo "$BUILDER_HOST_KEYS" >>~/.ssh/known_hosts -chmod -R 600 ~/.ssh - -# Check the remote builder -nix store info --store "$BUILDERS" - -echo "$BUILDERS" >>/etc/nix/machines diff --git a/vendor/docker-nixos/update-versions.py b/vendor/docker-nixos/update-versions.py new file mode 100644 index 0000000..980c197 --- /dev/null +++ b/vendor/docker-nixos/update-versions.py @@ -0,0 +1,94 @@ +import re +import requests +import hashlib +from packaging import version + +def get_latest_version(repo): + url = f"https://api.github.com/repos/{repo}/tags" + try: + response = requests.get(url, timeout=10) + response.raise_for_status() + tags = response.json() + if repo == 'NixOS/nixpkgs': + # For nixpkgs, find the latest release tag (e.g., 23.05) + release_tags = [tag['name'] for tag in tags if re.match(r'^\d+\.\d+$', tag['name'])] + if release_tags: + return max(release_tags, key=lambda x: version.parse(x)) + else: + # Fallback: return the latest tag + print(f"No release tags found for {repo}, using latest tag instead.") + return tags[0]['name'] + else: + # For other repos, return the latest tag + return tags[0]['name'].lstrip('v') + except requests.RequestException as e: + print(f"Error fetching latest version for {repo}: {e}") + return None + +def calculate_hash(url): + try: + response = requests.get(url, stream=True, timeout=30) + response.raise_for_status() + sha256_hash = hashlib.sha256() + for chunk in response.iter_content(chunk_size=8192): + sha256_hash.update(chunk) + return sha256_hash.hexdigest() + except requests.RequestException as e: + print(f"Error calculating hash for {url}: {e}") + return None + +def update_file(filename, package, new_version, new_hash): + try: + with open(filename, 'r') as file: + content = file.read() + + version_pattern = rf'{package.upper()}_VERSION=([^\n]+)' + hash_pattern = rf'{package.upper()}_HASH=([^\n]+)' + + version_match = re.search(version_pattern, content) + hash_match = re.search(hash_pattern, content) + + if not version_match or not hash_match: + print(f"Version or hash pattern not found for {package} in {filename}") + return + + current_version = version_match.group(1) + current_hash = hash_match.group(1) + + if current_version == new_version and current_hash == new_hash: + print(f"No update needed for {package} in {filename} (current version: {current_version}, current hash: {current_hash})") + return + + updated_content = re.sub(version_pattern, f'{package.upper()}_VERSION={new_version}', content) + updated_content = re.sub(hash_pattern, f'{package.upper()}_HASH={new_hash}', updated_content) + + with open(filename, 'w') as file: + file.write(updated_content) + print(f"Updated {package} version from {current_version} to {new_version} and hash from {current_hash} to {new_hash} in {filename}") + except IOError as e: + print(f"Error updating {filename}: {e}") + +def main(): + packages = { + 'nix': 'NixOS/nix', + 'nixpkgs': 'NixOS/nixpkgs' + } + + for package, repo in packages.items(): + latest_version = get_latest_version(repo) + if latest_version: + filename = f'{package}-setup.sh' + if package == 'nix': + url = f"https://github.com/{repo}/archive/{latest_version}/nix-{latest_version}.tar.gz" + else: + url = f"https://github.com/{repo}/archive/{latest_version}/nixos-{latest_version}.tar.gz" + new_hash = calculate_hash(url) + if new_hash: + update_file(filename, package, latest_version, new_hash) + else: + print(f"Skipping update for {package} due to hash calculation failure") + else: + print(f"Skipping update for {package} due to version fetch failure") + +if __name__ == "__main__": + main()