github-starred/gitea-mirror
2
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-05-07 21:17:16 -05:00
Code Issues 103 Packages Projects Releases 93 Wiki Activity

[GH-ISSUE #197] Nix package is broken #1203

New Issue
Closed
opened 2026-04-21 23:12:40 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-21 23:12:40 -05:00
Owner
Copy Link

Originally created by @pedorich-n on GitHub (Feb 27, 2026).
Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/197

Originally assigned to: @arunavo4 on GitHub.

Hello!

I am experiencing an issue similar to https://github.com/RayLabsHQ/gitea-mirror/issues/143#issuecomment-3734223131, when trying to build a Nix package:

@nix { "action": "setPhase", "phase": "buildPhase" }
bun install v1.3.6 (d530ed99)
Resolving dependencies
Resolved, downloaded and extracted [396]
error: ConnectionRefused downloading package manifest vitest
error: ConnectionRefused downloading package manifest @astrojs/check
error: ConnectionRefused downloading package manifest @testing-library/jest-dom
error: ConnectionRefused downloading package manifest @types/uuid
error: ConnectionRefused downloading package manifest @vitejs/plugin-react
error: ConnectionRefused downloading package manifest drizzle-kit
....

Looking at the buildPhase, and the package in general, I had a suspicion that it required internet access to build. The Nix CI workflow confirmed it: c26b5574e0/.github/workflows/nix-build.yml (L42-L43)

The problem is that on Linux and NixOS, sandboxing is enabled by default (not only on CI), but on MacOS, I think it's not. Sandboxing blocks internet access, meaning this package (in its current form) will never build on Linux machines.

To build a proper Nix package, until https://github.com/NixOS/nixpkgs/issues/335534 is merged, you need to use something like Fixed Output Derivation or a wrapper like bun2nix.

I'm not familiar with bun, but I am somewhat familiar with nix and packaging apps with it. I can try to help package this app so that it will be buildable on all platforms.

Originally created by @pedorich-n on GitHub (Feb 27, 2026). Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/197 Originally assigned to: @arunavo4 on GitHub. Hello! I am experiencing an issue similar to https://github.com/RayLabsHQ/gitea-mirror/issues/143#issuecomment-3734223131, when trying to build a Nix package: ``` @nix { "action": "setPhase", "phase": "buildPhase" } bun install v1.3.6 (d530ed99) Resolving dependencies Resolved, downloaded and extracted [396] error: ConnectionRefused downloading package manifest vitest error: ConnectionRefused downloading package manifest @astrojs/check error: ConnectionRefused downloading package manifest @testing-library/jest-dom error: ConnectionRefused downloading package manifest @types/uuid error: ConnectionRefused downloading package manifest @vitejs/plugin-react error: ConnectionRefused downloading package manifest drizzle-kit .... ``` Looking at the [`buildPhase`](https://github.com/RayLabsHQ/gitea-mirror/blob/c26b5574e0ca4976cefd54612564d779b8f87534/flake.nix#L39-L45), and the package in general, I had a suspicion that it required internet access to build. The Nix CI workflow confirmed it: https://github.com/RayLabsHQ/gitea-mirror/blob/c26b5574e0ca4976cefd54612564d779b8f87534/.github/workflows/nix-build.yml#L42-L43 The problem is that on Linux and NixOS, sandboxing is **enabled by default** (not only on CI), but on MacOS, I think it's not. Sandboxing blocks internet access, meaning this package (in its current form) will never build on Linux machines. To build a proper Nix package, until https://github.com/NixOS/nixpkgs/issues/335534 is merged, you need to use something like Fixed Output Derivation or a wrapper like [bun2nix](https://nix-community.github.io/bun2nix). I'm not familiar with bun, but I am somewhat familiar with nix and packaging apps with it. I can try to help package this app so that it will be buildable on all platforms.
GiteaMirror commented 2026-04-21 23:12:41 -05:00
Author
Owner
Copy Link

@arunavo4 commented on GitHub (Feb 27, 2026):

@pedorich-n would appreciate your help. I will also run this on a linux vm and check.

<!-- gh-comment-id:3970650908 --> @arunavo4 commented on GitHub (Feb 27, 2026): @pedorich-n would appreciate your help. I will also run this on a linux vm and check.
GiteaMirror commented 2026-04-21 23:12:41 -05:00
Author
Owner
Copy Link

@arunavo4 commented on GitHub (Feb 27, 2026):

Fix verified on Linux (Ubuntu 24.04 LTS, x64)

The Nix package now builds and runs successfully on Linux with sandboxing enabled. This is fixed in PR #199.

What was done:

  1. Integrated bun2nix to pre-fetch all npm dependencies as fixed-output derivations - no network access needed during build
  2. Fixed runtime issue where the app couldn't write to the read-only Nix store by creating a writable workdir with symlinks
  3. Added nanoid as an explicit dependency (was only available as a transitive dep, which broke under the isolated linker)

Test environment:

  • OS: Ubuntu 24.04.3 LTS (x64) on Azure VM
  • Nix: with sandboxing enabled (default on Linux)
  • Build: nix build completes successfully
  • Runtime: Server starts, database initializes, health check passes

Health check output:

{
  "status": "ok",
  "database": { "connected": true, "message": "Database connection successful" },
  "recovery": { "status": "healthy", "jobsNeedingRecovery": 0 },
  "system": {
    "os": { "platform": "linux", "version": "#17~24.04.1-Ubuntu", "arch": "x64" },
    "env": "production"
  }
}

Screenshots of the app running from the Nix package will be attached to PR #199. This will ship in the next release.

<!-- gh-comment-id:3971230842 --> @arunavo4 commented on GitHub (Feb 27, 2026): ## Fix verified on Linux (Ubuntu 24.04 LTS, x64) The Nix package now builds and runs successfully on Linux with sandboxing enabled. This is fixed in PR #199. ### What was done: 1. Integrated [bun2nix](https://github.com/nix-community/bun2nix) to pre-fetch all npm dependencies as fixed-output derivations - no network access needed during build 2. Fixed runtime issue where the app couldn't write to the read-only Nix store by creating a writable workdir with symlinks 3. Added `nanoid` as an explicit dependency (was only available as a transitive dep, which broke under the isolated linker) ### Test environment: - **OS:** Ubuntu 24.04.3 LTS (x64) on Azure VM - **Nix:** with sandboxing enabled (default on Linux) - **Build:** `nix build` completes successfully - **Runtime:** Server starts, database initializes, health check passes ### Health check output: ```json { "status": "ok", "database": { "connected": true, "message": "Database connection successful" }, "recovery": { "status": "healthy", "jobsNeedingRecovery": 0 }, "system": { "os": { "platform": "linux", "version": "#17~24.04.1-Ubuntu", "arch": "x64" }, "env": "production" } } ``` Screenshots of the app running from the Nix package will be attached to PR #199. This will ship in the next release.
GiteaMirror commented 2026-04-21 23:12:42 -05:00
Author
Owner
Copy Link

@arunavo4 commented on GitHub (Feb 27, 2026):

Screenshots from Linux VM (Nix package)

Light mode:
Gitea Mirror - Light Mode (Nix on Linux)

Dark mode:
Gitea Mirror - Dark Mode (Nix on Linux)

<!-- gh-comment-id:3971234513 --> @arunavo4 commented on GitHub (Feb 27, 2026): ### Screenshots from Linux VM (Nix package) **Light mode:** ![Gitea Mirror - Light Mode (Nix on Linux)](https://files.catbox.moe/1xihk0.png) **Dark mode:** ![Gitea Mirror - Dark Mode (Nix on Linux)](https://files.catbox.moe/krxayo.png)
GiteaMirror commented 2026-04-21 23:12:42 -05:00
Author
Owner
Copy Link

@pedorich-n commented on GitHub (Feb 27, 2026):

Well, that was quick.
I didn't even get a chance to look at the code. 😅 But there are surprisingly few changes. Nice!
I am running it now on NixOS, and it seems to be working fine.

Thanks!

<!-- gh-comment-id:3973248776 --> @pedorich-n commented on GitHub (Feb 27, 2026): Well, that was quick. I didn't even get a chance to look at the code. 😅 But there are surprisingly few changes. Nice! I am running it now on NixOS, and it seems to be working fine. Thanks!
GiteaMirror commented 2026-04-21 23:12:43 -05:00
Author
Owner
Copy Link

@arunavo4 commented on GitHub (Feb 27, 2026):

@pedorich-n Thanks for the sponsor!

<!-- gh-comment-id:3974530733 --> @arunavo4 commented on GitHub (Feb 27, 2026): @pedorich-n Thanks for the sponsor!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
documentation
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea-mirror#1203
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?