From 740b92c7f4f774d0dfe68f55ddbb74c3814ef458 Mon Sep 17 00:00:00 2001 From: Kayos Date: Wed, 6 May 2026 21:20:36 -0700 Subject: [PATCH] nix: enable ca-derivations + IOG/MLabs caches at install time MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two coupled fixes in section 19.5 of the Dockerfile: 1. Add ca-derivations to experimental-features. Without it, the SQLite store is initialized at schema v10 (no Realisations table). Plutarch / Liqwid Agora / IOG flakes request ca-derivations via nixConfig; first realisation query then crashes with `Assertion 'stmt.stmt' failed in nix::SQLiteStmt:: Use::Use(SQLiteStmt&)`. Pre-enabling at install time means store init creates schema v11 with the table. Self-inflicted wound caught in the first nix develop attempt against github:Liqwid-Labs/agora. 2. Add cache.iog.io + mlabs.cachix.org as substituters with their public keys. Without these, every Cardano/Plutarch dep gets built from source — hours of GHC compile vs minutes of binary cache pull. Also: write nix.conf BEFORE running the Nix install script, because the installer reads the user's nix.conf during init to decide schema. Order-dependent. accept-flake-config = true so flake nixConfig blocks (which add their own substituters / experimental features) work without re-prompting per command. --- Dockerfile | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index e48fc23..3c36a1e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -290,21 +290,37 @@ ENV PATH=/home/crafter/.composer/vendor/bin:$PATH # a manual-version-pinning fight against the IOG snapshot. # # Single-user install at /nix, no daemon. Sandbox disabled — nested -# sandboxes don't work cleanly under Docker. Flakes + nix-command -# enabled by default. +# sandboxes don't work cleanly under Docker. Flakes + nix-command + +# ca-derivations enabled at install time so the SQLite store is +# initialized with the Realisations schema. Without ca-derivations +# pre-enabled, store schema is v10 (no Realisations table); flakes +# that request ca-derivations via nixConfig (Plutarch / Liqwid Agora +# / IOG Hydra cache, etc) crash on first realisation query with +# `Assertion 'stmt.stmt' failed in nix::SQLiteStmt::Use::Use`. # -# Cache: bind-mount `/nix` at runtime (compose.yml ships this) so the +# Substituters: cache.nixos.org (default) + cache.iog.io (IOG Hydra +# binary cache for Plutarch + Cardano + Haskell.nix closure) + +# mlabs.cachix.org (MLabs builds — used by Liqwid stack). +# trusted-substituters lets the user accept new substituters via +# accept-flake-config without re-confirmation. +# +# Cache: /nix is a Docker-managed named volume in compose.yml so the # multi-GB haskell-nix downloads persist across container rebuilds. USER root RUN mkdir -m 0755 /nix && chown crafter:crafter /nix USER crafter WORKDIR /home/crafter -RUN curl -fsSL https://nixos.org/nix/install -o /tmp/install-nix.sh \ +RUN mkdir -p /home/crafter/.config/nix \ + && printf '%s\n' \ + 'experimental-features = nix-command flakes ca-derivations' \ + 'sandbox = false' \ + 'accept-flake-config = true' \ + 'substituters = https://cache.nixos.org https://cache.iog.io https://mlabs.cachix.org' \ + 'trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= mlabs.cachix.org-1:gStKdEqNKcrlSQw5iMW6wFCj3+b+1ASpBVY2SYuNV2M=' \ + > /home/crafter/.config/nix/nix.conf \ + && curl -fsSL https://nixos.org/nix/install -o /tmp/install-nix.sh \ && sh /tmp/install-nix.sh --no-daemon --no-channel-add --no-modify-profile \ - && rm /tmp/install-nix.sh \ - && mkdir -p /home/crafter/.config/nix \ - && printf 'experimental-features = nix-command flakes\nsandbox = false\n' \ - > /home/crafter/.config/nix/nix.conf + && rm /tmp/install-nix.sh ENV PATH=/home/crafter/.nix-profile/bin:$PATH # ============================================================