feat(.envrc): only gcroot explicitly specified 3p/sources

Not all dependencies in //third_party/sources are equally important for
evaluation, some are never used (e.g. rustsec-advisory-db is re-fetched
using fetchFromGitHub). It seems to be a good idea to make it
configurable what to gcroot and thus unconditionally download as soon
as .envrc is loaded for the first time.

This frees //third_party/sources to be used more extensively, e.g. for
managing third_party dependencies that aren't used at eval time.

This commit is very conservative and only gcroots:

- nixpkgs, nixpgs-stable (obviously)
- rust-overlay (applied to our nixpkgs instance unconditionally)
- home-manager (used in //third_party/overlays/tvl)

I'm open to re-enabling gcrooting of the following other sources which
are only necessary to evaluate some targets:

- agenix (obvious candidate, widely used in depot)
- naersk (used for many targets)
- napalm (used in //users/Profpatsch and //users/sterni)
- impermanence (only used in //users/tazjin)

Change-Id: I39eef14d08bec6857499655e30ecf47d5fdd1260
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12965
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>

.envrc

@@ -1,12 +1,16 @@
 # Create a gcroot that keeps all third_party.sources alive
-nix-build --out-link .gcroots/sources -E '
+nix-build --show-trace --out-link .gcroots/sources -E '
 with import ./. {};
 third_party.nixpkgs.writeText "depot-3p-sources.txt" (
   toString (
     builtins.map (s: s.outPath or null) (
+      # Only gcroot sources that are explicitly marked using
+      # niv modify --attribute gcroot=true <source>
+      builtins.filter (source: source.gcroot or false) (
         builtins.attrValues third_party.sources
       )
     )
+  )
 )'
 
 # Configure the local PATH to contain tools which are fetched ad-hoc

third_party/sources/sources.json

@@ -14,6 +14,7 @@
     "gitignore.nix": {
         "branch": "master",
         "description": "Nix functions for filtering local git sources",
+        "gcroot": true,
         "homepage": "",
         "owner": "hercules-ci",
         "repo": "gitignore.nix",
@@ -26,6 +27,7 @@
     "home-manager": {
         "branch": "master",
         "description": "Manage a user environment using Nix  [maintainer=@rycee] ",
+        "gcroot": true,
         "homepage": "https://nix-community.github.io/home-manager/",
         "owner": "nix-community",
         "repo": "home-manager",
@@ -74,6 +76,7 @@
     "nixpkgs": {
         "branch": "nixos-unstable",
         "description": "Nix Packages collection",
+        "gcroot": true,
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
@@ -86,6 +89,7 @@
     "nixpkgs-stable": {
         "branch": "nixos-23.11",
         "description": "Nix Packages collection",
+        "gcroot": true,
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
@@ -98,6 +102,7 @@
     "rust-overlay": {
         "branch": "master",
         "description": "Pure and reproducible nix overlay of binary distributed rust toolchains",
+        "gcroot": true,
         "homepage": "",
         "owner": "oxalica",
         "repo": "rust-overlay",