NixOS · fricklerhandwerk · Feb 13, 2026 · Feb 10, 2026 · Feb 10, 2026 · Feb 10, 2026
diff --git a/infra/staging.nix b/infra/staging.nix
@@ -1,7 +1,6 @@
 {
   config,
   pkgs,
-  lib,
   ...
 }:
 let
@@ -25,31 +24,6 @@ in
   };
   swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
 
-  # Given 16G RAM, this should be enough at the time of writing:
-  # - Postgres needs ~1.5G RAM
-  # - The application server needs <1G RAM
-  # - An evaluation of Nixpkgs peaks at 6-7G of RAM.
-  # - We run at most one instance of `nix-eval-jobs` concurrently.
-  #   See `config.services.web-security-tracker.maxJobProcessors` to make sure.
-  # - We observe ~2M store paths in an active evaluation, taking ~5GB
-  # Adjust parameters (or get a bigger machine) if it doesn't work out.
-  systemd.mounts = [
-    {
-      what = "tmpfs";
-      where = "/tmp";
-      type = "tmpfs";
-      mountConfig.Options = lib.concatStringsSep "," [
-        "mode=1777"
-        "strictatime"
-        "rw"
-        "nosuid"
-        "nodev"
-        "size=37%"
-        "nr_inodes=4m"
-      ];
-    }
-  ];
-
   systemd.network.networks."10-wan" = {
     matchConfig.MACAddress = "96:00:03:d9:7c:85";
     address = [

diff --git a/nix/tests/default.nix b/nix/tests/default.nix
@@ -130,6 +130,9 @@ pkgs.testers.runNixOSTest {
       server.wait_for_unit("${application}-worker.service")
       server.wait_for_unit("mock-channels.service")
 
+      with subtest("Check that no migrations were missed"):
+        server.succeed("wst-manage makemigrations --check --dry-run")
+
       with subtest("Check that channel are fetched and evaluations enqueued"):
         server.succeed("wst-manage fetch_all_channels")
         ${in-shell "succeed" ''
@@ -175,10 +178,23 @@ pkgs.testers.runNixOSTest {
           ${
             # XXX(@fricklerhandwerk): We do this at the end since it takes a while and would otherwise stall the Django tests.
             in-shell "wait_until_succeeds" ''
-              from shared.models import NixEvaluation
+              from shared.models import (
+                NixEvaluation,
+                NixDerivation,
+                NixDerivationMeta,
+                NixMaintainer,
+                NixLicense,
+              )
               assert NixEvaluation.objects.filter(
                 state=NixEvaluation.EvaluationState.COMPLETED,
               ).count() == 3
+              for model, count in [
+                (NixDerivation, 3),
+                (NixDerivationMeta, 3),
+                (NixMaintainer, 1),
+                (NixLicense, 1),
+              ]:
+                assert model.objects.count() == count, f"{model._meta.object_name}: expected {count}, got {model.objects.count()}"
             ''
           }
     '';

diff --git a/src/project/settings.py b/src/project/settings.py
@@ -333,9 +333,9 @@ class AppSettings(BaseModel):
 MAX_PARALLEL_EVALUATION = 3
 # Where are the stderr of each `nix-eval-jobs` stored.
 EVALUATION_LOGS_DIRECTORY: str = str(
-    Path(BASE_DIR / ".." / ".." / "nixpkgs-evaluation-logs").resolve()
+    Path(BASE_DIR / ".." / "nixpkgs-evaluation-logs").resolve()
 )
-CVE_CACHE_DIR: str = str(Path(BASE_DIR / ".." / ".." / "cve-cache").resolve())
+CVE_CACHE_DIR: str = str(Path(BASE_DIR / ".." / "cve-cache").resolve())
 # This can be tuned for your specific deployment,
 # this is used to wait for an evaluation slot to be available
 # It should be around the average evaluation time on your machine.