flake: use naersk to build cross arch docker images

author: seth <[email protected]> 2023-11-15 03:37:38 -0500
committer: seth <[email protected]> 2023-11-16 00:15:23 +0000
commit: ea3b523a37d22e67eaf5019bb8a661a60e82cc31 (patch)
tree: a8a43a617f5a815ad56f81a89578fe5fc05bfcc1
parent: 928d1ab5caa5ad1f6e22a869686c77626e53e7e0 (diff)
5 files changed, 176 insertions, 29 deletions
diff --git a/flake.lock b/flake.lock
index b4929e9..14b3593 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "fenix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-analyzer-src": "rust-analyzer-src"
+      },
+      "locked": {
+        "lastModified": 1699424512,
+        "narHash": "sha256-ysy/MYHkdEhqCSnc8oG9ZS054nCkJgHMORDb1o7NPL8=",
+        "owner": "nix-community",
+        "repo": "fenix",
+        "rev": "dfaf3a97fe595a18bf9d55cda3416c17fe906f0f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "fenix",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -55,6 +76,26 @@
         "type": "github"
       }
     },
+    "naersk": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1698420672,
+        "narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=",
+        "owner": "nix-community",
+        "repo": "naersk",
+        "rev": "aeb58d5e8faead8980a807c840232697982d47b9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "naersk",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1699343069,
@@ -119,11 +160,30 @@
     },
     "root": {
       "inputs": {
+        "fenix": "fenix",
+        "naersk": "naersk",
         "nixpkgs": "nixpkgs",
         "parts": "parts",
         "pre-commit": "pre-commit"
       }
     },
+    "rust-analyzer-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1699395221,
+        "narHash": "sha256-FPuZhacqpdozOpTivkkqITt78S8WzFyXxF+LXW14l20=",
+        "owner": "rust-lang",
+        "repo": "rust-analyzer",
+        "rev": "3b7c7f97e4a7bb253a8d398ee4f8346f6cf2817b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rust-lang",
+        "ref": "nightly",
+        "repo": "rust-analyzer",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
diff --git a/flake.nix b/flake.nix
index e4ab295..1738cc2 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,6 +18,16 @@
       inputs.nixpkgs-lib.follows = "nixpkgs";
     };
 
+    fenix = {
+      url = "github:nix-community/fenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    naersk = {
+      url = "github:nix-community/naersk";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     pre-commit = {
       url = "github:cachix/pre-commit-hooks.nix";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -25,14 +35,10 @@
     };
   };
 
-  outputs = {
-    parts,
-    pre-commit,
-    ...
-  } @ inputs:
+  outputs = {parts, ...} @ inputs:
     parts.lib.mkFlake {inherit inputs;} {
       imports = [
-        pre-commit.flakeModule
+        inputs.pre-commit.flakeModule
 
         ./parts/deployment.nix
         ./parts/dev.nix
diff --git a/parts/deployment.nix b/parts/deployment.nix
index 0aeea7b..1549c77 100644
--- a/parts/deployment.nix
+++ b/parts/deployment.nix
@@ -1,19 +1,94 @@
-{self, ...}: {
+{
+  inputs,
+  self,
+  ...
+}: {
+  flake.nixosModules.default = import ./module.nix self;
+
   perSystem = {
     lib,
     pkgs,
-    self',
+    system,
+    config,
+    inputs',
     ...
-  }: {
-    packages = {
-      container = pkgs.dockerTools.buildLayeredImage {
-        name = "teawiebot";
-        tag = "latest";
-        contents = [pkgs.dockerTools.caCertificates];
-        config.Cmd = [(lib.getExe self'.packages.teawiebot-smol)];
+  }: let
+    name = "getchoo/teawieBot";
+
+    crossPkgsFor = lib.fix (finalAttrs: {
+      "x86_64-linux" = {
+        "amd64" = pkgs.pkgsStatic;
+        "arm64v8" = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic;
+      };
+
+      "aarch64-linux" = {
+        "amd64" = pkgs.pkgsCross.musl64;
+        "arm64v8" = pkgs.pkgsStatic;
       };
+
+      "x86_64-darwin" = {
+        "amd64" = pkgs.pkgsCross.musl64;
+        "arm64v8" = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic;
+      };
+
+      "aarch64-darwin" = finalAttrs."x86_64-darwin";
+    });
+
+    nativeArchFor = {
+      "amd64" = "x86_64";
+      "arm64v8" = "aarch64";
     };
-  };
 
-  flake.nixosModules.default = import ./module.nix self;
+    wieFor = arch: let
+      target = "${nativeArchFor.${arch}}-unknown-linux-musl";
+      target' = builtins.replaceStrings ["-"] ["_"] target;
+      targetUpper = lib.toUpper target';
+
+      toolchain = with inputs'.fenix.packages;
+        combine [
+          minimal.cargo
+          minimal.rustc
+          targets.${target}.latest.rust-std
+        ];
+
+      naersk' = inputs.naersk.lib.${system}.override {
+        cargo = toolchain;
+        rustc = toolchain;
+      };
+
+      teawiebot = config.packages.teawiebot.override {
+        naersk = naersk';
+        optimizeSize = true;
+      };
+
+      inherit (crossPkgsFor.${system}.${arch}.stdenv) cc;
+    in
+      lib.getExe (
+        teawiebot.overrideAttrs (_:
+          lib.fix (finalAttrs: {
+            CARGO_BUILD_TARGET = target;
+            "CC_${target'}" = "${cc}/bin/${cc.targetPrefix}cc";
+            "CARGO_TARGET_${targetUpper}_RUSTFLAGS" = "-C target-feature=+crt-static";
+            "CARGO_TARGET_${targetUpper}_LINKER" = finalAttrs."CC_${target'}";
+          }))
+      );
+
+    toContainer = arch:
+      assert lib.assertMsg (
+        arch == "arch64" -> pkgs.stdenv.isLinux
+      ) "aarch64 images are only supported on linux!";
+        pkgs.dockerTools.buildLayeredImage {
+          inherit name;
+          tag = "latest-${arch}";
+          contents = [pkgs.dockerTools.caCertificates];
+          config.Cmd = [(wieFor arch)];
+
+          architecture = crossPkgsFor.${system}.${arch}.go.GOARCH;
+        };
+  in {
+    packages = {
+      container-amd64 = toContainer "amd64";
+      container-arm64v8 = toContainer "arm64v8";
+    };
+  };
 }
diff --git a/parts/derivation.nix b/parts/derivation.nix
index 8fc5bd8..57cf647 100644
--- a/parts/derivation.nix
+++ b/parts/derivation.nix
@@ -1,7 +1,7 @@
 {
   lib,
-  rustPlatform,
-  self,
+  naersk,
+  version,
   lto ? true,
   optimizeSize ? false,
 }: let
@@ -25,13 +25,11 @@
       inherit filter;
     };
 in
-  rustPlatform.buildRustPackage {
+  naersk.buildPackage {
     pname = "teawiebot";
-    version = builtins.substring 0 8 self.lastModifiedDate or "dirty";
+    inherit version;
 
-    src = filterSource self;
-
-    cargoLock.lockFile = ../Cargo.lock;
+    src = filterSource ../.;
 
     RUSTFLAGS =
       lib.optionalString lto " -C lto=thin -C embed-bitcode=yes"
diff --git a/parts/packages.nix b/parts/packages.nix
index 852db09..c4113c1 100644
--- a/parts/packages.nix
+++ b/parts/packages.nix
@@ -1,13 +1,21 @@
-{self, ...}: {
+{
+  self,
+  inputs,
+  ...
+}: {
   perSystem = {
     pkgs,
-    self',
+    system,
+    config,
     ...
   }: {
     packages = {
-      teawiebot = pkgs.callPackage ./derivation.nix {inherit self;};
-      teawiebot-smol = self'.packages.teawiebot.override {optimizeSize = true;};
-      default = self'.packages.teawiebot;
+      teawiebot = pkgs.callPackage ./derivation.nix {
+        version = builtins.substring 0 8 self.lastModifiedDate or "dirty";
+        naersk = inputs.naersk.lib.${system};
+      };
+
+      default = config.packages.teawiebot;
     };
   };
 }
author	seth <[email protected]>	2023-11-15 03:37:38 -0500
committer	seth <[email protected]>	2023-11-16 00:15:23 +0000
commit	ea3b523a37d22e67eaf5019bb8a661a60e82cc31 (patch)
tree	a8a43a617f5a815ad56f81a89578fe5fc05bfcc1
parent	928d1ab5caa5ad1f6e22a869686c77626e53e7e0 (diff)