diff options
| author | seth <[email protected]> | 2023-12-15 02:40:21 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2023-12-15 16:41:13 -0500 |
| commit | aad424b4ba9989be4536390749ad0de351dd13ef (patch) | |
| tree | fe99931dc498d69c8d09d23c4b5aed7661212231 /parts | |
| parent | 03223e6e6d061a18b66a69092c59e6a0cb6d1d3f (diff) | |
flake: move nix to folder to nix/
Diffstat (limited to 'parts')
| -rw-r--r-- | parts/deployment.nix | 86 | ||||
| -rw-r--r-- | parts/derivation.nix | 58 | ||||
| -rw-r--r-- | parts/dev.nix | 52 | ||||
| -rw-r--r-- | parts/module.nix | 144 | ||||
| -rw-r--r-- | parts/packages.nix | 28 | ||||
| -rw-r--r-- | parts/workflow.nix | 15 |
6 files changed, 0 insertions, 383 deletions
diff --git a/parts/deployment.nix b/parts/deployment.nix deleted file mode 100644 index 9fb754e..0000000 --- a/parts/deployment.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ - inputs, - self, - ... -}: { - flake.nixosModules.default = import ./module.nix self; - - perSystem = { - lib, - pkgs, - system, - config, - inputs', - ... - }: let - name = "getchoo/teawiebot"; - - crossPkgsFor = lib.fix (finalAttrs: { - "x86_64-linux" = { - "x86_64" = pkgs.pkgsStatic; - "aarch64" = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic; - }; - - "aarch64-linux" = { - "x86_64" = pkgs.pkgsCross.musl64; - "aarch64" = pkgs.pkgsStatic; - }; - - "x86_64-darwin" = { - "x86_64" = pkgs.pkgsCross.musl64; - "aarch64" = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic; - }; - - "aarch64-darwin" = finalAttrs."x86_64-darwin"; - }); - - wieFor = arch: let - target = "${arch}-unknown-linux-musl"; - target' = builtins.replaceStrings ["-"] ["_"] target; - targetUpper = lib.toUpper target'; - - toolchain = with inputs'.fenix.packages; - combine [ - minimal.cargo - minimal.rustc - targets.${target}.latest.rust-std - ]; - - naersk' = inputs.naersk.lib.${system}.override { - cargo = toolchain; - rustc = toolchain; - }; - - teawiebot = config.packages.teawiebot.override { - naersk = naersk'; - optimizeSize = true; - }; - - inherit (crossPkgsFor.${system}.${arch}.stdenv) cc; - in - lib.getExe ( - teawiebot.overrideAttrs (_: - lib.fix (finalAttrs: { - CARGO_BUILD_TARGET = target; - "CC_${target'}" = "${cc}/bin/${cc.targetPrefix}cc"; - "CARGO_TARGET_${targetUpper}_RUSTFLAGS" = "-C target-feature=+crt-static"; - "CARGO_TARGET_${targetUpper}_LINKER" = finalAttrs."CC_${target'}"; - })) - ); - - containerFor = arch: - pkgs.dockerTools.buildLayeredImage { - inherit name; - tag = "latest-${arch}"; - contents = [pkgs.dockerTools.caCertificates]; - config.Cmd = [(wieFor arch)]; - - architecture = crossPkgsFor.${system}.${arch}.go.GOARCH; - }; - in { - packages = { - container-x86_64 = containerFor "x86_64"; - container-aarch64 = containerFor "aarch64"; - }; - }; -} diff --git a/parts/derivation.nix b/parts/derivation.nix deleted file mode 100644 index 061baea..0000000 --- a/parts/derivation.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - lib, - stdenv, - naersk, - CoreFoundation, - Security, - SystemConfiguration, - self, - lto ? false, - optimizeSize ? false, -}: let - filter = path: type: let - path' = toString path; - base = baseNameOf path'; - parent = baseNameOf (dirOf path'); - - dirBlocklist = ["parts"]; - - matches = lib.any (suffix: lib.hasSuffix suffix base) [".rs"]; - isCargo = base == "Cargo.lock" || base == "Cargo.toml"; - isCopypasta = parent == "copypastas"; - isAllowedDir = !(builtins.elem base dirBlocklist); - in - (type == "directory" && isAllowedDir) || matches || isCargo || isCopypasta; - - filterSource = src: - lib.cleanSourceWith { - src = lib.cleanSource src; - inherit filter; - }; -in - naersk.buildPackage { - pname = "teawiebot"; - version = builtins.substring 0 8 self.lastModifiedDate or "dirty"; - - src = filterSource ../.; - - buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ - CoreFoundation - Security - SystemConfiguration - ]; - - GIT_SHA = builtins.substring 0 7 self.rev or "dirty"; - - RUSTFLAGS = - lib.optionalString lto " -C lto=thin -C embed-bitcode=yes" - + lib.optionalString optimizeSize " -C codegen-units=1 -C strip=symbols -C opt-level=z"; - - meta = with lib; { - mainProgram = "teawiebot"; - description = "funni bot"; - homepage = "https://github.com/getchoo/teawiebot"; - license = licenses.mit; - platforms = with platforms; linux ++ darwin; - maintainers = with maintainers; [getchoo]; - }; - } diff --git a/parts/dev.nix b/parts/dev.nix deleted file mode 100644 index a796912..0000000 --- a/parts/dev.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - perSystem = { - lib, - pkgs, - config, - ... - }: { - pre-commit.settings = { - hooks = { - actionlint.enable = true; - ${config.formatter.pname}.enable = true; - deadnix.enable = true; - nil.enable = true; - prettier.enable = true; - rustfmt.enable = true; - statix.enable = true; - }; - }; - - proc.groups.daemons.processes = { - redis.command = lib.getExe' pkgs.redis "redis-server"; - }; - - devShells = { - default = pkgs.mkShell { - packages = with pkgs; [ - # general - actionlint - nodePackages_latest.prettier - config.proc.groups.daemons.package - - # rust - cargo - rustc - clippy - rustfmt - rust-analyzer - - # nix - config.formatter - deadnix - nil - statix - ]; - - RUST_SRC_PATH = "${pkgs.rust.packages.stable.rustPlatform.rustLibSrc}"; - }; - }; - - formatter = pkgs.alejandra; - }; -} diff --git a/parts/module.nix b/parts/module.nix deleted file mode 100644 index d7709a4..0000000 --- a/parts/module.nix +++ /dev/null @@ -1,144 +0,0 @@ -self: { - config, - lib, - pkgs, - ... -}: let - cfg = config.services.teawiebot; - defaultUser = "teawiebot"; - - inherit - (lib) - getExe - literalExpression - mdDoc - mkEnableOption - mkIf - mkOption - mkPackageOption - optionals - types - ; -in { - options.services.teawiebot = { - enable = mkEnableOption "teawiebot"; - package = mkPackageOption self.packages.${pkgs.stdenv.hostPlatform.system} "teawiebot" {}; - - user = mkOption { - description = mdDoc '' - User under which the service should run. If this is the default value, - the user will be created, with the specified group as the primary - group. - ''; - type = types.str; - default = defaultUser; - example = literalExpression '' - "bob" - ''; - }; - - group = mkOption { - description = mdDoc '' - Group under which the service should run. If this is the default value, - the group will be created. - ''; - type = types.str; - default = defaultUser; - example = literalExpression '' - "discordbots" - ''; - }; - - redisUrl = mkOption { - description = mdDoc '' - Connection to a redis server. If this needs to include credentials - that shouldn't be world-readable in the Nix store, set environmentFile - and override the `REDIS_URL` entry. - Pass the string `local` to setup a local Redis database. - ''; - type = types.str; - default = "local"; - example = literalExpression '' - "redis://localhost/" - ''; - }; - - environmentFile = mkOption { - description = mdDoc '' - Environment file as defined in {manpage}`systemd.exec(5)` - ''; - type = types.nullOr types.path; - default = null; - example = literalExpression '' - "/run/agenix.d/1/teawieBot" - ''; - }; - }; - - config = mkIf cfg.enable { - services.redis.servers.teawiebot = mkIf (cfg.redisUrl == "local") { - enable = true; - inherit (cfg) user; - port = 0; # disable tcp listener - }; - - systemd.services."teawiebot" = { - enable = true; - wantedBy = ["multi-user.target"]; - after = - ["network.target"] - ++ optionals (cfg.redisUrl == "local") ["redis-teawiebot.service"]; - - script = '' - ${getExe cfg.package} - ''; - - environment = { - REDIS_URL = - if cfg.redisUrl == "local" - then "unix:${config.services.redis.servers.teawiebot.unixSocket}" - else cfg.redisUrl; - }; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - - EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile; - - User = cfg.user; - Group = cfg.group; - - # hardening - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - RestrictNamespaces = "uts ipc pid user cgroup"; - RestrictSUIDSGID = true; - Umask = "0007"; - }; - }; - - users = { - users = mkIf (cfg.user == defaultUser) { - ${defaultUser} = { - isSystemUser = true; - inherit (cfg) group; - }; - }; - - groups = mkIf (cfg.group == defaultUser) { - ${defaultUser} = {}; - }; - }; - }; -} diff --git a/parts/packages.nix b/parts/packages.nix deleted file mode 100644 index 4e1ab27..0000000 --- a/parts/packages.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - self, - inputs, - ... -}: { - perSystem = { - pkgs, - system, - config, - ... - }: { - packages = { - teawiebot = pkgs.callPackage ./derivation.nix { - inherit self; - inherit - (pkgs.darwin.apple_sdk.frameworks) - CoreFoundation - Security - SystemConfiguration - ; - - naersk = inputs.naersk.lib.${system}; - }; - - default = config.packages.teawiebot; - }; - }; -} diff --git a/parts/workflow.nix b/parts/workflow.nix deleted file mode 100644 index 600a1bb..0000000 --- a/parts/workflow.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - githubWorkflowGenerator = { - outputs = [ - "checks" - "devShells" - "packages" - ]; - - overrides = { - checks.systems = ["x86_64-linux"]; - devShells.systems = ["x86_64-linux"]; - packages.systems = ["x86_64-linux"]; - }; - }; -} |