diff options
Diffstat (limited to 'parts')
| -rw-r--r-- | parts/default.nix | 22 | ||||
| -rw-r--r-- | parts/deployment.nix | 82 | ||||
| -rw-r--r-- | parts/dev.nix | 62 | ||||
| -rw-r--r-- | parts/packages.nix | 44 | ||||
| -rw-r--r-- | parts/toolchain.nix | 24 |
5 files changed, 234 insertions, 0 deletions
diff --git a/parts/default.nix b/parts/default.nix new file mode 100644 index 0000000..ecace0f --- /dev/null +++ b/parts/default.nix @@ -0,0 +1,22 @@ +_: { + imports = [ + ./deployment.nix + ./dev.nix + ./packages.nix + ./toolchain.nix + ]; + + systems = [ + "x86_64-linux" + "x86_64-darwin" + "aarch64-linux" + "aarch64-darwin" + ]; + + perSystem = _: { + _module.args.src = builtins.path { + name = "teawiebot-src"; + path = ../.; + }; + }; +} diff --git a/parts/deployment.nix b/parts/deployment.nix new file mode 100644 index 0000000..f0ab7d1 --- /dev/null +++ b/parts/deployment.nix @@ -0,0 +1,82 @@ +{self, ...}: let + bin = teawiebot-smol: "${teawiebot-smol}/bin/teawiebot"; + service = pkgs: cmd: + pkgs.writeTextFile { + name = "teawiebot.service"; + text = '' + [Unit] + Description=teawiebot service + + [Service] + Environment="TOKEN=" + ExecStart="${cmd}" + DynamicUser=yes + ProtectSystem=strict + ProtectHome=yes + ProtectKernelTunables=yes + ProtectKernelModules=yes + ProtectControlGroups=yes + SystemCallFilter=@system-service + SystemCallErrorNumber=EPERM + NoNewPrivileges=yes + PrivateTmp=yes + + [Install] + WantedBy=multi-user.target + ''; + }; +in { + perSystem = { + pkgs, + system, + ... + }: let + inherit (pkgs) cacert dockerTools portableService; + inherit (self.packages.${system}) teawiebot teawiebot-smol; + cmd = bin teawiebot-smol; + in { + packages = { + container = dockerTools.buildLayeredImage { + name = "teawiebot"; + tag = "latest"; + contents = [dockerTools.caCertificates]; + config.Cmd = ["${cmd}"]; + }; + + service = portableService { + inherit (teawiebot) pname; + inherit (teawiebot-smol) version; + description = "portable service for teawiebot!"; + units = [(service pkgs cmd)]; + symlinks = [ + { + object = "${cacert}/etc/ssl"; + symlink = "/etc/ssl"; + } + ]; + }; + }; + }; + + flake = { + nixosModules = { + default = { + config, + lib, + pkgs, + ... + }: let + cfg = config.services.teawiebot; + inherit (lib) mkEnableOption mkIf; + in { + options.services.teawiebot.enable = mkEnableOption "enable teawiebot"; + + config.systemd.services = mkIf cfg.enable { + teawiebot = { + text = service pkgs (bin pkgs.teawiebot-smol); + }; + }; + }; + }; + }; +} diff --git a/parts/dev.nix b/parts/dev.nix new file mode 100644 index 0000000..01c33c6 --- /dev/null +++ b/parts/dev.nix @@ -0,0 +1,62 @@ +{ + inputs, + self, + ... +}: { + perSystem = { + craneLib, + pkgs, + system, + src, + toolchain, + ... + }: { + checks = let + commonArgs = { + inherit src; + }; + + inherit (craneLib) cargoClippy cargoFmt; + in { + inherit (self.packages.${system}) teawiebot; + + clippy = cargoClippy (commonArgs + // { + inherit (self.packages.${system}) cargoArtifacts; + cargoClippyExtraArgs = "--all-targets"; + }); + + fmt = cargoFmt commonArgs; + + pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { + inherit src; + hooks = { + actionlint.enable = true; + alejandra.enable = true; + deadnix.enable = true; + nil.enable = true; + statix.enable = true; + }; + }; + }; + + devShells = let + inherit (pkgs) mkShell; + in { + default = mkShell { + inherit (self.checks.${system}.pre-commit-check) shellHook; + packages = with pkgs; [ + actionlint + alejandra + deadnix + nil + statix + + toolchain + ]; + }; + }; + + formatter = pkgs.alejandra; + }; +} diff --git a/parts/packages.nix b/parts/packages.nix new file mode 100644 index 0000000..1b8acd8 --- /dev/null +++ b/parts/packages.nix @@ -0,0 +1,44 @@ +{self, ...}: { + perSystem = { + craneLib, + pkgs, + src, + system, + ... + }: let + inherit (pkgs.lib) licenses maintainers platforms; + inherit (craneLib) buildPackage; + in { + packages = { + cargoArtifacts = craneLib.buildDepsOnly {inherit src;}; + + teawiebot = buildPackage { + inherit src; + inherit (self.packages.${system}) cargoArtifacts; + + meta = { + description = "funni bot"; + homepage = "https://github.com/getchoo/teawiebot"; + license = licenses.mit; + platforms = platforms.unix; + maintainers = with maintainers; [getchoo]; + }; + }; + + teawiebot-smol = + self.packages.${system}.teawiebot.overrideAttrs (_: { + # statically link musl, optimize for size + CARGO_BUILD_TARGET = "x86_64-unknown-linux-musl"; + + CARGO_BUILD_RUSTFLAGS = "-C lto=fat -C embed-bitcode=yes \ + -C target-feature=+crt-static -C opt-level=z -C strip=symbols -C codegen-units=1"; + + CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER = let + inherit (pkgs.pkgsStatic.stdenv) cc; + in "${cc}/bin/${cc.targetPrefix}cc"; + }); + + default = self.packages.${system}.teawiebot; + }; + }; +} diff --git a/parts/toolchain.nix b/parts/toolchain.nix new file mode 100644 index 0000000..e2201f9 --- /dev/null +++ b/parts/toolchain.nix @@ -0,0 +1,24 @@ +{inputs, ...}: { + perSystem = {system, ...}: let + pkgs = import inputs.nixpkgs { + inherit system; + overlays = [inputs.fenix.overlays.default]; + }; + + toolchain = with pkgs.fenix; + with stable; + combine [ + cargo + rustc + rustfmt + clippy + targets."x86_64-unknown-linux-musl".stable.rust-std + ]; + in { + _module.args = { + inherit pkgs toolchain; + + craneLib = (inputs.crane.mkLib pkgs).overrideToolchain toolchain; + }; + }; +} |