diff --git a/flake.nix b/flake.nix index de8aef5..cf1a608 100644 --- a/flake.nix +++ b/flake.nix @@ -14,70 +14,77 @@ }; }; - outputs = { - self, - nixpkgs, - dream2nix, - fenix, - }: let - # At the moment, we only deploy to x86_64-linux. Update when we - # care about another platform. - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; - fenixPkgs = fenix.packages.${system}; - ownPkgs = self.packages.${system}; - in { - packages.${system} = dream2nix.lib.importPackages { - projectRoot = ./.; - projectRootFile = "flake.nix"; - packagesDir = ./packages; - packageSets = { - nixpkgs = pkgs; - fenix = fenixPkgs; - }; - }; - - apps.${system} = { - default = let - inherit (ownPkgs) server templates; - inherit (pkgs) writeShellScript; - in { - type = "app"; - program = builtins.toString (writeShellScript "tlaternet-webserver" '' - ${server}/bin/tlaternet-webserver --template-directory ${templates} - ''); + outputs = + { + self, + nixpkgs, + dream2nix, + fenix, + }: + let + # At the moment, we only deploy to x86_64-linux. Update when we + # care about another platform. + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + fenixPkgs = fenix.packages.${system}; + ownPkgs = self.packages.${system}; + in + { + packages.${system} = dream2nix.lib.importPackages { + projectRoot = ./.; + projectRootFile = "flake.nix"; + packagesDir = ./packages; + packageSets = { + nixpkgs = pkgs; + fenix = fenixPkgs; + }; }; - update = let - update-script = pkgs.callPackage ./nix/update.nix {inherit self;}; - in { - type = "app"; - program = "${update-script}/bin/update"; + apps.${system} = { + default = + let + inherit (ownPkgs) server templates; + inherit (pkgs) writeShellScript; + in + { + type = "app"; + program = builtins.toString ( + writeShellScript "tlaternet-webserver" '' + ${server}/bin/tlaternet-webserver --template-directory ${templates} + '' + ); + }; + + update = + let + update-script = pkgs.callPackage ./nix/update.nix { inherit self; }; + in + { + type = "app"; + program = "${update-script}/bin/update"; + }; }; - }; - nixosModules.default = import ./nix/module.nix {inherit self system;}; + nixosModules.default = import ./nix/module.nix { inherit self system; }; - devShells.${system} = { - server = pkgs.mkShell { - packages = [ - (fenixPkgs.stable.withComponents [ - "rustc" - "cargo" - "rustfmt" - "rust-std" - "rust-docs" - "clippy" - "rust-src" - "rust-analysis" - ]) - fenixPkgs.rust-analyzer - ]; + devShells.${system} = { + server = pkgs.mkShell { + packages = [ + (fenixPkgs.stable.withComponents [ + "rustc" + "cargo" + "rustfmt" + "rust-std" + "rust-docs" + "clippy" + "rust-src" + "rust-analysis" + ]) + fenixPkgs.rust-analyzer + ]; + }; }; - }; - checks.${system} = import ./nix/checks { - inherit self pkgs; + checks.${system} = import ./nix/checks { inherit self pkgs; }; }; - }; } diff --git a/nix/checks/default.nix b/nix/checks/default.nix index 1d24e35..a9631ba 100644 --- a/nix/checks/default.nix +++ b/nix/checks/default.nix @@ -1,9 +1,8 @@ +{ pkgs, self }: +let + callPackage = pkgs.lib.callPackageWith (pkgs // { inherit self; }); +in { - pkgs, - self, -}: let - callPackage = pkgs.lib.callPackageWith (pkgs // {inherit self;}); -in { - lintNix = callPackage ./lint-nix.nix {}; - openHomepage = callPackage ./open-homepage.nix {}; + lintNix = callPackage ./lint-nix.nix { }; + openHomepage = callPackage ./open-homepage.nix { }; } diff --git a/nix/checks/lint-nix.nix b/nix/checks/lint-nix.nix index aed1fb1..3ade72e 100644 --- a/nix/checks/lint-nix.nix +++ b/nix/checks/lint-nix.nix @@ -2,26 +2,31 @@ self, lib, stdenv, - alejandra, + nixfmt-rfc-style, deadnix, statix, -}: let +}: +let inherit (lib) sourceFilesBySuffices; in - stdenv.mkDerivation { - dontPatch = true; - dontConfigure = true; - dontBuild = true; - dontInstall = true; - doCheck = true; +stdenv.mkDerivation { + dontPatch = true; + dontConfigure = true; + dontBuild = true; + dontInstall = true; + doCheck = true; - name = "lint-nix"; - src = sourceFilesBySuffices self [".nix"]; - checkInputs = [alejandra deadnix statix]; - checkPhase = '' - mkdir -p $out - alejandra --check . | tee $out/alejandra.log - deadnix --fail | tee $out/deadnix.log - statix check | tee $out/statix.log - ''; - } + name = "lint-nix"; + src = sourceFilesBySuffices self [ ".nix" ]; + checkInputs = [ + nixfmt-rfc-style + deadnix + statix + ]; + checkPhase = '' + mkdir -p $out + nixfmt --strict --check . | tee $out/nixfmt.log + deadnix --fail | tee $out/deadnix.log + statix check | tee $out/statix.log + ''; +} diff --git a/nix/checks/open-homepage.nix b/nix/checks/open-homepage.nix index 7f103d8..92b76c6 100644 --- a/nix/checks/open-homepage.nix +++ b/nix/checks/open-homepage.nix @@ -1,19 +1,16 @@ -{ - self, - nixosTest, -}: +{ self, nixosTest }: nixosTest { name = "open-homepage"; nodes = { # Host with just the default configuration defaults = { - imports = [self.nixosModules.default]; + imports = [ self.nixosModules.default ]; services.tlaternet-webserver.enable = true; }; host = { - imports = [self.nixosModules.default]; + imports = [ self.nixosModules.default ]; services.tlaternet-webserver = { enable = true; @@ -23,10 +20,10 @@ nixosTest { }; }; - networking.firewall.allowedTCPPorts = [8080]; + networking.firewall.allowedTCPPorts = [ 8080 ]; }; - client = {}; + client = { }; }; testScript = '' diff --git a/nix/module.nix b/nix/module.nix index b2279e1..b12f2b1 100644 --- a/nix/module.nix +++ b/nix/module.nix @@ -1,18 +1,14 @@ -{ - self, - system, -}: { - config, - lib, - ... -}: let +{ self, system }: +{ config, lib, ... }: +let inherit (lib) mkEnableOption mkIf mkOption; inherit (lib.types) str int; inherit (lib.strings) escapeShellArgs; inherit (self.packages.${system}) server templates; cfg = config.services.tlaternet-webserver; -in { +in +{ options = { services.tlaternet-webserver = { enable = mkEnableOption "tlaternet web server"; @@ -35,8 +31,8 @@ in { config = mkIf cfg.enable { systemd.services.tlaternet-webserver = { description = "tlaternet webserver"; - wantedBy = ["multi-user.target"]; - after = ["network.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; script = escapeShellArgs [ "${server}/bin/tlaternet-webserver" @@ -60,14 +56,21 @@ in { ProtectKernelModules = true; ProtectKernelLogs = true; ProtectControlGroups = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; RestrictNamespaces = true; LockPersonality = true; MemoryDenyWriteExecute = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@privileged @resources @setuid @keyring"]; + SystemCallFilter = [ + "@system-service" + "~@privileged @resources @setuid @keyring" + ]; }; }; }; diff --git a/nix/update.nix b/nix/update.nix index 5bd74a3..7096a38 100644 --- a/nix/update.nix +++ b/nix/update.nix @@ -6,20 +6,25 @@ git, nix, yq-go, -}: let +}: +let selfPackages = self.packages.${system}; inherit (selfPackages.server.config.deps) cargo; inherit (selfPackages.templates.config.deps) npm; npm-check-updates = - (builtins.elemAt (lib.attrValues - selfPackages.templates.config.nodejs-granular-v3.deps.npm-check-updates) - 0) - .package-func - .result; + (builtins.elemAt (lib.attrValues selfPackages.templates.config.nodejs-granular-v3.deps.npm-check-updates) 0) + .package-func.result; in - writeShellApplication { - name = "update"; - runtimeInputs = [cargo git nix npm npm-check-updates yq-go]; - text = builtins.readFile ./scripts/update.sh; - } +writeShellApplication { + name = "update"; + runtimeInputs = [ + cargo + git + nix + npm + npm-check-updates + yq-go + ]; + text = builtins.readFile ./scripts/update.sh; +} diff --git a/packages/server/default.nix b/packages/server/default.nix index 24b9568..954da7c 100644 --- a/packages/server/default.nix +++ b/packages/server/default.nix @@ -1,13 +1,16 @@ -{ dream2nix, lib, ... }: { +{ dream2nix, lib, ... }: +{ imports = [ dream2nix.modules.dream2nix.rust-cargo-lock dream2nix.modules.dream2nix.rust-cargo-vendor dream2nix.modules.dream2nix.rust-crane ]; - deps = {fenix, ...}: { - deps.cargo = fenix.stable.minimalToolchain; - }; + deps = + { fenix, ... }: + { + deps.cargo = fenix.stable.minimalToolchain; + }; inherit ((lib.pipe ./Cargo.toml [ diff --git a/packages/templates/default.nix b/packages/templates/default.nix index bd44660..989b149 100644 --- a/packages/templates/default.nix +++ b/packages/templates/default.nix @@ -3,28 +3,37 @@ config, lib, ... -}: { +}: +{ imports = [ dream2nix.modules.dream2nix.nodejs-package-json-v3 dream2nix.modules.dream2nix.nodejs-granular-v3 dream2nix.modules.dream2nix.nodejs-devshell-v3 ]; - deps = {nixpkgs, ...}: { - inherit (nixpkgs) pkg-config runCommandLocal rsync vips yj; - }; + deps = + { nixpkgs, ... }: + { + inherit (nixpkgs) + pkg-config + runCommandLocal + rsync + vips + yj + ; + }; name = "tlaternet-templates"; version = "0.1.0"; mkDerivation = { - src = config.deps.runCommandLocal "source" {nativeBuildInputs = [config.deps.yj];} '' + src = config.deps.runCommandLocal "source" { nativeBuildInputs = [ config.deps.yj ]; } '' cp -r ${./.} $out/ chmod -R u+w $out yj < $out/package.yaml > $out/package.json ''; - nativeBuildInputs = [config.deps.yj]; + nativeBuildInputs = [ config.deps.yj ]; # The default phase (which is hidden in `preInstallPhases`) will # copy the full node_modules directory to the output, and symlink @@ -32,7 +41,7 @@ # # Since this package's output is static HTML/JS, we do not want # that. - preInstallPhases = lib.mkForce []; + preInstallPhases = lib.mkForce [ ]; installPhase = '' cp -r dist $out '';