From f36916a2a25ebce419b920588bd6fc4b907e4975 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 26 Jul 2023 11:50:56 +0200 Subject: [PATCH 1/6] move modules into subdir --- flake.nix | 6 +++--- hidden-ssh-announce.nix => modules/hidden-ssh-announce.nix | 0 installer.nix => modules/installer.nix | 0 3 files changed, 3 insertions(+), 3 deletions(-) rename hidden-ssh-announce.nix => modules/hidden-ssh-announce.nix (100%) rename installer.nix => modules/installer.nix (100%) diff --git a/flake.nix b/flake.nix index 3916990d9..04529f4c9 100644 --- a/flake.nix +++ b/flake.nix @@ -28,13 +28,13 @@ nixosModules = { installer = { imports = [ - ./installer.nix - ./hidden-ssh-announce.nix + ./modules/installer.nix + ./modules/hidden-ssh-announce.nix ]; }; hidden-announce = { imports = [ - ./hidden-ssh-announce.nix + ./modules/hidden-ssh-announce.nix ]; }; }; diff --git a/hidden-ssh-announce.nix b/modules/hidden-ssh-announce.nix similarity index 100% rename from hidden-ssh-announce.nix rename to modules/hidden-ssh-announce.nix diff --git a/installer.nix b/modules/installer.nix similarity index 100% rename from installer.nix rename to modules/installer.nix From 62ae99ecb679b4b548740fed599c0a52079cec2e Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 26 Jul 2023 14:48:59 +0200 Subject: [PATCH 2/6] Merge pull request 'Update Flake' (#32) from update-flake into main --- .gitea/workflows/update-flake.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .gitea/workflows/update-flake.yaml diff --git a/.gitea/workflows/update-flake.yaml b/.gitea/workflows/update-flake.yaml new file mode 100644 index 000000000..02ae10d7e --- /dev/null +++ b/.gitea/workflows/update-flake.yaml @@ -0,0 +1,19 @@ +name: update-flake-lock +on: + workflow_dispatch: # allows manual triggering + schedule: + - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 + +jobs: + lockfile: + runs-on: nix + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Update flake.lock + uses: DeterminateSystems/update-flake-lock@v19 + with: + pr-title: "Update flake.lock" # Title of PR to be created + pr-labels: | # Labels to be set on the PR + dependencies + automated From f84a7c6a652b1efa44a24b08a87cd61dd9c8b900 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 26 Jul 2023 14:52:49 +0200 Subject: [PATCH 3/6] Merge pull request 'Update Flake' (#33) from update-flake into main --- .gitea/workflows/update-flake.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/update-flake.yaml b/.gitea/workflows/update-flake.yaml index 02ae10d7e..9e049ba69 100644 --- a/.gitea/workflows/update-flake.yaml +++ b/.gitea/workflows/update-flake.yaml @@ -2,7 +2,7 @@ name: update-flake-lock on: workflow_dispatch: # allows manual triggering schedule: - - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 + - cron: '0/2 * * * *' # runs weekly on Sunday at 00:00 jobs: lockfile: From 5fb266a2f629aa1d077b9b84fb1ee10a31b42110 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 26 Jul 2023 15:56:38 +0200 Subject: [PATCH 4/6] update-flake: remove workflow --- .gitea/workflows/update-flake.yaml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .gitea/workflows/update-flake.yaml diff --git a/.gitea/workflows/update-flake.yaml b/.gitea/workflows/update-flake.yaml deleted file mode 100644 index 9e049ba69..000000000 --- a/.gitea/workflows/update-flake.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: update-flake-lock -on: - workflow_dispatch: # allows manual triggering - schedule: - - cron: '0/2 * * * *' # runs weekly on Sunday at 00:00 - -jobs: - lockfile: - runs-on: nix - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v19 - with: - pr-title: "Update flake.lock" # Title of PR to be created - pr-labels: | # Labels to be set on the PR - dependencies - automated From 951a00c281d7572dda37968d315b14592b3f69a8 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 26 Jul 2023 17:24:43 +0200 Subject: [PATCH 5/6] writers: init --- flake-parts/writers/default.nix | 45 +++++++++++++++++ flake-parts/writers/writers.nix | 89 +++++++++++++++++++++++++++++++++ flake.nix | 1 + 3 files changed, 135 insertions(+) create mode 100644 flake-parts/writers/default.nix create mode 100644 flake-parts/writers/writers.nix diff --git a/flake-parts/writers/default.nix b/flake-parts/writers/default.nix new file mode 100644 index 000000000..bd733e271 --- /dev/null +++ b/flake-parts/writers/default.nix @@ -0,0 +1,45 @@ +{ flake-parts-lib, ... }: { + options.perSystem = flake-parts-lib.mkPerSystemOption ( + { config + , lib + , pkgs + , ... + }: + let + writers = pkgs.callPackage ./writers.nix { }; + in + { + options.writers = { + writePureShellScript = lib.mkOption { + type = lib.types.functionTo (lib.types.functionTo lib.types.package); + description = '' + Create a script that runs in a `pure` environment, in the sense that: + - the behavior is similar to `nix-shell --pure` + - `PATH` only contains exactly the packages passed via the `PATH` arg + - `NIX_PATH` is set to the path of the current `pkgs` + - `TMPDIR` is set up and cleaned up even if the script fails + - out, if set, is kept as-is + - all environment variables are unset, except: + - the ones listed in `keepVars` defined in ./default.nix + - the ones listed via the `KEEP_VARS` variable + ''; + }; + writePureShellScriptBin = lib.mkOption { + type = lib.types.functionTo (lib.types.functionTo (lib.types.functionTo lib.types.package)); + description = '' + Creates a script in a `bin/` directory in the output; suitable for use with `lib.makeBinPath`, etc. + See {option}`writers.writePureShellScript` + ''; + }; + }; + + config.writers = { + inherit + (writers) + writePureShellScript + writePureShellScriptBin + ; + }; + } + ); +} diff --git a/flake-parts/writers/writers.nix b/flake-parts/writers/writers.nix new file mode 100644 index 000000000..ed9287731 --- /dev/null +++ b/flake-parts/writers/writers.nix @@ -0,0 +1,89 @@ +{ lib +, bash +, coreutils +, gawk +, path +, # nixpkgs path + writeScript +, writeScriptBin +, ... +}: +let + # Docs at modules/flake-parts/writers.nix + writePureShellScript = PATH: script: + writeScript "script.sh" (mkScript PATH script); + + # Docs at modules/flake-parts/writers.nix + writePureShellScriptBin = binName: PATH: script: + writeScriptBin binName (mkScript PATH script); + + mkScript = PATH: scriptText: '' + #!${bash}/bin/bash + set -Eeuo pipefail + + export PATH="${lib.makeBinPath PATH}" + export NIX_PATH=nixpkgs=${path} + + export TMPDIR=$(${coreutils}/bin/mktemp -d) + + trap "${coreutils}/bin/chmod -R +w '$TMPDIR'; ${coreutils}/bin/rm -rf '$TMPDIR'" EXIT + + if [ -z "''${IMPURE:-}" ]; then + ${cleanEnv} + fi + + ${scriptText} + ''; + + # list taken from nix source: src/nix-build/nix-build.cc + keepVars = lib.concatStringsSep " " [ + "HOME" + "XDG_RUNTIME_DIR" + "USER" + "LOGNAME" + "DISPLAY" + "WAYLAND_DISPLAY" + "WAYLAND_SOCKET" + "PATH" + "TERM" + "IN_NIX_SHELL" + "NIX_SHELL_PRESERVE_PROMPT" + "TZ" + "PAGER" + "NIX_BUILD_SHELL" + "SHLVL" + "http_proxy" + "https_proxy" + "ftp_proxy" + "all_proxy" + "no_proxy" + + # We want to keep our own variables as well + "out" + "IMPURE" + "KEEP_VARS" + "NIX_PATH" + "TMPDIR" + ]; + + cleanEnv = '' + + KEEP_VARS="''${KEEP_VARS:-}" + + unsetVars=$( + ${coreutils}/bin/comm \ + <(${gawk}/bin/awk 'BEGIN{for(v in ENVIRON) print v}' | ${coreutils}/bin/cut -d = -f 1 | ${coreutils}/bin/sort) \ + <(echo "${keepVars} $KEEP_VARS" | ${coreutils}/bin/tr " " "\n" | ${coreutils}/bin/sort) \ + -2 \ + -3 + ) + + unset $unsetVars + ''; +in +{ + inherit + writePureShellScript + writePureShellScriptBin + ; +} diff --git a/flake.nix b/flake.nix index 04529f4c9..ec91eb68f 100644 --- a/flake.nix +++ b/flake.nix @@ -20,6 +20,7 @@ imports = [ ./flake-parts/packages.nix ./flake-parts/formatting.nix + ./flake-parts/writers ./templates/flake-module.nix ./templates/python-project/flake-module.nix ./pkgs/clan-cli/flake-module.nix From 49c3c7d50e5db43b38736d5198f1ffbb9a0100af Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 26 Jul 2023 18:23:08 +0200 Subject: [PATCH 6/6] writers: export flake-parts module --- flake-parts/modules.nix | 7 +++++++ flake.nix | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 flake-parts/modules.nix diff --git a/flake-parts/modules.nix b/flake-parts/modules.nix new file mode 100644 index 000000000..098af10bc --- /dev/null +++ b/flake-parts/modules.nix @@ -0,0 +1,7 @@ +# export some of our flake moduels for re-use in other projects +{ ... +}: { + flake.modules.flake-parts = { + writers = ./writers; + }; +} diff --git a/flake.nix b/flake.nix index ec91eb68f..a889ed2b8 100644 --- a/flake.nix +++ b/flake.nix @@ -18,8 +18,9 @@ "aarch64-linux" ]; imports = [ - ./flake-parts/packages.nix ./flake-parts/formatting.nix + ./flake-parts/modules.nix + ./flake-parts/packages.nix ./flake-parts/writers ./templates/flake-module.nix ./templates/python-project/flake-module.nix