chore(nix): Move files around to conform to new read-tree layout
Broadly speaking, the following things are included: * there is now a uniform `args` struct that is passed to all derivations, package headers have been changed appropriately * overrides are now loaded from a separate `override` folder just using read-tree.nix * third-party packages have moved into the `third_party` attribute set
This commit is contained in:
		
							parent
							
								
									4d852e2ef7
								
							
						
					
					
						commit
						c1c379848a
					
				
					 19 changed files with 109 additions and 99 deletions
				
			
		
							
								
								
									
										82
									
								
								default.nix
									
										
									
									
									
								
							
							
						
						
									
										82
									
								
								default.nix
									
										
									
									
									
								
							|  | @ -14,78 +14,34 @@ let | ||||||
|     url = "https://github.com/NixOS/nixpkgs-channels/archive/${stableCommit}.tar.gz"; |     url = "https://github.com/NixOS/nixpkgs-channels/archive/${stableCommit}.tar.gz"; | ||||||
|     sha256 = "0243qiivxl3z51biy4f5y5cy81x5bki5dazl9wqwgnmd373gpmxy"; |     sha256 = "0243qiivxl3z51biy4f5y5cy81x5bki5dazl9wqwgnmd373gpmxy"; | ||||||
|   }; |   }; | ||||||
|  |   readTree = import ./read-tree.nix; | ||||||
| 
 | 
 | ||||||
|   localPkgs = self: super: { |   localPkgs = self: super: | ||||||
|     # Local projects should be added here: |     let config = { | ||||||
|     tazjin = { |       pkgs = self; | ||||||
|       blog = self.callPackage ./services/tazblog {}; |       upstream = super; | ||||||
|       blog_cli = self.callPackage ./tools/blog_cli {}; |  | ||||||
|       gemma = self.callPackage ./services/gemma {}; |  | ||||||
|       nixcon = self.naersk.buildPackage ./services/nixcon-demo {}; |  | ||||||
| 
 | 
 | ||||||
|       kms_pass = self.callPackage ./tools/kms_pass { |       kms = { | ||||||
|         project = "tazjins-infrastructure"; |         project = "tazjins-infrastructure"; | ||||||
|         region = "europe-north1"; |         region = "europe-north1"; | ||||||
|         keyring = "tazjins-keys"; |         keyring = "tazjins-keys"; | ||||||
|         key = "kontemplate-key"; |         key = "kontemplate-key"; | ||||||
|       }; |       }; | ||||||
|     }; |     }; | ||||||
|  |     in { | ||||||
|  |       services = readTree ./services config; | ||||||
|  |       tools = readTree ./tools config; | ||||||
|  |       third_party = readTree ./third_party config; | ||||||
|  |     } // (readTree ./overrides config); | ||||||
| 
 | 
 | ||||||
|     # Third-party projects (either vendored or modified from nixpkgs) go here: |   #   # All projects that should be built by CI should be added here: | ||||||
|     nixery = import ./third_party/nixery.nix { pkgs = self; }; |   #   ciProjects = [ | ||||||
|     terraform-gcp = self.terraform_0_12.withPlugins(p: [ p.google p.google-beta ]); |   #     self.kontemplate | ||||||
|     ormolu = import (self.fetchFromGitHub { |   #     self.nixery | ||||||
|       owner = "tweag"; |   #     self.ormolu | ||||||
|       repo = "ormolu"; |   #     self.terraform-gcp | ||||||
|       rev = "a7076c0f83e5c06ea9067b71171859fa2ba8afd9"; |   #   ] ++ filter (d: d ? meta.broken && !d.meta.broken) (attrValues self.tazjin); | ||||||
|       sha256 = "1p4n2ja4ciw3qfskn65ggpy37mvgf2sslxqmqn8s8jjarnqcyfny"; |   # }; | ||||||
|     }) { pkgs = self; }; |  | ||||||
|     naersk = self.callPackage (self.fetchFromGitHub { |  | ||||||
|       owner = "nmattia"; |  | ||||||
|       repo = "naersk"; |  | ||||||
|       rev = "68c1c2b2b661913cdc5ecabea518dfdc4f449027"; |  | ||||||
|       sha256 = "1ll310pl44kdbwfslzwvg2v7khf1y0xkg2j5wcfia4k7sj6bcl28"; |  | ||||||
|     }) {}; |  | ||||||
| 
 |  | ||||||
|     # Gemma needs an older version of Elm to be built. Updating it to |  | ||||||
|     # the newer version is a lot of effort. |  | ||||||
|     elmPackages = (import (self.fetchFromGitHub { |  | ||||||
|       owner = "NixOS"; |  | ||||||
|       repo = "nixpkgs"; |  | ||||||
|       rev = "14f9ee66e63077539252f8b4550049381a082518"; |  | ||||||
|       sha256 = "1wn7nmb1cqfk2j91l3rwc6yhimfkzxprb8wknw5wi57yhq9m6lv1"; |  | ||||||
|     }) {}).elmPackages; |  | ||||||
| 
 |  | ||||||
|     # Wrap kontemplate to inject the Cloud KMS version of 'pass' |  | ||||||
|     kontemplate = |  | ||||||
|       let master = super.kontemplate.overrideAttrs(_: { |  | ||||||
|         src = self.fetchFromGitHub { |  | ||||||
|           owner = "tazjin"; |  | ||||||
|           repo = "kontemplate"; |  | ||||||
|           rev = "v1.8.0"; |  | ||||||
|           sha256 = "123mjmmm4hynraq1fpn3j5i0a1i87l265kkjraxxxbl0zacv74i1"; |  | ||||||
|         }; |  | ||||||
|       }); |  | ||||||
|       in self.writeShellScriptBin "kontemplate" '' |  | ||||||
|         export PATH="${self.tazjin.kms_pass}/bin:$PATH" |  | ||||||
|         exec ${master}/bin/kontemplate $@ |  | ||||||
|       ''; |  | ||||||
| 
 |  | ||||||
|     # One of Gemma's dependencies is missing in nixpkgs' Quicklisp |  | ||||||
|     # package set, it is overlaid locally here. |  | ||||||
|     lispPackages = import ./third_party/common_lisp/quicklisp.nix { |  | ||||||
|       inherit (self) lib; |  | ||||||
|       inherit (super) lispPackages; |  | ||||||
|     }; |  | ||||||
| 
 |  | ||||||
|     # All projects that should be built by CI should be added here: |  | ||||||
|     ciProjects = [ |  | ||||||
|       self.kontemplate |  | ||||||
|       self.nixery |  | ||||||
|       self.ormolu |  | ||||||
|       self.terraform-gcp |  | ||||||
|     ] ++ filter (d: d ? meta.broken && !d.meta.broken) (attrValues self.tazjin); |  | ||||||
|   }; |  | ||||||
| 
 | 
 | ||||||
| in { ... } @ args: import stableSrc (args // { | in { ... } @ args: import stableSrc (args // { | ||||||
|     overlays = [ localPkgs ]; |     overlays = [ localPkgs ]; | ||||||
|  |  | ||||||
							
								
								
									
										10
									
								
								overrides/elmPackages.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								overrides/elmPackages.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,10 @@ | ||||||
|  | # Gemma needs an older version of Elm to be built. Updating it to | ||||||
|  | # the newer version is a lot of effort. | ||||||
|  | { pkgs, ... }: | ||||||
|  | 
 | ||||||
|  | (import (pkgs.fetchFromGitHub { | ||||||
|  |   owner = "NixOS"; | ||||||
|  |   repo = "nixpkgs"; | ||||||
|  |   rev = "14f9ee66e63077539252f8b4550049381a082518"; | ||||||
|  |   sha256 = "1wn7nmb1cqfk2j91l3rwc6yhimfkzxprb8wknw5wi57yhq9m6lv1"; | ||||||
|  | }) {}).elmPackages | ||||||
							
								
								
									
										14
									
								
								overrides/kontemplate.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								overrides/kontemplate.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,14 @@ | ||||||
|  | { pkgs, upstream, ... }: | ||||||
|  | 
 | ||||||
|  | let master = upstream.kontemplate.overrideAttrs(_: { | ||||||
|  |   src = pkgs.fetchFromGitHub { | ||||||
|  |     owner = "tazjin"; | ||||||
|  |     repo = "kontemplate"; | ||||||
|  |     rev = "v1.8.0"; | ||||||
|  |     sha256 = "123mjmmm4hynraq1fpn3j5i0a1i87l265kkjraxxxbl0zacv74i1"; | ||||||
|  |   }; | ||||||
|  | }); | ||||||
|  | in pkgs.writeShellScriptBin "kontemplate" '' | ||||||
|  |   export PATH="${pkgs.tools.kms_pass}/bin:$PATH" | ||||||
|  |   exec ${master}/bin/kontemplate $@ | ||||||
|  | '' | ||||||
							
								
								
									
										8
									
								
								overrides/lispPackages/default.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								overrides/lispPackages/default.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,8 @@ | ||||||
|  | # One of Gemma's dependencies is missing in nixpkgs' Quicklisp | ||||||
|  | # package set, it is overlaid locally here. | ||||||
|  | { pkgs, upstream, ... }: | ||||||
|  | 
 | ||||||
|  | import ./quicklisp.nix { | ||||||
|  |   inherit (pkgs) lib; | ||||||
|  |   inherit (upstream) lispPackages; | ||||||
|  | } | ||||||
|  | @ -1,6 +1,3 @@ | ||||||
| # Overlay over `pkgs.lispPackages` that adds additional packages which |  | ||||||
| # are missing from the imported Quicklisp package set in nixpkgs. |  | ||||||
| 
 |  | ||||||
| { lib, lispPackages }: | { lib, lispPackages }: | ||||||
| 
 | 
 | ||||||
| let inherit (lispPackages) buildLispPackage qlOverrides fetchurl; | let inherit (lispPackages) buildLispPackage qlOverrides fetchurl; | ||||||
|  | @ -1,4 +1,4 @@ | ||||||
| path: self: super: | path: { pkgs, ... } @ args: | ||||||
| 
 | 
 | ||||||
| let | let | ||||||
|   inherit (builtins) |   inherit (builtins) | ||||||
|  | @ -15,8 +15,6 @@ let | ||||||
|     toPath |     toPath | ||||||
|     toString; |     toString; | ||||||
| 
 | 
 | ||||||
|   args = { pkgs = self; }; |  | ||||||
| 
 |  | ||||||
|   zipAttrs = names: values: |   zipAttrs = names: values: | ||||||
|     if (names == []) || (values == []) |     if (names == []) || (values == []) | ||||||
|     then [] |     then [] | ||||||
|  |  | ||||||
|  | @ -1,17 +1,20 @@ | ||||||
| { stdenv, sbcl, lispPackages, elmPackages, makeWrapper, openssl }: | { pkgs, ... }: | ||||||
| 
 | 
 | ||||||
| let frontend = stdenv.mkDerivation { | let | ||||||
|   name = "gemma-frontend"; |   inherit (pkgs) stdenv sbcl lispPackages elmPackages makeWrapper openssl; | ||||||
|   src = ./frontend; |  | ||||||
|   buildInputs = [ elmPackages.elm ]; |  | ||||||
| 
 | 
 | ||||||
|   phases = [ "unpackPhase" "buildPhase" ]; |   frontend = stdenv.mkDerivation { | ||||||
|   buildPhase = '' |     name = "gemma-frontend"; | ||||||
|     mkdir .home && export HOME="$PWD/.home" |     src = ./frontend; | ||||||
|     mkdir -p $out |     buildInputs = [ elmPackages.elm ]; | ||||||
|     elm-make --yes Main.elm --output $out/index.html | 
 | ||||||
|   ''; |     phases = [ "unpackPhase" "buildPhase" ]; | ||||||
| }; |     buildPhase = '' | ||||||
|  |       mkdir .home && export HOME="$PWD/.home" | ||||||
|  |       mkdir -p $out | ||||||
|  |       elm-make --yes Main.elm --output $out/index.html | ||||||
|  |     ''; | ||||||
|  |   }; | ||||||
| in stdenv.mkDerivation rec { | in stdenv.mkDerivation rec { | ||||||
|   name = "gemma"; |   name = "gemma"; | ||||||
|   src = ./.; |   src = ./.; | ||||||
|  |  | ||||||
|  | @ -0,0 +1,3 @@ | ||||||
|  | { pkgs, ... }: | ||||||
|  | 
 | ||||||
|  | pkgs.third_party.naersk.buildPackage ./. {} | ||||||
|  | @ -2,9 +2,10 @@ | ||||||
| # | # | ||||||
| # tazblog.nix was generated using cabal2nix. | # tazblog.nix was generated using cabal2nix. | ||||||
| 
 | 
 | ||||||
| { writeShellScriptBin, haskell }: | { pkgs, ... }: | ||||||
| 
 | 
 | ||||||
| let | let | ||||||
|  |   inherit (pkgs) writeShellScriptBin haskell; | ||||||
|   tazblog = haskell.packages.ghc865.callPackage ./tazblog.nix {}; |   tazblog = haskell.packages.ghc865.callPackage ./tazblog.nix {}; | ||||||
|   wrapper =  writeShellScriptBin "tazblog" '' |   wrapper =  writeShellScriptBin "tazblog" '' | ||||||
|     export PORT=8000 |     export PORT=8000 | ||||||
|  |  | ||||||
							
								
								
									
										9
									
								
								third_party/naersk.nix
									
										
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								third_party/naersk.nix
									
										
									
									
										vendored
									
									
										Normal file
									
								
							|  | @ -0,0 +1,9 @@ | ||||||
|  | { pkgs, ... }: | ||||||
|  | 
 | ||||||
|  | let inherit (pkgs) callPackage fetchFromGitHub; | ||||||
|  | in callPackage (fetchFromGitHub { | ||||||
|  |   owner = "nmattia"; | ||||||
|  |   repo = "naersk"; | ||||||
|  |   rev = "68c1c2b2b661913cdc5ecabea518dfdc4f449027"; | ||||||
|  |   sha256 = "1ll310pl44kdbwfslzwvg2v7khf1y0xkg2j5wcfia4k7sj6bcl28"; | ||||||
|  | }) {} | ||||||
							
								
								
									
										2
									
								
								third_party/nixery.nix
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								third_party/nixery.nix
									
										
									
									
										vendored
									
									
								
							|  | @ -1,6 +1,6 @@ | ||||||
| # Technically I suppose Nixery is not a third-party program, but it's | # Technically I suppose Nixery is not a third-party program, but it's | ||||||
| # outside of this repository ... | # outside of this repository ... | ||||||
| { pkgs }: | { pkgs, ... }: | ||||||
| 
 | 
 | ||||||
| let src = pkgs.fetchFromGitHub { | let src = pkgs.fetchFromGitHub { | ||||||
|   owner = "google"; |   owner = "google"; | ||||||
|  |  | ||||||
							
								
								
									
										8
									
								
								third_party/ormolu.nix
									
										
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								third_party/ormolu.nix
									
										
									
									
										vendored
									
									
										Normal file
									
								
							|  | @ -0,0 +1,8 @@ | ||||||
|  | { pkgs, ... }: | ||||||
|  | 
 | ||||||
|  | import (pkgs.fetchFromGitHub { | ||||||
|  |   owner = "tweag"; | ||||||
|  |   repo = "ormolu"; | ||||||
|  |   rev = "a7076c0f83e5c06ea9067b71171859fa2ba8afd9"; | ||||||
|  |   sha256 = "1p4n2ja4ciw3qfskn65ggpy37mvgf2sslxqmqn8s8jjarnqcyfny"; | ||||||
|  | }) { inherit pkgs; } | ||||||
							
								
								
									
										3
									
								
								third_party/terraform-gcp.nix
									
										
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								third_party/terraform-gcp.nix
									
										
									
									
										vendored
									
									
										Normal file
									
								
							|  | @ -0,0 +1,3 @@ | ||||||
|  | { pkgs, ... }: | ||||||
|  | 
 | ||||||
|  | pkgs.terraform_0_12.withPlugins(p: [ p.google p.google-beta ]) | ||||||
|  | @ -11,19 +11,19 @@ readonly TARGET_TOOL=$(basename $0) | ||||||
| 
 | 
 | ||||||
| case "${TARGET_TOOL}" in | case "${TARGET_TOOL}" in | ||||||
|   terraform) |   terraform) | ||||||
|     attr="terraform-gcp" |     attr="third_party.terraform-gcp" | ||||||
|     ;; |     ;; | ||||||
|   kontemplate) |   kontemplate) | ||||||
|     attr="kontemplate" |     attr="kontemplate" | ||||||
|     ;; |     ;; | ||||||
|   blog_cli) |   blog_cli) | ||||||
|     attr="tazjin.blog_cli" |     attr="tools.blog_cli" | ||||||
|     ;; |     ;; | ||||||
|   stern) |   stern) | ||||||
|     attr="stern" |     attr="stern" | ||||||
|     ;; |     ;; | ||||||
|   pass) |   pass) | ||||||
|     attr="tazjin.kms_pass" |     attr="tools.kms_pass" | ||||||
|     ;; |     ;; | ||||||
|   *) |   *) | ||||||
|     echo "The tool '${TARGET_TOOL}' is currently not installed in this repository." |     echo "The tool '${TARGET_TOOL}' is currently not installed in this repository." | ||||||
|  |  | ||||||
|  | @ -1,6 +1,6 @@ | ||||||
| { buildGoPackage }: | { pkgs, ... }: | ||||||
| 
 | 
 | ||||||
| buildGoPackage { | pkgs.buildGoPackage { | ||||||
|   name = "blog_cli"; |   name = "blog_cli"; | ||||||
|   goPackagePath = "github.com/tazjin/personal/blog_cli"; |   goPackagePath = "github.com/tazjin/personal/blog_cli"; | ||||||
|   src = ./.; |   src = ./.; | ||||||
|  |  | ||||||
|  | @ -6,10 +6,10 @@ | ||||||
| # | # | ||||||
| # Only the 'show' and 'insert' commands are supported. | # Only the 'show' and 'insert' commands are supported. | ||||||
| 
 | 
 | ||||||
| { google-cloud-sdk, tree, writeShellScriptBin | { pkgs, kms, ... }: | ||||||
| , project, region, keyring, key }: |  | ||||||
| 
 | 
 | ||||||
| writeShellScriptBin "pass" '' | let inherit (pkgs) google-cloud-sdk tree writeShellScriptBin; | ||||||
|  | in writeShellScriptBin "pass" '' | ||||||
|   set -eo pipefail |   set -eo pipefail | ||||||
| 
 | 
 | ||||||
|   CMD="$1" |   CMD="$1" | ||||||
|  | @ -34,20 +34,20 @@ writeShellScriptBin "pass" '' | ||||||
|     show) |     show) | ||||||
|       secret_check |       secret_check | ||||||
|       ${google-cloud-sdk}/bin/gcloud kms decrypt \ |       ${google-cloud-sdk}/bin/gcloud kms decrypt \ | ||||||
|         --project ${project} \ |         --project ${kms.project} \ | ||||||
|         --location ${region} \ |         --location ${kms.region} \ | ||||||
|         --keyring ${keyring} \ |         --keyring ${kms.keyring} \ | ||||||
|         --key ${key} \ |         --key ${kms.key} \ | ||||||
|         --ciphertext-file $SECRET_PATH \ |         --ciphertext-file $SECRET_PATH \ | ||||||
|         --plaintext-file - |         --plaintext-file - | ||||||
|       ;; |       ;; | ||||||
|     insert) |     insert) | ||||||
|       secret_check |       secret_check | ||||||
|       ${google-cloud-sdk}/bin/gcloud kms encrypt \ |       ${google-cloud-sdk}/bin/gcloud kms encrypt \ | ||||||
|         --project ${project} \ |         --project ${kms.project} \ | ||||||
|         --location ${region} \ |         --location ${kms.region} \ | ||||||
|         --keyring ${keyring} \ |         --keyring ${kms.keyring} \ | ||||||
|         --key ${key} \ |         --key ${kms.key} \ | ||||||
|         --ciphertext-file $SECRET_PATH \ |         --ciphertext-file $SECRET_PATH \ | ||||||
|         --plaintext-file - |         --plaintext-file - | ||||||
|       echo "Inserted secret '$SECRET'" |       echo "Inserted secret '$SECRET'" | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue