chore(nix): remove entire nix build architecture

2024-05-30 14:36:05 +02:00 · 2024-05-30 14:36:05 +02:00 · 69afef93c9
commit 69afef93c9
parent 88739d326d
22 changed files with 0 additions and 14843 deletions
--- a/nix/aws-patch.nix
+++ b/nix/aws-patch.nix
@ -1,15 +0,0 @@
 # SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 final: prev:
 let
  awsPatch = prev.fetchurl {
    url = "https://github.com/gkleen/nix/commit/fd67a0f927ec0711eba59714939ff939fc95db38.diff";
    hash = "sha256-1dJ9zGQvYu5b47O2NjdggSSinlGQDcqBwXoZcKUGfYQ=";
  };
 in {
  nixUnstable = prev.nixUnstable.overrideAttrs (oldAttrs: {
    patches = oldAttrs.patches or [] ++ [ awsPatch ];
  });
 }
--- a/nix/develop.nix
+++ b/nix/develop.nix
@ -1,217 +0,0 @@
 # SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 { pkgs
 , prev ? pkgs
 , doPortOffset ? true
 , doDevelopEnv ? true
 }:
 with prev.lib;
 let
  withDevelop = action: ''
    #!${pkgs.zsh}/bin/zsh -e
    ${optionalString doDevelopEnv ''
        basePath=$(pwd)
        exec 4<>''${basePath}/.develop.env
        flockRes=
        set +e
        ${pkgs.util-linux}/bin/flock -en 4; flockRes=$?
        set -e
        if [[ ''${flockRes} -ne 0 ]]; then
          echo "Could not take exclusive lock; is another develop running?" >&2
          exit ''${flockRes}
        fi
    ''}
    cleanup() {
      set +e -x
      type cleanup_postgres &>/dev/null && cleanup_postgres
      type cleanup_widget_memcached &>/dev/null && cleanup_widget_memcached
      type cleanup_session_memcached &>/dev/null && cleanup_session_memcached
      type cleanup_cache_memcached &>/dev/null && cleanup_cache_memcached
      type cleanup_minio &>/dev/null && cleanup_minio
      type cleanup_maildev &>/dev/null && cleanup_maildev
      ${optionalString doDevelopEnv ''
        [ -f "''${basePath}/.develop.env" ] && rm -vf "''${basePath}/.develop.env"
      ''}
      set +x
    }
    trap cleanup EXIT
    export PORT_OFFSET=${if doPortOffset then "$(((16#$(echo \"fradrive $(whoami)\" | sha256sum | head -c 16)) % 1000))" else "0"}
    if [[ -z "$PGHOST" ]]; then
      set -xe
      pgDir=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} postgresql.XXXXXX)
      pgSockDir=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} postgresql.sock.XXXXXX)
      pgLogFile=$(mktemp --tmpdir=''${XDG_RUNTIME_DIR} postgresql.XXXXXX.log)
      initdb --no-locale -D ''${pgDir}
      pg_ctl start -D ''${pgDir} -l ''${pgLogFile} -w -o "-k ''${pgSockDir} -c listen_addresses=''' -c hba_file='${postgresHba}' -c unix_socket_permissions=0700 -c max_connections=9990 -c shared_preload_libraries=pg_stat_statements -c auto_explain.log_min_duration=100ms"
      psql -h ''${pgSockDir} -f ${postgresSchema} postgres
      printf "Postgres logfile is %s\nPostgres socket directory is %s\n" ''${pgLogFile} ''${pgSockDir}
      export PGHOST=''${pgSockDir}
      export PGLOG=''${pgLogFile}
      cleanup_postgres() {
          set +e -x
          pg_ctl stop -D ''${pgDir}
          rm -rvf ''${pgDir} ''${pgSockDir} ''${pgLogFile}
          set +x
      }
      set +xe
    fi
    if [[ -z "$WIDGET_MEMCACHED_HOST" ]]; then
      set -xe
      memcached -l localhost -p $(($PORT_OFFSET + 11211)) &>/dev/null &
      widget_memcached_pid=$!
      export WIDGET_MEMCACHED_HOST=localhost
      export WIDGET_MEMCACHED_PORT=$(($PORT_OFFSET + 11211))
      cleanup_widget_memcached() {
        [[ -n "$widget_memcached_pid" ]] && kill $widget_memcached_pid
      }
      set +xe
    fi
    if [[ -z "$SESSION_MEMCACHED_HOST" ]]; then
      set -xe
      memcached -l localhost -p $(($PORT_OFFSET + 11212)) &>/dev/null &
      session_memcached_pid=$!
      export SESSION_MEMCACHED_HOST=localhost
      export SESSION_MEMCACHED_PORT=$(($PORT_OFFSET + 11212))
      cleanup_session_memcached() {
        [[ -n "$session_memcached_pid" ]] && kill $session_memcached_pid
      }
      set +xe
    fi
    if [[ -z "$MEMCACHED_HOST" ]]; then
      set -xe
      memcached -l localhost -p $(($PORT_OFFSET + 11213)) &>/dev/null &
      memcached_pid=$!
      export MEMCACHED_HOST=localhost
      export MEMCACHED_PORT=$(($PORT_OFFSET + 11212))
      cleanup_session_memcached() {
        [[ -n "$memcached_pid" ]] && kill $memcached_pid
      }
      set +xe
    fi
    if [[ -z "$UPLOAD_S3_HOST" ]]; then
       set -xe
       cleanup_minio() {
         [[ -n "$minio_pid" ]] && kill $minio_pid
         [[ -n "''${MINIO_DIR}" ]] && rm -rvf ''${MINIO_DIR}
         [[ -n "''${MINIO_LOGFILE}" ]] && rm -rvf ''${MINIO_LOGFILE}
       }
       export MINIO_DIR=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} minio.XXXXXX)
       export MINIO_LOGFILE=$(mktemp --tmpdir=''${XDG_RUNTIME_DIR} minio.XXXXXX.log)
       export MINIO_ACCESS_KEY=$(${pkgs.pwgen}/bin/pwgen -s 16 1)
       export MINIO_SECRET_KEY=$(${pkgs.pwgen}/bin/pwgen -s 32 1)
       minio server --address localhost:$(($PORT_OFFSET + 9000)) ''${MINIO_DIR} &>''${MINIO_LOGFILE} &
       minio_pid=$!
       export UPLOAD_S3_HOST=localhost
       export UPLOAD_S3_PORT=$(($PORT_OFFSET + 9000))
       export UPLOAD_S3_SSL=false
       export UPLOAD_S3_KEY_ID=''${MINIO_ACCESS_KEY}
       export UPLOAD_S3_KEY=''${MINIO_SECRET_KEY}
       sleep 1
       set +xe
    fi
    ${optionalString (pkgs.nodePackages ? "maildev") ''
      if [[ -z "$SMTPHOST" ]]; then
        set -xe
        cleanup_maildev() {
          [[ -n "$maildev_pid" ]] && kill $maildev_pid
        }
        TMPDIR=''${XDG_RUNTIME_DIR} ${pkgs.nodePackages.maildev}/bin/maildev --smtp $(($PORT_OFFSET + 1025)) --web $(($PORT_OFFSET + 8080)) --ip localhost --web-ip localhost &>/dev/null &
        maildev_pid=$!
        export SMTPHOST=localhost
        export SMTPPORT=$(($PORT_OFFSET + 1025))
        export SMTPSSL=none
        set +xe
      fi
    ''}
    ${optionalString doDevelopEnv ''
        set -xe
        cat >&4 <<EOF
        PORT_OFFSET=''${PORT_OFFSET}
        PGHOST=''${pgSockDir}
        PGLOG=''${pgLogFile}
        WIDGET_MEMCACHED_HOST=localhost
        WIDGET_MEMCACHED_PORT=$(($PORT_OFFSET + 11211))
        SESSION_MEMCACHED_HOST=localhost
        SESSION_MEMCACHED_PORT=$(($PORT_OFFSET + 11212))
        MEMCACHED_HOST=localhost
        MEMCACHED_PORT=$(($PORT_OFFSET + 11212))
        MINIO_DIR=''${MINIO_DIR}
        MINIO_LOGFILE=''${MINIO_LOGFILE}
        UPLOAD_S3_HOST=localhost
        UPLOAD_S3_PORT=$(($PORT_OFFSET + 9000))
        UPLOAD_S3_SSL=false
        UPLOAD_S3_KEY_ID=''${MINIO_ACCESS_KEY}
        UPLOAD_S3_KEY=''${MINIO_SECRET_KEY}
        SMTPHOST=''${SMTPHOST}
        SMTPPORT=''${SMTPPORT}
        SMTPSSL=''${SMTPSSL}
        EOF
        set +xe
    ''}
    ${action}
  '';
  postgresSchema = prev.writeText "schema.sql" ''
    CREATE USER uniworx WITH SUPERUSER;
    CREATE DATABASE uniworx_test;
    GRANT ALL ON DATABASE uniworx_test TO uniworx;
    CREATE DATABASE uniworx;
    GRANT ALL ON DATABASE uniworx TO uniworx;
  '';
  postgresHba = prev.writeText "hba_file" ''
    local all all trust
  '';
 in withDevelop
--- a/nix/docker/default.nix
+++ b/nix/docker/default.nix
@ -1,116 +0,0 @@
 # SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor@kleen.consulting>, Steffen Jost <jost@tcs.ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 { self }: final: prev:
 with prev.lib;
 let
  created =
    let
      fromDate = builtins.readFile (prev.runCommand "date" { nativeBuildInputs = with final; [ coreutils ]; } ''
        printf '%s' $(date -Is -d '@${toString self.lastModified}') > $out
      '');
    in if self ? lastModified then fromDate else "1970-01-01T00:00:01Z";
  mkUniworxDocker = { isTest }: prev.dockerTools.buildImage {
    name = "uniworx${optionalString isTest "-test"}";
    tag =
      let
        versionFile = if isTest then ./test-version.json else ./version.json;
      in (builtins.fromJSON (prev.lib.readFile versionFile)).version;
    inherit created;
    contents = with final; [
      uniworx.uniworx.components.exes.uniworx
      prev.dockerTools.binSh findutils coreutils
      iana-etc
      # for PDF creation with Pandoc and LuaTeX
      #cups # needed for interface with print center -- did not work as intended, requires lpd running
      busybox # should provide a working lpr -- to be tested
      htop
      pdftk # for encrypting pdfs
      #texlive.combined.scheme-medium # too large for container in LMU build environment.
      (texlive.combine {
          inherit (texlive) scheme-basic
            babel-german babel-english booktabs textpos
            enumitem eurosym koma-script parskip xcolor dejavu
            # required fro LuaTeX
            luatexbase lualatex-math unicode-math selnolig
            ;
        })
      # just for manual testing within the pod, may be removef for production?
      curl wget netcat openldap
      unixtools.netstat htop gnugrep
      locale
    ];
    runAsRoot = ''
      #!${final.stdenv.shell}
      ${prev.dockerTools.shadowSetup}
      mkdir -p /var/lib
      groupadd -r uniworx
      useradd -r -g uniworx -d /var/lib/uniworx -M uniworx --uid 999
      install -d -g uniworx -o uniworx -m 0750 /var/lib/uniworx
      mkdir -p /var/log
      install -d -g uniworx -o uniworx -m 0755 /var/log/uniworx
      # just to see how to create directories here
      mkdir -p /testdir
    '';
    config =
      let
        entrypoint = prev.writeScriptBin "uniworx-entrypoint" ''
          #!${final.zsh}/bin/zsh -xe
          cTime=$(date -Is)
          # export LOGDEST=/var/log/uniworx/''${cTime}.log # kubernetes prefers log via stdout
          typeset -a configs
          configs=()
          configDir=''${CONFIG_DIR-/cfg}
          if [[ -d "''${configDir}" ]]; then
            while IFS= read -d $'\0' cfg; do
              configs+=("''${(q)cfg}")
            done < <(find "''${configDir}" \( -name '*.yml' -o -name '*.yaml' \) -print0 | sort -rz)
          fi
          configs+=('${uniworxConfig}')
          cd /var/lib/uniworx
          exec -- uniworx ''${configs}
        '';
        postgresSchema = prev.writeText "schema.sql" ''
          CREATE USER uniworx WITH SUPERUSER;
          CREATE DATABASE uniworx;
          GRANT ALL ON DATABASE uniworx TO uniworx;
        '';
        postgresHba = prev.writeText "hba_file" ''
          local all all trust
        '';
        uniworxConfig = prev.writeText "uni2work.yml" ''
          port: 8080
          approot: "_env:APPROOT:http://localhost:8080"
        '';
      in {
        Cmd = [ "${entrypoint}/bin/uniworx-entrypoint" ];
        User = "uniworx:uniworx";
        ExposedPorts = {
          "8080/tcp" = {};
        };
        Volumes = {
          "/var/lib/uniworx" = {};
          "/var/log" = {};
        };
      };
  };
 in
 mapAttrs (_name: mkUniworxDocker) {
  uniworxTestDocker = { isTest = true; };
  uniworxDocker = { isTest = false; };
 }
--- a/nix/docker/test-version.json
+++ b/nix/docker/test-version.json
@ -1,3 +0,0 @@
 {
  "version": "27.4.18"
 }
--- a/nix/docker/test-version.json.license
+++ b/nix/docker/test-version.json.license
@ -1,3 +0,0 @@
 SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>
 SPDX-License-Identifier: AGPL-3.0-or-later
--- a/nix/docker/version.json
+++ b/nix/docker/version.json
@ -1,3 +0,0 @@
 {
  "version": "27.4.56"
 }
--- a/nix/docker/version.json.license
+++ b/nix/docker/version.json.license
@ -1,3 +0,0 @@
 SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
 SPDX-License-Identifier: AGPL-3.0-or-later
--- a/nix/frontend/default.nix
+++ b/nix/frontend/default.nix
@ -1,19 +0,0 @@
 # SPDX-FileCopyrightText: 2022-2023 Gregor Kleen <gregor@kleen.consulting>, Sarah Vaupel <sarah.vaupel@ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 {pkgs ? import <nixpkgs> {
    inherit system;
  }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-14_x"}:
 let
  nodeEnv = import ./node-env.nix {
    inherit (pkgs) stdenv lib python2 runCommand writeTextFile writeShellScript;
    inherit pkgs nodejs;
    libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
  };
 in
 import ./node-packages.nix {
  inherit (pkgs) fetchurl fetchurlBoot nix-gitignore stdenv lib fetchgit;
  inherit nodeEnv;
 }
--- a/nix/frontend/node-env.nix
+++ b/nix/frontend/node-env.nix
@ -1,689 +0,0 @@
 # This file originates from node2nix
 {lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript}:
 let
  # Workaround to cope with utillinux in Nixpkgs 20.09 and util-linux in Nixpkgs master
  utillinux = if pkgs ? utillinux then pkgs.utillinux else pkgs.util-linux;
  python = if nodejs ? python then nodejs.python else python2;
  # Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise
  tarWrapper = runCommand "tarWrapper" {} ''
    mkdir -p $out/bin
    cat > $out/bin/tar <<EOF
    #! ${stdenv.shell} -e
    $(type -p tar) "\$@" --warning=no-unknown-keyword --delay-directory-restore
    EOF
    chmod +x $out/bin/tar
  '';
  # Function that generates a TGZ file from a NPM project
  buildNodeSourceDist =
    { name, version, src, ... }:
    stdenv.mkDerivation {
      name = "node-tarball-${name}-${version}";
      inherit src;
      buildInputs = [ nodejs ];
      buildPhase = ''
        export HOME=$TMPDIR
        tgzFile=$(npm pack | tail -n 1) # Hooks to the pack command will add output (https://docs.npmjs.com/misc/scripts)
      '';
      installPhase = ''
        mkdir -p $out/tarballs
        mv $tgzFile $out/tarballs
        mkdir -p $out/nix-support
        echo "file source-dist $out/tarballs/$tgzFile" >> $out/nix-support/hydra-build-products
      '';
    };
  # Common shell logic
  installPackage = writeShellScript "install-package" ''
    installPackage() {
      local packageName=$1 src=$2
      local strippedName
      local DIR=$PWD
      cd $TMPDIR
      unpackFile $src
      # Make the base dir in which the target dependency resides first
      mkdir -p "$(dirname "$DIR/$packageName")"
      if [ -f "$src" ]
      then
          # Figure out what directory has been unpacked
          packageDir="$(find . -maxdepth 1 -type d | tail -1)"
          # Restore write permissions to make building work
          find "$packageDir" -type d -exec chmod u+x {} \;
          chmod -R u+w "$packageDir"
          # Move the extracted tarball into the output folder
          mv "$packageDir" "$DIR/$packageName"
      elif [ -d "$src" ]
      then
          # Get a stripped name (without hash) of the source directory.
          # On old nixpkgs it's already set internally.
          if [ -z "$strippedName" ]
          then
              strippedName="$(stripHash $src)"
          fi
          # Restore write permissions to make building work
          chmod -R u+w "$strippedName"
          # Move the extracted directory into the output folder
          mv "$strippedName" "$DIR/$packageName"
      fi
      # Change to the package directory to install dependencies
      cd "$DIR/$packageName"
    }
  '';
  # Bundle the dependencies of the package
  #
  # Only include dependencies if they don't exist. They may also be bundled in the package.
  includeDependencies = {dependencies}:
    lib.optionalString (dependencies != []) (
      ''
        mkdir -p node_modules
        cd node_modules
      ''
      + (lib.concatMapStrings (dependency:
        ''
          if [ ! -e "${dependency.packageName}" ]; then
              ${composePackage dependency}
          fi
        ''
      ) dependencies)
      + ''
        cd ..
      ''
    );
  # Recursively composes the dependencies of a package
  composePackage = { name, packageName, src, dependencies ? [], ... }@args:
    builtins.addErrorContext "while evaluating node package '${packageName}'" ''
      installPackage "${packageName}" "${src}"
      ${includeDependencies { inherit dependencies; }}
      cd ..
      ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
    '';
  pinpointDependencies = {dependencies, production}:
    let
      pinpointDependenciesFromPackageJSON = writeTextFile {
        name = "pinpointDependencies.js";
        text = ''
          var fs = require('fs');
          var path = require('path');
          function resolveDependencyVersion(location, name) {
              if(location == process.env['NIX_STORE']) {
                  return null;
              } else {
                  var dependencyPackageJSON = path.join(location, "node_modules", name, "package.json");
                  if(fs.existsSync(dependencyPackageJSON)) {
                      var dependencyPackageObj = JSON.parse(fs.readFileSync(dependencyPackageJSON));
                      if(dependencyPackageObj.name == name) {
                          return dependencyPackageObj.version;
                      }
                  } else {
                      return resolveDependencyVersion(path.resolve(location, ".."), name);
                  }
              }
          }
          function replaceDependencies(dependencies) {
              if(typeof dependencies == "object" && dependencies !== null) {
                  for(var dependency in dependencies) {
                      var resolvedVersion = resolveDependencyVersion(process.cwd(), dependency);
                      if(resolvedVersion === null) {
                          process.stderr.write("WARNING: cannot pinpoint dependency: "+dependency+", context: "+process.cwd()+"\n");
                      } else {
                          dependencies[dependency] = resolvedVersion;
                      }
                  }
              }
          }
          /* Read the package.json configuration */
          var packageObj = JSON.parse(fs.readFileSync('./package.json'));
          /* Pinpoint all dependencies */
          replaceDependencies(packageObj.dependencies);
          if(process.argv[2] == "development") {
              replaceDependencies(packageObj.devDependencies);
          }
          else {
              packageObj.devDependencies = {};
          }
          replaceDependencies(packageObj.optionalDependencies);
          replaceDependencies(packageObj.peerDependencies);
          /* Write the fixed package.json file */
          fs.writeFileSync("package.json", JSON.stringify(packageObj, null, 2));
        '';
      };
    in
    ''
      node ${pinpointDependenciesFromPackageJSON} ${if production then "production" else "development"}
      ${lib.optionalString (dependencies != [])
        ''
          if [ -d node_modules ]
          then
              cd node_modules
              ${lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies}
              cd ..
          fi
        ''}
    '';
  # Recursively traverses all dependencies of a package and pinpoints all
  # dependencies in the package.json file to the versions that are actually
  # being used.
  pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args:
    ''
      if [ -d "${packageName}" ]
      then
          cd "${packageName}"
          ${pinpointDependencies { inherit dependencies production; }}
          cd ..
          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
      fi
    '';
  # Extract the Node.js source code which is used to compile packages with
  # native bindings
  nodeSources = runCommand "node-sources" {} ''
    tar --no-same-owner --no-same-permissions -xf ${nodejs.src}
    mv node-* $out
  '';
  # Script that adds _integrity fields to all package.json files to prevent NPM from consulting the cache (that is empty)
  addIntegrityFieldsScript = writeTextFile {
    name = "addintegrityfields.js";
    text = ''
      var fs = require('fs');
      var path = require('path');
      function augmentDependencies(baseDir, dependencies) {
          for(var dependencyName in dependencies) {
              var dependency = dependencies[dependencyName];
              // Open package.json and augment metadata fields
              var packageJSONDir = path.join(baseDir, "node_modules", dependencyName);
              var packageJSONPath = path.join(packageJSONDir, "package.json");
              if(fs.existsSync(packageJSONPath)) { // Only augment packages that exist. Sometimes we may have production installs in which development dependencies can be ignored
                  console.log("Adding metadata fields to: "+packageJSONPath);
                  var packageObj = JSON.parse(fs.readFileSync(packageJSONPath));
                  if(dependency.integrity) {
                      packageObj["_integrity"] = dependency.integrity;
                  } else {
                      packageObj["_integrity"] = "sha1-000000000000000000000000000="; // When no _integrity string has been provided (e.g. by Git dependencies), add a dummy one. It does not seem to harm and it bypasses downloads.
                  }
                  if(dependency.resolved) {
                      packageObj["_resolved"] = dependency.resolved; // Adopt the resolved property if one has been provided
                  } else {
                      packageObj["_resolved"] = dependency.version; // Set the resolved version to the version identifier. This prevents NPM from cloning Git repositories.
                  }
                  if(dependency.from !== undefined) { // Adopt from property if one has been provided
                      packageObj["_from"] = dependency.from;
                  }
                  fs.writeFileSync(packageJSONPath, JSON.stringify(packageObj, null, 2));
              }
              // Augment transitive dependencies
              if(dependency.dependencies !== undefined) {
                  augmentDependencies(packageJSONDir, dependency.dependencies);
              }
          }
      }
      if(fs.existsSync("./package-lock.json")) {
          var packageLock = JSON.parse(fs.readFileSync("./package-lock.json"));
          if(![1, 2].includes(packageLock.lockfileVersion)) {
            process.stderr.write("Sorry, I only understand lock file versions 1 and 2!\n");
            process.exit(1);
          }
          if(packageLock.dependencies !== undefined) {
              augmentDependencies(".", packageLock.dependencies);
          }
      }
    '';
  };
  # Reconstructs a package-lock file from the node_modules/ folder structure and package.json files with dummy sha1 hashes
  reconstructPackageLock = writeTextFile {
    name = "reconstructpackagelock.js";
    text = ''
      var fs = require('fs');
      var path = require('path');
      var packageObj = JSON.parse(fs.readFileSync("package.json"));
      var lockObj = {
          name: packageObj.name,
          version: packageObj.version,
          lockfileVersion: 2,
          requires: true,
          packages: {
              "": {
                  name: packageObj.name,
                  version: packageObj.version,
                  license: packageObj.license,
                  bin: packageObj.bin,
                  dependencies: packageObj.dependencies,
                  engines: packageObj.engines,
                  optionalDependencies: packageObj.optionalDependencies
              }
          },
          dependencies: {}
      };
      function augmentPackageJSON(filePath, packages, dependencies) {
          var packageJSON = path.join(filePath, "package.json");
          if(fs.existsSync(packageJSON)) {
              var packageObj = JSON.parse(fs.readFileSync(packageJSON));
              packages[filePath] = {
                  version: packageObj.version,
                  integrity: "sha1-000000000000000000000000000=",
                  dependencies: packageObj.dependencies,
                  engines: packageObj.engines,
                  optionalDependencies: packageObj.optionalDependencies
              };
              dependencies[packageObj.name] = {
                  version: packageObj.version,
                  integrity: "sha1-000000000000000000000000000=",
                  dependencies: {}
              };
              processDependencies(path.join(filePath, "node_modules"), packages, dependencies[packageObj.name].dependencies);
          }
      }
      function processDependencies(dir, packages, dependencies) {
          if(fs.existsSync(dir)) {
              var files = fs.readdirSync(dir);
              files.forEach(function(entry) {
                  var filePath = path.join(dir, entry);
                  var stats = fs.statSync(filePath);
                  if(stats.isDirectory()) {
                      if(entry.substr(0, 1) == "@") {
                          // When we encounter a namespace folder, augment all packages belonging to the scope
                          var pkgFiles = fs.readdirSync(filePath);
                          pkgFiles.forEach(function(entry) {
                              if(stats.isDirectory()) {
                                  var pkgFilePath = path.join(filePath, entry);
                                  augmentPackageJSON(pkgFilePath, packages, dependencies);
                              }
                          });
                      } else {
                          augmentPackageJSON(filePath, packages, dependencies);
                      }
                  }
              });
          }
      }
      processDependencies("node_modules", lockObj.packages, lockObj.dependencies);
      fs.writeFileSync("package-lock.json", JSON.stringify(lockObj, null, 2));
    '';
  };
  # Script that links bins defined in package.json to the node_modules bin directory
  # NPM does not do this for top-level packages itself anymore as of v7
  linkBinsScript = writeTextFile {
    name = "linkbins.js";
    text = ''
      var fs = require('fs');
      var path = require('path');
      var packageObj = JSON.parse(fs.readFileSync("package.json"));
      var nodeModules = Array(packageObj.name.split("/").length).fill("..").join(path.sep);
      if(packageObj.bin !== undefined) {
          fs.mkdirSync(path.join(nodeModules, ".bin"))
          if(typeof packageObj.bin == "object") {
              Object.keys(packageObj.bin).forEach(function(exe) {
                  if(fs.existsSync(packageObj.bin[exe])) {
                      console.log("linking bin '" + exe + "'");
                      fs.symlinkSync(
                          path.join("..", packageObj.name, packageObj.bin[exe]),
                          path.join(nodeModules, ".bin", exe)
                      );
                  }
                  else {
                      console.log("skipping non-existent bin '" + exe + "'");
                  }
              })
          }
          else {
              if(fs.existsSync(packageObj.bin)) {
                  console.log("linking bin '" + packageObj.bin + "'");
                  fs.symlinkSync(
                      path.join("..", packageObj.name, packageObj.bin),
                      path.join(nodeModules, ".bin", packageObj.name.split("/").pop())
                  );
              }
              else {
                  console.log("skipping non-existent bin '" + packageObj.bin + "'");
              }
          }
      }
      else if(packageObj.directories !== undefined && packageObj.directories.bin !== undefined) {
          fs.mkdirSync(path.join(nodeModules, ".bin"))
          fs.readdirSync(packageObj.directories.bin).forEach(function(exe) {
              if(fs.existsSync(path.join(packageObj.directories.bin, exe))) {
                  console.log("linking bin '" + exe + "'");
                  fs.symlinkSync(
                      path.join("..", packageObj.name, packageObj.directories.bin, exe),
                      path.join(nodeModules, ".bin", exe)
                  );
              }
              else {
                  console.log("skipping non-existent bin '" + exe + "'");
              }
          })
      }
    '';
  };
  prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}:
    let
      forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com";
    in
    ''
        # Pinpoint the versions of all dependencies to the ones that are actually being used
        echo "pinpointing versions of dependencies..."
        source $pinpointDependenciesScriptPath
        # Patch the shebangs of the bundled modules to prevent them from
        # calling executables outside the Nix store as much as possible
        patchShebangs .
        # Deploy the Node.js package by running npm install. Since the
        # dependencies have been provided already by ourselves, it should not
        # attempt to install them again, which is good, because we want to make
        # it Nix's responsibility. If it needs to install any dependencies
        # anyway (e.g. because the dependency parameters are
        # incomplete/incorrect), it fails.
        #
        # The other responsibilities of NPM are kept -- version checks, build
        # steps, postprocessing etc.
        export HOME=$TMPDIR
        cd "${packageName}"
        runHook preRebuild
        ${lib.optionalString bypassCache ''
          ${lib.optionalString reconstructLock ''
            if [ -f package-lock.json ]
            then
                echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
                echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
                rm package-lock.json
            else
                echo "No package-lock.json file found, reconstructing..."
            fi
            node ${reconstructPackageLock}
          ''}
          node ${addIntegrityFieldsScript}
        ''}
        npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
        runHook postRebuild
        if [ "''${dontNpmInstall-}" != "1" ]
        then
            # NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
            rm -f npm-shrinkwrap.json
            npm ${forceOfflineFlag} --nodedir=${nodeSources} --no-bin-links --ignore-scripts ${npmFlags} ${lib.optionalString production "--production"} install
        fi
        # Link executables defined in package.json
        node ${linkBinsScript}
    '';
  # Builds and composes an NPM package including all its dependencies
  buildNodePackage =
    { name
    , packageName
    , version ? null
    , dependencies ? []
    , buildInputs ? []
    , production ? true
    , npmFlags ? ""
    , dontNpmInstall ? false
    , bypassCache ? false
    , reconstructLock ? false
    , preRebuild ? ""
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
    , meta ? {}
    , ... }@args:
    let
      extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" "meta" ];
    in
    stdenv.mkDerivation ({
      name = "${name}${if version == null then "" else "-${version}"}";
      buildInputs = [ tarWrapper python nodejs ]
        ++ lib.optional (stdenv.isLinux) utillinux
        ++ lib.optional (stdenv.isDarwin) libtool
        ++ buildInputs;
      inherit nodejs;
      inherit dontStrip; # Stripping may fail a build for some package deployments
      inherit dontNpmInstall preRebuild unpackPhase buildPhase;
      compositionScript = composePackage args;
      pinpointDependenciesScript = pinpointDependenciesOfPackage args;
      passAsFile = [ "compositionScript" "pinpointDependenciesScript" ];
      installPhase = ''
        source ${installPackage}
        # Create and enter a root node_modules/ folder
        mkdir -p $out/lib/node_modules
        cd $out/lib/node_modules
        # Compose the package and all its dependencies
        source $compositionScriptPath
        ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
        # Create symlink to the deployed executable folder, if applicable
        if [ -d "$out/lib/node_modules/.bin" ]
        then
            ln -s $out/lib/node_modules/.bin $out/bin
            # Fixup all executables
            ls $out/bin/* | while read i
            do
                file="$(readlink -f "$i")"
                chmod u+rwx "$file"
                if isScript "$file"
                then
                    sed -i 's/\r$//' "$file"  # convert crlf to lf
                fi
            done
        fi
        # Create symlinks to the deployed manual page folders, if applicable
        if [ -d "$out/lib/node_modules/${packageName}/man" ]
        then
            mkdir -p $out/share
            for dir in "$out/lib/node_modules/${packageName}/man/"*
            do
                mkdir -p $out/share/man/$(basename "$dir")
                for page in "$dir"/*
                do
                    ln -s $page $out/share/man/$(basename "$dir")
                done
            done
        fi
        # Run post install hook, if provided
        runHook postInstall
      '';
      meta = {
        # default to Node.js' platforms
        platforms = nodejs.meta.platforms;
      } // meta;
    } // extraArgs);
  # Builds a node environment (a node_modules folder and a set of binaries)
  buildNodeDependencies =
    { name
    , packageName
    , version ? null
    , src
    , dependencies ? []
    , buildInputs ? []
    , production ? true
    , npmFlags ? ""
    , dontNpmInstall ? false
    , bypassCache ? false
    , reconstructLock ? false
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
    , ... }@args:
    let
      extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ];
    in
      stdenv.mkDerivation ({
        name = "node-dependencies-${name}${if version == null then "" else "-${version}"}";
        buildInputs = [ tarWrapper python nodejs ]
          ++ lib.optional (stdenv.isLinux) utillinux
          ++ lib.optional (stdenv.isDarwin) libtool
          ++ buildInputs;
        inherit dontStrip; # Stripping may fail a build for some package deployments
        inherit dontNpmInstall unpackPhase buildPhase;
        includeScript = includeDependencies { inherit dependencies; };
        pinpointDependenciesScript = pinpointDependenciesOfPackage args;
        passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
        installPhase = ''
          source ${installPackage}
          mkdir -p $out/${packageName}
          cd $out/${packageName}
          source $includeScriptPath
          # Create fake package.json to make the npm commands work properly
          cp ${src}/package.json .
          chmod 644 package.json
          ${lib.optionalString bypassCache ''
            if [ -f ${src}/package-lock.json ]
            then
                cp ${src}/package-lock.json .
                chmod 644 package-lock.json
            fi
          ''}
          # Go to the parent folder to make sure that all packages are pinpointed
          cd ..
          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
          ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
          # Expose the executables that were installed
          cd ..
          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
          mv ${packageName} lib
          ln -s $out/lib/node_modules/.bin $out/bin
        '';
      } // extraArgs);
  # Builds a development shell
  buildNodeShell =
    { name
    , packageName
    , version ? null
    , src
    , dependencies ? []
    , buildInputs ? []
    , production ? true
    , npmFlags ? ""
    , dontNpmInstall ? false
    , bypassCache ? false
    , reconstructLock ? false
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
    , ... }@args:
    let
      nodeDependencies = buildNodeDependencies args;
      extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "unpackPhase" "buildPhase" ];
    in
    stdenv.mkDerivation ({
      name = "node-shell-${name}${if version == null then "" else "-${version}"}";
      buildInputs = [ python nodejs ] ++ lib.optional (stdenv.isLinux) utillinux ++ buildInputs;
      buildCommand = ''
        mkdir -p $out/bin
        cat > $out/bin/shell <<EOF
        #! ${stdenv.shell} -e
        $shellHook
        exec ${stdenv.shell}
        EOF
        chmod +x $out/bin/shell
      '';
      # Provide the dependencies in a development shell through the NODE_PATH environment variable
      inherit nodeDependencies;
      shellHook = lib.optionalString (dependencies != []) ''
        export NODE_PATH=${nodeDependencies}/lib/node_modules
        export PATH="${nodeDependencies}/bin:$PATH"
      '';
    } // extraArgs);
 in
 {
  buildNodeSourceDist = lib.makeOverridable buildNodeSourceDist;
  buildNodePackage = lib.makeOverridable buildNodePackage;
  buildNodeDependencies = lib.makeOverridable buildNodeDependencies;
  buildNodeShell = lib.makeOverridable buildNodeShell;
 }
--- a/nix/frontend/node-env.nix.license
+++ b/nix/frontend/node-env.nix.license
@ -1,3 +0,0 @@
 SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor@kleen.consulting>
 SPDX-License-Identifier: AGPL-3.0-or-later
--- a/nix/frontend/node-packages.nix
+++ b/nix/frontend/node-packages.nix
--- a/nix/frontend/node-packages.nix.license
+++ b/nix/frontend/node-packages.nix.license
@ -1,3 +0,0 @@
 SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor@kleen.consulting>
 SPDX-License-Identifier: AGPL-3.0-or-later
--- a/nix/maildev/default.nix
+++ b/nix/maildev/default.nix
@ -1,8 +0,0 @@
 # SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 final: prev:
 {
  nodePackages = (import ./node2nix.nix { pkgs = final; inherit (final.config) system; }) // prev.nodePackages;
 }
--- a/nix/maildev/node-env.nix
+++ b/nix/maildev/node-env.nix
@ -1,571 +0,0 @@
 # SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 # This file originates from node2nix
 {lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile}:
 let
  # Workaround to cope with utillinux in Nixpkgs 20.09 and util-linux in Nixpkgs master
  utillinux = if pkgs ? utillinux then pkgs.utillinux else pkgs.util-linux;
  python = if nodejs ? python then nodejs.python else python2;
  # Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise
  tarWrapper = runCommand "tarWrapper" {} ''
    mkdir -p $out/bin
    cat > $out/bin/tar <<EOF
    #! ${stdenv.shell} -e
    $(type -p tar) "\$@" --warning=no-unknown-keyword --delay-directory-restore
    EOF
    chmod +x $out/bin/tar
  '';
  # Function that generates a TGZ file from a NPM project
  buildNodeSourceDist =
    { name, version, src, ... }:
    stdenv.mkDerivation {
      name = "node-tarball-${name}-${version}";
      inherit src;
      buildInputs = [ nodejs ];
      buildPhase = ''
        export HOME=$TMPDIR
        tgzFile=$(npm pack | tail -n 1) # Hooks to the pack command will add output (https://docs.npmjs.com/misc/scripts)
      '';
      installPhase = ''
        mkdir -p $out/tarballs
        mv $tgzFile $out/tarballs
        mkdir -p $out/nix-support
        echo "file source-dist $out/tarballs/$tgzFile" >> $out/nix-support/hydra-build-products
      '';
    };
  includeDependencies = {dependencies}:
    lib.optionalString (dependencies != [])
      (lib.concatMapStrings (dependency:
        ''
          # Bundle the dependencies of the package
          mkdir -p node_modules
          cd node_modules
          # Only include dependencies if they don't exist. They may also be bundled in the package.
          if [ ! -e "${dependency.name}" ]
          then
              ${composePackage dependency}
          fi
          cd ..
        ''
      ) dependencies);
  # Recursively composes the dependencies of a package
  composePackage = { name, packageName, src, dependencies ? [], ... }@args:
    builtins.addErrorContext "while evaluating node package '${packageName}'" ''
      DIR=$(pwd)
      cd $TMPDIR
      unpackFile ${src}
      # Make the base dir in which the target dependency resides first
      mkdir -p "$(dirname "$DIR/${packageName}")"
      if [ -f "${src}" ]
      then
          # Figure out what directory has been unpacked
          packageDir="$(find . -maxdepth 1 -type d | tail -1)"
          # Restore write permissions to make building work
          find "$packageDir" -type d -exec chmod u+x {} \;
          chmod -R u+w "$packageDir"
          # Move the extracted tarball into the output folder
          mv "$packageDir" "$DIR/${packageName}"
      elif [ -d "${src}" ]
      then
          # Get a stripped name (without hash) of the source directory.
          # On old nixpkgs it's already set internally.
          if [ -z "$strippedName" ]
          then
              strippedName="$(stripHash ${src})"
          fi
          # Restore write permissions to make building work
          chmod -R u+w "$strippedName"
          # Move the extracted directory into the output folder
          mv "$strippedName" "$DIR/${packageName}"
      fi
      # Unset the stripped name to not confuse the next unpack step
      unset strippedName
      # Include the dependencies of the package
      cd "$DIR/${packageName}"
      ${includeDependencies { inherit dependencies; }}
      cd ..
      ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
    '';
  pinpointDependencies = {dependencies, production}:
    let
      pinpointDependenciesFromPackageJSON = writeTextFile {
        name = "pinpointDependencies.js";
        text = ''
          var fs = require('fs');
          var path = require('path');
          function resolveDependencyVersion(location, name) {
              if(location == process.env['NIX_STORE']) {
                  return null;
              } else {
                  var dependencyPackageJSON = path.join(location, "node_modules", name, "package.json");
                  if(fs.existsSync(dependencyPackageJSON)) {
                      var dependencyPackageObj = JSON.parse(fs.readFileSync(dependencyPackageJSON));
                      if(dependencyPackageObj.name == name) {
                          return dependencyPackageObj.version;
                      }
                  } else {
                      return resolveDependencyVersion(path.resolve(location, ".."), name);
                  }
              }
          }
          function replaceDependencies(dependencies) {
              if(typeof dependencies == "object" && dependencies !== null) {
                  for(var dependency in dependencies) {
                      var resolvedVersion = resolveDependencyVersion(process.cwd(), dependency);
                      if(resolvedVersion === null) {
                          process.stderr.write("WARNING: cannot pinpoint dependency: "+dependency+", context: "+process.cwd()+"\n");
                      } else {
                          dependencies[dependency] = resolvedVersion;
                      }
                  }
              }
          }
          /* Read the package.json configuration */
          var packageObj = JSON.parse(fs.readFileSync('./package.json'));
          /* Pinpoint all dependencies */
          replaceDependencies(packageObj.dependencies);
          if(process.argv[2] == "development") {
              replaceDependencies(packageObj.devDependencies);
          }
          replaceDependencies(packageObj.optionalDependencies);
          /* Write the fixed package.json file */
          fs.writeFileSync("package.json", JSON.stringify(packageObj, null, 2));
        '';
      };
    in
    ''
      node ${pinpointDependenciesFromPackageJSON} ${if production then "production" else "development"}
      ${lib.optionalString (dependencies != [])
        ''
          if [ -d node_modules ]
          then
              cd node_modules
              ${lib.concatMapStrings (dependency: pinpointDependenciesOfPackage dependency) dependencies}
              cd ..
          fi
        ''}
    '';
  # Recursively traverses all dependencies of a package and pinpoints all
  # dependencies in the package.json file to the versions that are actually
  # being used.
  pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args:
    ''
      if [ -d "${packageName}" ]
      then
          cd "${packageName}"
          ${pinpointDependencies { inherit dependencies production; }}
          cd ..
          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
      fi
    '';
  # Extract the Node.js source code which is used to compile packages with
  # native bindings
  nodeSources = runCommand "node-sources" {} ''
    tar --no-same-owner --no-same-permissions -xf ${nodejs.src}
    mv node-* $out
  '';
  # Script that adds _integrity fields to all package.json files to prevent NPM from consulting the cache (that is empty)
  addIntegrityFieldsScript = writeTextFile {
    name = "addintegrityfields.js";
    text = ''
      var fs = require('fs');
      var path = require('path');
      function augmentDependencies(baseDir, dependencies) {
          for(var dependencyName in dependencies) {
              var dependency = dependencies[dependencyName];
              // Open package.json and augment metadata fields
              var packageJSONDir = path.join(baseDir, "node_modules", dependencyName);
              var packageJSONPath = path.join(packageJSONDir, "package.json");
              if(fs.existsSync(packageJSONPath)) { // Only augment packages that exist. Sometimes we may have production installs in which development dependencies can be ignored
                  console.log("Adding metadata fields to: "+packageJSONPath);
                  var packageObj = JSON.parse(fs.readFileSync(packageJSONPath));
                  if(dependency.integrity) {
                      packageObj["_integrity"] = dependency.integrity;
                  } else {
                      packageObj["_integrity"] = "sha1-000000000000000000000000000="; // When no _integrity string has been provided (e.g. by Git dependencies), add a dummy one. It does not seem to harm and it bypasses downloads.
                  }
                  if(dependency.resolved) {
                      packageObj["_resolved"] = dependency.resolved; // Adopt the resolved property if one has been provided
                  } else {
                      packageObj["_resolved"] = dependency.version; // Set the resolved version to the version identifier. This prevents NPM from cloning Git repositories.
                  }
                  if(dependency.from !== undefined) { // Adopt from property if one has been provided
                      packageObj["_from"] = dependency.from;
                  }
                  fs.writeFileSync(packageJSONPath, JSON.stringify(packageObj, null, 2));
              }
              // Augment transitive dependencies
              if(dependency.dependencies !== undefined) {
                  augmentDependencies(packageJSONDir, dependency.dependencies);
              }
          }
      }
      if(fs.existsSync("./package-lock.json")) {
          var packageLock = JSON.parse(fs.readFileSync("./package-lock.json"));
          if(![1, 2].includes(packageLock.lockfileVersion)) {
             process.stderr.write("Sorry, I only understand lock file versions 1 and 2!\n");
             process.exit(1);
          }
          if(packageLock.dependencies !== undefined) {
              augmentDependencies(".", packageLock.dependencies);
          }
      }
    '';
  };
  # Reconstructs a package-lock file from the node_modules/ folder structure and package.json files with dummy sha1 hashes
  reconstructPackageLock = writeTextFile {
    name = "addintegrityfields.js";
    text = ''
      var fs = require('fs');
      var path = require('path');
      var packageObj = JSON.parse(fs.readFileSync("package.json"));
      var lockObj = {
          name: packageObj.name,
          version: packageObj.version,
          lockfileVersion: 1,
          requires: true,
          dependencies: {}
      };
      function augmentPackageJSON(filePath, dependencies) {
          var packageJSON = path.join(filePath, "package.json");
          if(fs.existsSync(packageJSON)) {
              var packageObj = JSON.parse(fs.readFileSync(packageJSON));
              dependencies[packageObj.name] = {
                  version: packageObj.version,
                  integrity: "sha1-000000000000000000000000000=",
                  dependencies: {}
              };
              processDependencies(path.join(filePath, "node_modules"), dependencies[packageObj.name].dependencies);
          }
      }
      function processDependencies(dir, dependencies) {
          if(fs.existsSync(dir)) {
              var files = fs.readdirSync(dir);
              files.forEach(function(entry) {
                  var filePath = path.join(dir, entry);
                  var stats = fs.statSync(filePath);
                  if(stats.isDirectory()) {
                      if(entry.substr(0, 1) == "@") {
                          // When we encounter a namespace folder, augment all packages belonging to the scope
                          var pkgFiles = fs.readdirSync(filePath);
                          pkgFiles.forEach(function(entry) {
                              if(stats.isDirectory()) {
                                  var pkgFilePath = path.join(filePath, entry);
                                  augmentPackageJSON(pkgFilePath, dependencies);
                              }
                          });
                      } else {
                          augmentPackageJSON(filePath, dependencies);
                      }
                  }
              });
          }
      }
      processDependencies("node_modules", lockObj.dependencies);
      fs.writeFileSync("package-lock.json", JSON.stringify(lockObj, null, 2));
    '';
  };
  prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}:
    let
      forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com";
    in
    ''
        # Pinpoint the versions of all dependencies to the ones that are actually being used
        echo "pinpointing versions of dependencies..."
        source $pinpointDependenciesScriptPath
        # Patch the shebangs of the bundled modules to prevent them from
        # calling executables outside the Nix store as much as possible
        patchShebangs .
        # Deploy the Node.js package by running npm install. Since the
        # dependencies have been provided already by ourselves, it should not
        # attempt to install them again, which is good, because we want to make
        # it Nix's responsibility. If it needs to install any dependencies
        # anyway (e.g. because the dependency parameters are
        # incomplete/incorrect), it fails.
        #
        # The other responsibilities of NPM are kept -- version checks, build
        # steps, postprocessing etc.
        export HOME=$TMPDIR
        cd "${packageName}"
        runHook preRebuild
        ${lib.optionalString bypassCache ''
          ${lib.optionalString reconstructLock ''
            if [ -f package-lock.json ]
            then
                echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
                echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
                rm package-lock.json
            else
                echo "No package-lock.json file found, reconstructing..."
            fi
            node ${reconstructPackageLock}
          ''}
          node ${addIntegrityFieldsScript}
        ''}
        npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
        if [ "''${dontNpmInstall-}" != "1" ]
        then
            # NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
            rm -f npm-shrinkwrap.json
            npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} install
        fi
    '';
  # Builds and composes an NPM package including all its dependencies
  buildNodePackage =
    { name
    , packageName
    , version
    , dependencies ? []
    , buildInputs ? []
    , production ? true
    , npmFlags ? ""
    , dontNpmInstall ? false
    , bypassCache ? false
    , reconstructLock ? false
    , preRebuild ? ""
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
    , ... }@args:
    let
      extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" ];
    in
    stdenv.mkDerivation ({
      name = "node_${name}-${version}";
      buildInputs = [ tarWrapper python nodejs ]
        ++ lib.optional (stdenv.isLinux) utillinux
        ++ lib.optional (stdenv.isDarwin) libtool
        ++ buildInputs;
      inherit nodejs;
      inherit dontStrip; # Stripping may fail a build for some package deployments
      inherit dontNpmInstall preRebuild unpackPhase buildPhase;
      compositionScript = composePackage args;
      pinpointDependenciesScript = pinpointDependenciesOfPackage args;
      passAsFile = [ "compositionScript" "pinpointDependenciesScript" ];
      installPhase = ''
        # Create and enter a root node_modules/ folder
        mkdir -p $out/lib/node_modules
        cd $out/lib/node_modules
        # Compose the package and all its dependencies
        source $compositionScriptPath
        ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
        # Create symlink to the deployed executable folder, if applicable
        if [ -d "$out/lib/node_modules/.bin" ]
        then
            ln -s $out/lib/node_modules/.bin $out/bin
        fi
        # Create symlinks to the deployed manual page folders, if applicable
        if [ -d "$out/lib/node_modules/${packageName}/man" ]
        then
            mkdir -p $out/share
            for dir in "$out/lib/node_modules/${packageName}/man/"*
            do
                mkdir -p $out/share/man/$(basename "$dir")
                for page in "$dir"/*
                do
                    ln -s $page $out/share/man/$(basename "$dir")
                done
            done
        fi
        # Run post install hook, if provided
        runHook postInstall
      '';
    } // extraArgs);
  # Builds a node environment (a node_modules folder and a set of binaries)
  buildNodeDependencies =
    { name
    , packageName
    , version
    , src
    , dependencies ? []
    , buildInputs ? []
    , production ? true
    , npmFlags ? ""
    , dontNpmInstall ? false
    , bypassCache ? false
    , reconstructLock ? false
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
    , ... }@args:
    let
      extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ];
    in
      stdenv.mkDerivation ({
        name = "node-dependencies-${name}-${version}";
        buildInputs = [ tarWrapper python nodejs ]
          ++ lib.optional (stdenv.isLinux) utillinux
          ++ lib.optional (stdenv.isDarwin) libtool
          ++ buildInputs;
        inherit dontStrip; # Stripping may fail a build for some package deployments
        inherit dontNpmInstall unpackPhase buildPhase;
        includeScript = includeDependencies { inherit dependencies; };
        pinpointDependenciesScript = pinpointDependenciesOfPackage args;
        passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
        installPhase = ''
          mkdir -p $out/${packageName}
          cd $out/${packageName}
          source $includeScriptPath
          # Create fake package.json to make the npm commands work properly
          cp ${src}/package.json .
          chmod 644 package.json
          ${lib.optionalString bypassCache ''
            if [ -f ${src}/package-lock.json ]
            then
                cp ${src}/package-lock.json .
            fi
          ''}
          # Go to the parent folder to make sure that all packages are pinpointed
          cd ..
          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
          ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
          # Expose the executables that were installed
          cd ..
          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
          mv ${packageName} lib
          ln -s $out/lib/node_modules/.bin $out/bin
        '';
      } // extraArgs);
  # Builds a development shell
  buildNodeShell =
    { name
    , packageName
    , version
    , src
    , dependencies ? []
    , buildInputs ? []
    , production ? true
    , npmFlags ? ""
    , dontNpmInstall ? false
    , bypassCache ? false
    , reconstructLock ? false
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
    , ... }@args:
    let
      nodeDependencies = buildNodeDependencies args;
    in
    stdenv.mkDerivation {
      name = "node-shell-${name}-${version}";
      buildInputs = [ python nodejs ] ++ lib.optional (stdenv.isLinux) utillinux ++ buildInputs;
      buildCommand = ''
        mkdir -p $out/bin
        cat > $out/bin/shell <<EOF
        #! ${stdenv.shell} -e
        $shellHook
        exec ${stdenv.shell}
        EOF
        chmod +x $out/bin/shell
      '';
      # Provide the dependencies in a development shell through the NODE_PATH environment variable
      inherit nodeDependencies;
      shellHook = lib.optionalString (dependencies != []) ''
        export NODE_PATH=${nodeDependencies}/lib/node_modules
        export PATH="${nodeDependencies}/bin:$PATH"
      '';
    };
 in
 {
  buildNodeSourceDist = lib.makeOverridable buildNodeSourceDist;
  buildNodePackage = lib.makeOverridable buildNodePackage;
  buildNodeDependencies = lib.makeOverridable buildNodeDependencies;
  buildNodeShell = lib.makeOverridable buildNodeShell;
 }
--- a/nix/maildev/node-packages.nix
+++ b/nix/maildev/node-packages.nix
--- a/nix/maildev/node2nix.nix
+++ b/nix/maildev/node2nix.nix
@ -1,21 +0,0 @@
 # SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 # This file has been generated by node2nix 1.9.0. Do not edit!
 {pkgs ? import <nixpkgs> {
    inherit system;
  }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-14_x"}:
 let
  nodeEnv = import ./node-env.nix {
    inherit (pkgs) stdenv lib python2 runCommand writeTextFile;
    inherit pkgs nodejs;
    libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
  };
 in
 import ./node-packages.nix {
  inherit (pkgs) fetchurl nix-gitignore stdenv lib fetchgit;
  inherit nodeEnv;
 }
--- a/nix/parse-changelog.nix
+++ b/nix/parse-changelog.nix
@ -1,17 +0,0 @@
 # SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 {}: prev: final: rec {
  changelogJson = prev.runCommand "changelog.json" {
  } ''
    ln -s ${final.uniworxNodeDependencies}/lib/node_modules ./node_modules
    export PATH="${final.uniworxNodeDependencies}/bin:$PATH"
    changelog-parser ${../CHANGELOG.md} > $out
  '';
  jqChangelogJson = prev.writeShellScriptBin "jq-changelog" ''
    exec -- ${final.jq}/bin/jq $@ < ${changelogJson}
  '';
 }
--- a/nix/uniworx/backend.nix
+++ b/nix/uniworx/backend.nix
@ -1,95 +0,0 @@
 # SPDX-FileCopyrightText: 2022-2023 Gregor Kleen <gregor@kleen.consulting>, Steffen Jost <jost@cip.ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 { inputs, backendSource, gitRevision ? null, ... }: final: prev:
 with prev.lib;
 let
  haskellInputs = ["encoding" "memcached-binary" "conduit-resumablesink" "HaskellNet-SSL" "ldap-client" "serversession" "xss-sanitize" "colonnade" "minio-hs" "cryptoids" "zip-stream" "yesod" "cryptonite" "esqueleto"];
 in {
  uniworx = final.haskell-nix.stackProject {
    src = prev.stdenv.mkDerivation {
      name = "uniworx-src";
      src = backendSource;
      phases = ["unpackPhase" "patchPhase" "installPhase"];
      patchPhase = ''
        substitute stack-flake.yaml stack.yaml \
          ${concatMapStringsSep " \\\n" (pkgName: "--replace @${pkgName}@ ${inputs."${pkgName}"}") haskellInputs}
      '';
      installPhase = ''
        mkdir -p $out
        cp -pr --reflink=auto ./. $out
      '';
    };
    compiler-nix-name = "ghc8104";
    # stack-sha256 = "1n7z294ldv2rjkfj1vs3kqmnbp34m2scrmyrp5kwmga9vp86fd9z"; # produces errors gregor does not understand :(
    modules = [
      {
        packages = {
          encoding.src = inputs.encoding;
          memcached-binary.src = inputs.memcached-binary;
          conduit-resumablesink.src = inputs.conduit-resumablesink;
          HaskellNet-SSL.src = inputs.HaskellNet-SSL;
          ldap-client.src = inputs.ldap-client;
          serversession.src = "${inputs.serversession}/serversession";
          serversession-backend-acid-state.src = "${inputs.serversession}/serversession-backend-acid-state";
          xss-sanitize.src = inputs.xss-sanitize;
          colonnade.src = "${inputs.colonnade}/colonnade";
          minio-hs.src = inputs.minio-hs;
          cryptoids-class.src = "${inputs.cryptoids}/cryptoids-class";
          cryptoids-types.src = "${inputs.cryptoids}/cryptoids-types";
          cryptoids.src = "${inputs.cryptoids}/cryptoids";
          filepath-crypto.src = "${inputs.cryptoids}/filepath-crypto";
          uuid-crypto.src = "${inputs.cryptoids}/uuid-crypto";
          zip-stream.src = inputs.zip-stream;
          yesod.src = "${inputs.yesod}/yesod";
          yesod-core.src = "${inputs.yesod}/yesod-core";
          yesod-static.src = "${inputs.yesod}/yesod-static";
          yesod-persistent.src = "${inputs.yesod}/yesod-persistent";
          yesod-form.src = "${inputs.yesod}/yesod-form";
          yesod-auth.src = "${inputs.yesod}/yesod-auth";
          yesod-test.src = "${inputs.yesod}/yesod-test";
          cryptonite.src = inputs.cryptonite;
          esqueleto.src = inputs.esqueleto;
        };
      }
      {
        packages.uniworx = {
          postUnpack = ''
            ${final.xorg.lndir}/bin/lndir -silent ${prev.uniworxFrontend} $sourceRoot
            chmod a+w -R $sourceRoot
          '';
          preBuild = ''
            export TZDIR=${final.tzdata}/share/zoneinfo
            ${optionalString (gitRevision != null) ''
              export GIT_REVISION=${gitRevision}
            ''}
          '';
          components.library.build-tools = with final.pkgs; [ llvm_9 ];
          components.exes.uniworx.build-tools = with final.pkgs; [ llvm_9 ];
          components.exes.uniworxdb.build-tools = with final.pkgs; [ llvm_9 ];
          components.exes.uniworxload.build-tools = with final.pkgs; [ llvm_9 ];          
          components.tests.yesod = {
            build-tools = with final.pkgs; [ llvm_9 final.uniworx.hsPkgs.hspec-discover ];
            testWrapper =
              let
                testWrapper = prev.writeScript "test-wrapper" (import ../develop.nix { inherit prev; pkgs = final; doDevelopEnv = false; } "$@");
                testWrapperWrapped = prev.runCommand "test-wrapper" { buildInputs = [final.makeWrapper]; } ''
                  makeWrapper ${testWrapper} $out \
                    --prefix PATH : ${final.postgresql_12}/bin \
                    --prefix PATH : ${final.minio}/bin \
                    --prefix PATH : ${final.memcached}/bin
                '';
              in singleton (toString testWrapperWrapped);
          };
          components.tests.hlint.build-tools = with final.pkgs; [ llvm_9 final.uniworx.hsPkgs.hlint-test ];
        };
      }
    ];
  };
 }
--- a/nix/uniworx/default.nix
+++ b/nix/uniworx/default.nix
@ -1,10 +0,0 @@
 # SPDX-FileCopyrightText: 2022-2023 Gregor Kleen <gregor@kleen.consulting>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 { inputs, frontendSource, backendSource, gitRevision ? null }: final: prev: prev.lib.composeManyExtensions [
  (import ./node-dependencies.nix { inherit inputs; })
  (import ./well-known.nix { inherit frontendSource; })
  (import ./frontend.nix { inherit frontendSource; })
  (import ./backend.nix { inherit backendSource inputs gitRevision; })
 ] final prev
--- a/nix/uniworx/frontend.nix
+++ b/nix/uniworx/frontend.nix
@ -1,62 +0,0 @@
 # SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 { frontendSource, ... }: final: prev:
 let
  setupNodeDeps = ''
    ln -s ${final.uniworxNodeDependencies}/lib/node_modules ./node_modules
    export PATH="${final.uniworxNodeDependencies}/bin:$PATH"
  '';
 in {
  uniworxFrontend = prev.stdenv.mkDerivation {
    name = "uniworx-frontend";
    srcs = [frontendSource prev.uniworxWellKnown];
    sourceRoot = "source";
    phases = ["unpackPhase" "checkPhase" "buildPhase" "installPhase"];
    postUnpack = ''
      ${final.xorg.lndir}/bin/lndir -silent ../uniworx-well-known $sourceRoot
    '';
    preBuild = setupNodeDeps;
    buildPhase = ''
      runHook preBuild
      webpack --progress
      runHook postBuild
    '';
    preCheck = ''
      ${setupNodeDeps}
      export FONTCONFIG_FILE="${final.fontconfig.out}/etc/fonts/fonts.conf"
      export FONTCONFIG_PATH="${final.fontconfig.out}/etc/fonts/"
      export CHROME_BIN="${final.chromium}/bin/chromium-browser"
    '';
    checkPhase = ''
      runHook preCheck
      eslint frontend/src
      karma start --conf karma.conf.js
      runHook postCheck
    '';
    installPhase = ''
      mkdir -p $out $out/config
      cp -r --reflink=auto well-known static $out
      cp -r --reflink=auto config/webpack.yml $out/config
    '';
    passthru.check = final.uniworxFrontend.overrideAttrs (oldAttrs: {
      name = "${oldAttrs.name}-check";
      phases = ["unpackPhase" "buildPhase"];
      buildPhase = ''
        mkdir $out
        ( ${oldAttrs.checkPhase} ) | tee $out/test-stdout
      '';
    });
  };
 }
--- a/nix/uniworx/node-dependencies.nix
+++ b/nix/uniworx/node-dependencies.nix
@ -1,7 +0,0 @@
 # SPDX-FileCopyrightText: 2022-2023 Gregor Kleen <gregor@kleen.consulting>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 { ... }: final: prev: {
  uniworxNodeDependencies = (prev.callPackage ../frontend {}).nodeDependencies;
 }
--- a/nix/uniworx/well-known.nix
+++ b/nix/uniworx/well-known.nix
@ -1,26 +0,0 @@
 # SPDX-FileCopyrightText: 2022-2023 Gregor Kleen <gregor@kleen.consulting>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 { frontendSource, ... }: final: prev: {
  uniworxWellKnown = prev.stdenv.mkDerivation {
    name = "uniworx-well-known";
    src = frontendSource;
    phases = ["unpackPhase" "buildPhase" "installPhase" "fixupPhase"];
    buildPhase = ''
      ln -s ${final.uniworxNodeDependencies}/lib/node_modules ./node_modules
      export PATH="${final.uniworxNodeDependencies}/bin:${prev.exiftool}/bin:$PATH"
      webpack --progress
    '';
    installPhase = ''
      mkdir -p $out
      cp -r --reflink=auto well-known $out/.nix-well-known
    '';
    outputHashMode = "recursive";
    outputHash = "sha256-18MfdmJX3q826Q4p2F3SnwS2fCjLN0LUpIV/jqUPH4I==";
  };
 }
		`@ -1,3 +0,0 @@`
			`SPDX-FileCopyrightText: 2022-2023 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>`

			`SPDX-License-Identifier: AGPL-3.0-or-later`
		`@ -1,3 +0,0 @@`
			`SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>`

			`SPDX-License-Identifier: AGPL-3.0-or-later`