fraport/fradrive
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(nix): update shell.nix and flake.nix for pinned nixpkgs

Browse Source
This commit is contained in:
Sarah Vaupel 2023-02-16 10:27:43 +00:00
parent 315fdd8c14
commit 3c98add987
2 changed files with 239 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
flake.nix
View File

@ -1,145 +1,36 @@
# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@cip.ifi.lmu.de>
# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{
inputs.haskell-nix.url = "github:input-output-hk/haskell.nix";
inputs.nixpkgs.follows = "haskell-nix/nixpkgs-unstable";
inputs.flake-utils.follows = "haskell-nix/flake-utils";
inputs.docker-nixpkgs = {
url = "github:nix-community/docker-nixpkgs";
flake = false;
inputs = {
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "master";
};
flake-utils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "master";
};
};
inputs.encoding = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/encoding.git?ref=uni2work";
flake = false;
};
inputs.memcached-binary = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/memcached-binary.git?ref=uni2work";
flake = false;
};
inputs.conduit-resumablesink = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/conduit-resumablesink.git?ref=uni2work";
flake = false;
};
inputs.HaskellNet-SSL = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/HaskellNet-SSL.git?ref=uni2work";
flake = false;
};
inputs.ldap-client = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/ldap-client.git?ref=uni2work";
flake = false;
};
inputs.serversession = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/serversession.git?ref=uni2work";
flake = false;
};
inputs.xss-sanitize = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/xss-sanitize.git?ref=uni2work";
flake = false;
};
inputs.colonnade = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/colonnade.git?ref=uni2work";
flake = false;
};
inputs.minio-hs = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/minio-hs.git?ref=uni2work";
flake = false;
};
inputs.cryptoids = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/cryptoids.git?ref=uni2work";
flake = false;
};
inputs.zip-stream = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/zip-stream.git?ref=uni2work";
flake = false;
};
inputs.yesod = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/yesod.git?ref=uni2work";
flake = false;
};
inputs.cryptonite = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/cryptonite.git?ref=uni2work";
flake = false;
};
inputs.esqueleto = {
url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/esqueleto.git?ref=uni2work";
flake = false;
};
inputs.fontawesome-token = {
url = "path:/etc/fontawesome-token";
flake = false;
};
outputs = inputs@{ self, nixpkgs, flake-utils, haskell-nix, docker-nixpkgs, ... }: flake-utils.lib.eachSystem ["x86_64-linux"]
outputs = { self, nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem
(system:
let frontendSource = pkgs.lib.sourceByRegex ./. [
"^(assets|frontend)(/.*)?$"
"^config(/(favicon\.json|robots\.txt))?$"
"^(webpack|postcss)\.config\.js$"
"^karma\.conf\.js$"
"^(package|jsconfig|\.eslintrc)\.json$"
"^\.babelrc$"
];
backendSource = pkgs.lib.sourceByRegex ./. [
"^(\.hlint|package|stack-flake)\.yaml$"
"^stack\.yaml\.lock$"
"^(assets|app|hlint|load|messages|models|src|templates|test|testdata)(/.*)?$"
"^config(/(archive-types|mimetypes|personalised-sheet-files-collate|settings\.yml|submission-blacklist|test-settings\.yml|video-types|wordlist\.txt))?$"
"^routes$"
"^testdata(/.*)?$"
];
pkgs = import nixpkgs {
inherit system overlays;
let pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
overlays = [
# remove once https://github.com/NixOS/nix/pull/5266 has landed in nixpkgs used here (see flake.lock)
(import ./nix/aws-patch.nix)
# end remove
overlay = import ./nix/maildev;
(import "${docker-nixpkgs}/overlay.nix")
(import ./nix/maildev)
haskell-nix.overlay
(import ./nix/uniworx { inherit inputs frontendSource backendSource; })
(import ./nix/docker { inherit self; })
(import ./nix/parse-changelog.nix {})
];
haskellFlake = pkgs.uniworx.flake {};
mkPushDocker = imageName: dockerImage: pkgs.writeScriptBin "push-${dockerImage.imageName}" ''
#!${pkgs.zsh}/bin/zsh -xe
target=''${1-docker://registry.gitlab.com/fradrive/fradrive/${imageName}:${dockerImage.imageTag}}
[[ -n "''${1}" ]] && shift
${pkgs.skopeo}/bin/skopeo ''${@} --insecure-policy copy docker-archive://${dockerImage} ''${target}
'';
inherit (pkgs.lib) recursiveUpdate;
in {
packages = haskellFlake.packages // {
inherit (pkgs) uniworxNodeDependencies uniworxWellKnown uniworxFrontend uniworxDemoDocker uniworxDocker ciDocker changelogJson;
};
apps = haskellFlake.apps // {
pushUniworxDemoDocker = flake-utils.lib.mkApp { drv = mkPushDocker "uniworx-demo" pkgs.uniworxDemoDocker; };
pushUniworxDocker = flake-utils.lib.mkApp { drv = mkPushDocker "uniworx" pkgs.uniworxDocker; };
pushCIDocker = flake-utils.lib.mkApp { drv = mkPushDocker "nix-unstable" pkgs.ciDocker; };
calculateMaterializedSha = flake-utils.lib.mkApp { drv = pkgs.uniworx.stack-nix.passthru.calculateMaterializedSha; exePath = ""; };
jqChangelogJson = flake-utils.lib.mkApp { drv = pkgs.jqChangelogJson; };
};
checks = haskellFlake.checks // {
uniworxFrontend = pkgs.uniworxFrontend.check;
};
devShell = import ./shell.nix { inherit pkgs; };
devShell = import ./shell.nix { pkgs = self.legacyPackages.${system}; nixpkgsPath = nixpkgs; };
legacyPackages = pkgs;
defaultPackage = self.packages.${system}."uniworx:exe:uniworx";
defaultApp = self.apps.${system}."uniworx:exe:uniworx";
legacyPackages = recursiveUpdate (overlay self.legacyPackages.${system} pkgs) pkgs;
}
);
}

242
shell.nix
View File

@ -1,27 +1,217 @@
# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ pkgs ? (import ./nixpkgs.nix {}).pkgs }:
{ pkgs ? (import ./nixpkgs.nix {}).pkgs, nixpkgsPath ? null }:
let
inherit (pkgs.lib) optionalString;
haskellPackages = pkgs.haskellPackages;
develop = pkgs.writeScriptBin "develop" (import ./nix/develop.nix { inherit pkgs; } ''
if [ -x .develop.cmd ]; then
./.develop.cmd
else
if [ -n "$ZSH_VERSION" ]; then
autoload -U +X compinit && compinit
autoload -U +X bashcompinit && bashcompinit
fi
eval "$(stack --bash-completion-script stack)"
postgresSchema = pkgs.writeText "schema.sql" ''
CREATE USER uniworx WITH SUPERUSER;
CREATE DATABASE uniworx_test;
GRANT ALL ON DATABASE uniworx_test TO uniworx;
CREATE DATABASE uniworx;
GRANT ALL ON DATABASE uniworx TO uniworx;
'';
$(getent passwd $USER | cut -d: -f 7)
postgresHba = pkgs.writeText "hba_file" ''
local all all trust
'';
develop = pkgs.writeScriptBin "develop" ''
#!${pkgs.zsh}/bin/zsh -e
basePath=$(pwd)
exec 4<>''${basePath}/.develop.env
flockRes=
set +e
${pkgs.util-linux}/bin/flock -en 4; flockRes=$?
set -e
if [[ ''${flockRes} -ne 0 ]]; then
echo "Could not take exclusive lock; is another develop running?" >&2
exit ''${flockRes}
fi
'');
cleanup() {
set +e -x
type cleanup_postgres &>/dev/null && cleanup_postgres
type cleanup_widget_memcached &>/dev/null && cleanup_widget_memcached
type cleanup_session_memcached &>/dev/null && cleanup_session_memcached
type cleanup_cache_memcached &>/dev/null && cleanup_cache_memcached
type cleanup_minio &>/dev/null && cleanup_minio
type cleanup_maildev &>/dev/null && cleanup_maildev
[ -f "''${basePath}/.develop.env" ] && rm -vf "''${basePath}/.develop.env"
set +x
}
trap cleanup EXIT
export PORT_OFFSET=$(((16#$(sha256sum <<<"$(hostname -f):''${basePath}" | head -c 16)) % 1000))
if [[ -z "$PGHOST" ]]; then
set -xe
pgDir=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} postgresql.XXXXXX)
pgSockDir=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} postgresql.sock.XXXXXX)
pgLogFile=$(mktemp --tmpdir=''${XDG_RUNTIME_DIR} postgresql.XXXXXX.log)
initdb --no-locale -D ''${pgDir}
pg_ctl start -D ''${pgDir} -l ''${pgLogFile} -w -o "-k ''${pgSockDir} -c listen_addresses=''' -c hba_file='${postgresHba}' -c unix_socket_permissions=0700 -c max_connections=9990 -c shared_preload_libraries=pg_stat_statements -c session_preload_libraries=auto_explain -c auto_explain.log_min_duration=100ms"
psql -h ''${pgSockDir} -f ${postgresSchema} postgres
printf "Postgres logfile is %s\nPostgres socket directory is %s\n" ''${pgLogFile} ''${pgSockDir}
export PGHOST=''${pgSockDir}
export PGLOG=''${pgLogFile}
cleanup_postgres() {
set +e -x
pg_ctl stop -D ''${pgDir}
rm -rvf ''${pgDir} ''${pgSockDir} ''${pgLogFile}
set +x
}
set +xe
fi
if [[ -z "$WIDGET_MEMCACHED_HOST" ]]; then
set -xe
memcached -l localhost -p $(($PORT_OFFSET + 11211)) &>/dev/null &
widget_memcached_pid=$!
export WIDGET_MEMCACHED_HOST=localhost
export WIDGET_MEMCACHED_PORT=$(($PORT_OFFSET + 11211))
cleanup_widget_memcached() {
[[ -n "$widget_memcached_pid" ]] && kill $widget_memcached_pid
}
set +xe
fi
if [[ -z "$SESSION_MEMCACHED_HOST" ]]; then
set -xe
memcached -l localhost -p $(($PORT_OFFSET + 11212)) &>/dev/null &
session_memcached_pid=$!
export SESSION_MEMCACHED_HOST=localhost
export SESSION_MEMCACHED_PORT=$(($PORT_OFFSET + 11212))
cleanup_session_memcached() {
[[ -n "$session_memcached_pid" ]] && kill $session_memcached_pid
}
set +xe
fi
if [[ -z "$MEMCACHED_HOST" ]]; then
set -xe
memcached -l localhost -p $(($PORT_OFFSET + 11213)) &>/dev/null &
memcached_pid=$!
export MEMCACHED_HOST=localhost
export MEMCACHED_PORT=$(($PORT_OFFSET + 11212))
cleanup_session_memcached() {
[[ -n "$memcached_pid" ]] && kill $memcached_pid
}
set +xe
fi
if [[ -z "$UPLOAD_S3_HOST" ]]; then
set -xe
cleanup_minio() {
[[ -n "$minio_pid" ]] && kill $minio_pid
[[ -n "''${MINIO_DIR}" ]] && rm -rvf ''${MINIO_DIR}
[[ -n "''${MINIO_LOGFILE}" ]] && rm -rvf ''${MINIO_LOGFILE}
}
export MINIO_DIR=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} minio.XXXXXX)
export MINIO_LOGFILE=$(mktemp --tmpdir=''${XDG_RUNTIME_DIR} minio.XXXXXX.log)
export MINIO_ACCESS_KEY=$(${pkgs.pwgen}/bin/pwgen -s 16 1)
export MINIO_SECRET_KEY=$(${pkgs.pwgen}/bin/pwgen -s 32 1)
minio server --address localhost:$(($PORT_OFFSET + 9000)) ''${MINIO_DIR} &>''${MINIO_LOGFILE} &
minio_pid=$!
export UPLOAD_S3_HOST=localhost
export UPLOAD_S3_PORT=$(($PORT_OFFSET + 9000))
export UPLOAD_S3_SSL=false
export UPLOAD_S3_KEY_ID=''${MINIO_ACCESS_KEY}
export UPLOAD_S3_KEY=''${MINIO_SECRET_KEY}
sleep 1
set +xe
fi
${optionalString (pkgs.nodePackages ? "maildev") ''
if [[ -z "$SMTPHOST" ]]; then
set -xe
cleanup_maildev() {
[[ -n "$maildev_pid" ]] && kill $maildev_pid
}
TMPDIR=''${XDG_RUNTIME_DIR} ${pkgs.nodePackages.maildev}/bin/maildev --smtp $(($PORT_OFFSET + 1025)) --web $(($PORT_OFFSET + 8080)) --ip localhost --web-ip localhost &>/dev/null &
maildev_pid=$!
export SMTPHOST=localhost
export SMTPPORT=$(($PORT_OFFSET + 1025))
export SMTPSSL=none
set +xe
fi
''}
set -xe
cat >&4 <<EOF
PORT_OFFSET=''${PORT_OFFSET}
PGHOST=''${pgSockDir}
PGLOG=''${pgLogFile}
WIDGET_MEMCACHED_HOST=localhost
WIDGET_MEMCACHED_PORT=$(($PORT_OFFSET + 11211))
SESSION_MEMCACHED_HOST=localhost
SESSION_MEMCACHED_PORT=$(($PORT_OFFSET + 11212))
MEMCACHED_HOST=localhost
MEMCACHED_PORT=$(($PORT_OFFSET + 11212))
MINIO_DIR=''${MINIO_DIR}
MINIO_LOGFILE=''${MINIO_LOGFILE}
UPLOAD_S3_HOST=localhost
UPLOAD_S3_PORT=$(($PORT_OFFSET + 9000))
UPLOAD_S3_SSL=false
UPLOAD_S3_KEY_ID=''${MINIO_ACCESS_KEY}
UPLOAD_S3_KEY=''${MINIO_SECRET_KEY}
SMTPHOST=''${SMTPHOST}
SMTPPORT=''${SMTPPORT}
SMTPSSL=''${SMTPSSL}
EOF
set +xe
if [ -n "$ZSH_VERSION" ]; then
autoload -U +X compinit && compinit
autoload -U +X bashcompinit && bashcompinit
fi
eval "$(stack --bash-completion-script stack)"
$(getent passwd $USER | cut -d: -f 7)
'';
inDevelop = pkgs.writeScriptBin "in-develop" ''
#!${pkgs.zsh}/bin/zsh -e
@ -73,26 +263,30 @@ let
git diff $(cut -d '-' -f 1 <(curl -sH 'Accept: text/plain' https://uni2work.ifi.lmu.de/version))
'';
in pkgs.mkShell {
name = "uni2work";
shellHook = ''
${pkgs.lib.optionalString (nixpkgsPath != null) ''
export NIX_PATH=nixpkgs=${nixpkgsPath}
''}
'';
nativeBuildInputs = [develop inDevelop killallUni2work diffRunning]
++ (with pkgs;
[ nodejs-14_x postgresql_12 openldap google-chrome exiftool memcached minio minio-client
++ (with pkgs;
[ nodejs-14_x postgresql_12 openldap chromium exiftool memcached minio minio-client
gup skopeo reuse pre-commit
# busybox # for print services, but interferes with build commands in develop-shell
htop
pdftk #pdftk just for testing pdf-passwords
#texlive.combined.scheme-full # works
#texlive.combined.scheme-medium
pdftk # pdftk just for testing pdf-passwords
# texlive.combined.scheme-full # works
# texlive.combined.scheme-medium
# texlive.combined.scheme-small
(texlive.combine {
(tex.live.combine {
inherit (texlive) scheme-basic
babel-german babel-english booktabs textpos
enumitem eurosym koma-script parskip xcolor
# required fro LuaTeX
# required for LuaTeX
luatexbase lualatex-math unicode-math selnolig
;
})
]
)
++ (with pkgs.haskellPackages; [ stack yesod-bin hlint cabal-install weeder profiteur ]);
)
++ (with pkgs.haskellPackages; [ stack yesod-bin hlint cabal-install weeder profiteur ]);
}