From 3c98add987b9793cc4a2813590ee398b6b1b4c2f Mon Sep 17 00:00:00 2001 From: Sarah Vaupel Date: Thu, 16 Feb 2023 10:27:43 +0000 Subject: [PATCH] chore(nix): update shell.nix and flake.nix for pinned nixpkgs --- flake.nix | 151 +++++----------------------------- shell.nix | 242 ++++++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 239 insertions(+), 154 deletions(-) diff --git a/flake.nix b/flake.nix index e8c0da651..8f1d9f7e2 100644 --- a/flake.nix +++ b/flake.nix @@ -1,145 +1,36 @@ -# SPDX-FileCopyrightText: 2022 Gregor Kleen ,Steffen Jost +# SPDX-FileCopyrightText: 2022 Gregor Kleen # # SPDX-License-Identifier: AGPL-3.0-or-later { - inputs.haskell-nix.url = "github:input-output-hk/haskell.nix"; - inputs.nixpkgs.follows = "haskell-nix/nixpkgs-unstable"; - inputs.flake-utils.follows = "haskell-nix/flake-utils"; - - inputs.docker-nixpkgs = { - url = "github:nix-community/docker-nixpkgs"; - flake = false; + inputs = { + nixpkgs = { + type = "github"; + owner = "NixOS"; + repo = "nixpkgs"; + ref = "master"; + }; + flake-utils = { + type = "github"; + owner = "numtide"; + repo = "flake-utils"; + ref = "master"; + }; }; - inputs.encoding = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/encoding.git?ref=uni2work"; - flake = false; - }; - inputs.memcached-binary = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/memcached-binary.git?ref=uni2work"; - flake = false; - }; - inputs.conduit-resumablesink = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/conduit-resumablesink.git?ref=uni2work"; - flake = false; - }; - inputs.HaskellNet-SSL = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/HaskellNet-SSL.git?ref=uni2work"; - flake = false; - }; - inputs.ldap-client = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/ldap-client.git?ref=uni2work"; - flake = false; - }; - inputs.serversession = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/serversession.git?ref=uni2work"; - flake = false; - }; - inputs.xss-sanitize = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/xss-sanitize.git?ref=uni2work"; - flake = false; - }; - inputs.colonnade = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/colonnade.git?ref=uni2work"; - flake = false; - }; - inputs.minio-hs = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/minio-hs.git?ref=uni2work"; - flake = false; - }; - inputs.cryptoids = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/cryptoids.git?ref=uni2work"; - flake = false; - }; - inputs.zip-stream = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/zip-stream.git?ref=uni2work"; - flake = false; - }; - inputs.yesod = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/yesod.git?ref=uni2work"; - flake = false; - }; - inputs.cryptonite = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/cryptonite.git?ref=uni2work"; - flake = false; - }; - inputs.esqueleto = { - url = "git+https://gitlab.ifi.lmu.de/uni2work/haskell/esqueleto.git?ref=uni2work"; - flake = false; - }; - - inputs.fontawesome-token = { - url = "path:/etc/fontawesome-token"; - flake = false; - }; - - outputs = inputs@{ self, nixpkgs, flake-utils, haskell-nix, docker-nixpkgs, ... }: flake-utils.lib.eachSystem ["x86_64-linux"] + outputs = { self, nixpkgs, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system: - let frontendSource = pkgs.lib.sourceByRegex ./. [ - "^(assets|frontend)(/.*)?$" - "^config(/(favicon\.json|robots\.txt))?$" - "^(webpack|postcss)\.config\.js$" - "^karma\.conf\.js$" - "^(package|jsconfig|\.eslintrc)\.json$" - "^\.babelrc$" - ]; - backendSource = pkgs.lib.sourceByRegex ./. [ - "^(\.hlint|package|stack-flake)\.yaml$" - "^stack\.yaml\.lock$" - "^(assets|app|hlint|load|messages|models|src|templates|test|testdata)(/.*)?$" - "^config(/(archive-types|mimetypes|personalised-sheet-files-collate|settings\.yml|submission-blacklist|test-settings\.yml|video-types|wordlist\.txt))?$" - "^routes$" - "^testdata(/.*)?$" - ]; - - pkgs = import nixpkgs { - inherit system overlays; + let pkgs = import nixpkgs { + inherit system; config.allowUnfree = true; }; - overlays = [ - # remove once https://github.com/NixOS/nix/pull/5266 has landed in nixpkgs used here (see flake.lock) - (import ./nix/aws-patch.nix) - # end remove + overlay = import ./nix/maildev; - (import "${docker-nixpkgs}/overlay.nix") - - (import ./nix/maildev) - haskell-nix.overlay - (import ./nix/uniworx { inherit inputs frontendSource backendSource; }) - (import ./nix/docker { inherit self; }) - (import ./nix/parse-changelog.nix {}) - ]; - haskellFlake = pkgs.uniworx.flake {}; - - mkPushDocker = imageName: dockerImage: pkgs.writeScriptBin "push-${dockerImage.imageName}" '' - #!${pkgs.zsh}/bin/zsh -xe - - target=''${1-docker://registry.gitlab.com/fradrive/fradrive/${imageName}:${dockerImage.imageTag}} - [[ -n "''${1}" ]] && shift - ${pkgs.skopeo}/bin/skopeo ''${@} --insecure-policy copy docker-archive://${dockerImage} ''${target} - ''; + inherit (pkgs.lib) recursiveUpdate; in { - packages = haskellFlake.packages // { - inherit (pkgs) uniworxNodeDependencies uniworxWellKnown uniworxFrontend uniworxDemoDocker uniworxDocker ciDocker changelogJson; - }; - apps = haskellFlake.apps // { - pushUniworxDemoDocker = flake-utils.lib.mkApp { drv = mkPushDocker "uniworx-demo" pkgs.uniworxDemoDocker; }; - pushUniworxDocker = flake-utils.lib.mkApp { drv = mkPushDocker "uniworx" pkgs.uniworxDocker; }; - pushCIDocker = flake-utils.lib.mkApp { drv = mkPushDocker "nix-unstable" pkgs.ciDocker; }; - calculateMaterializedSha = flake-utils.lib.mkApp { drv = pkgs.uniworx.stack-nix.passthru.calculateMaterializedSha; exePath = ""; }; - jqChangelogJson = flake-utils.lib.mkApp { drv = pkgs.jqChangelogJson; }; - }; - checks = haskellFlake.checks // { - uniworxFrontend = pkgs.uniworxFrontend.check; - }; - - devShell = import ./shell.nix { inherit pkgs; }; + devShell = import ./shell.nix { pkgs = self.legacyPackages.${system}; nixpkgsPath = nixpkgs; }; - legacyPackages = pkgs; - - defaultPackage = self.packages.${system}."uniworx:exe:uniworx"; - defaultApp = self.apps.${system}."uniworx:exe:uniworx"; + legacyPackages = recursiveUpdate (overlay self.legacyPackages.${system} pkgs) pkgs; } ); } diff --git a/shell.nix b/shell.nix index 80b80297b..1caa1e8da 100644 --- a/shell.nix +++ b/shell.nix @@ -1,27 +1,217 @@ -# SPDX-FileCopyrightText: 2022 Gregor Kleen ,Sarah Vaupel ,Steffen Jost +# SPDX-FileCopyrightText: 2022 Gregor Kleen ,Sarah Vaupel # # SPDX-License-Identifier: AGPL-3.0-or-later -{ pkgs ? (import ./nixpkgs.nix {}).pkgs }: +{ pkgs ? (import ./nixpkgs.nix {}).pkgs, nixpkgsPath ? null }: let inherit (pkgs.lib) optionalString; haskellPackages = pkgs.haskellPackages; - develop = pkgs.writeScriptBin "develop" (import ./nix/develop.nix { inherit pkgs; } '' - if [ -x .develop.cmd ]; then - ./.develop.cmd - else - if [ -n "$ZSH_VERSION" ]; then - autoload -U +X compinit && compinit - autoload -U +X bashcompinit && bashcompinit - fi - eval "$(stack --bash-completion-script stack)" + postgresSchema = pkgs.writeText "schema.sql" '' + CREATE USER uniworx WITH SUPERUSER; + CREATE DATABASE uniworx_test; + GRANT ALL ON DATABASE uniworx_test TO uniworx; + CREATE DATABASE uniworx; + GRANT ALL ON DATABASE uniworx TO uniworx; + ''; - $(getent passwd $USER | cut -d: -f 7) + postgresHba = pkgs.writeText "hba_file" '' + local all all trust + ''; + + develop = pkgs.writeScriptBin "develop" '' + #!${pkgs.zsh}/bin/zsh -e + + basePath=$(pwd) + exec 4<>''${basePath}/.develop.env + + flockRes= + set +e + ${pkgs.util-linux}/bin/flock -en 4; flockRes=$? + set -e + if [[ ''${flockRes} -ne 0 ]]; then + echo "Could not take exclusive lock; is another develop running?" >&2 + exit ''${flockRes} fi - ''); + + cleanup() { + set +e -x + type cleanup_postgres &>/dev/null && cleanup_postgres + type cleanup_widget_memcached &>/dev/null && cleanup_widget_memcached + type cleanup_session_memcached &>/dev/null && cleanup_session_memcached + type cleanup_cache_memcached &>/dev/null && cleanup_cache_memcached + type cleanup_minio &>/dev/null && cleanup_minio + type cleanup_maildev &>/dev/null && cleanup_maildev + + [ -f "''${basePath}/.develop.env" ] && rm -vf "''${basePath}/.develop.env" + set +x + } + + trap cleanup EXIT + + export PORT_OFFSET=$(((16#$(sha256sum <<<"$(hostname -f):''${basePath}" | head -c 16)) % 1000)) + + if [[ -z "$PGHOST" ]]; then + set -xe + + pgDir=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} postgresql.XXXXXX) + pgSockDir=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} postgresql.sock.XXXXXX) + pgLogFile=$(mktemp --tmpdir=''${XDG_RUNTIME_DIR} postgresql.XXXXXX.log) + initdb --no-locale -D ''${pgDir} + pg_ctl start -D ''${pgDir} -l ''${pgLogFile} -w -o "-k ''${pgSockDir} -c listen_addresses=''' -c hba_file='${postgresHba}' -c unix_socket_permissions=0700 -c max_connections=9990 -c shared_preload_libraries=pg_stat_statements -c session_preload_libraries=auto_explain -c auto_explain.log_min_duration=100ms" + psql -h ''${pgSockDir} -f ${postgresSchema} postgres + printf "Postgres logfile is %s\nPostgres socket directory is %s\n" ''${pgLogFile} ''${pgSockDir} + + export PGHOST=''${pgSockDir} + export PGLOG=''${pgLogFile} + + cleanup_postgres() { + set +e -x + pg_ctl stop -D ''${pgDir} + rm -rvf ''${pgDir} ''${pgSockDir} ''${pgLogFile} + set +x + } + + set +xe + fi + + if [[ -z "$WIDGET_MEMCACHED_HOST" ]]; then + set -xe + + memcached -l localhost -p $(($PORT_OFFSET + 11211)) &>/dev/null & + widget_memcached_pid=$! + + export WIDGET_MEMCACHED_HOST=localhost + export WIDGET_MEMCACHED_PORT=$(($PORT_OFFSET + 11211)) + + cleanup_widget_memcached() { + [[ -n "$widget_memcached_pid" ]] && kill $widget_memcached_pid + } + + set +xe + fi + + if [[ -z "$SESSION_MEMCACHED_HOST" ]]; then + set -xe + + memcached -l localhost -p $(($PORT_OFFSET + 11212)) &>/dev/null & + session_memcached_pid=$! + + export SESSION_MEMCACHED_HOST=localhost + export SESSION_MEMCACHED_PORT=$(($PORT_OFFSET + 11212)) + + cleanup_session_memcached() { + [[ -n "$session_memcached_pid" ]] && kill $session_memcached_pid + } + + set +xe + fi + + if [[ -z "$MEMCACHED_HOST" ]]; then + set -xe + + memcached -l localhost -p $(($PORT_OFFSET + 11213)) &>/dev/null & + memcached_pid=$! + + export MEMCACHED_HOST=localhost + export MEMCACHED_PORT=$(($PORT_OFFSET + 11212)) + + cleanup_session_memcached() { + [[ -n "$memcached_pid" ]] && kill $memcached_pid + } + + set +xe + fi + + if [[ -z "$UPLOAD_S3_HOST" ]]; then + set -xe + + cleanup_minio() { + [[ -n "$minio_pid" ]] && kill $minio_pid + [[ -n "''${MINIO_DIR}" ]] && rm -rvf ''${MINIO_DIR} + [[ -n "''${MINIO_LOGFILE}" ]] && rm -rvf ''${MINIO_LOGFILE} + } + + export MINIO_DIR=$(mktemp -d --tmpdir=''${XDG_RUNTIME_DIR} minio.XXXXXX) + export MINIO_LOGFILE=$(mktemp --tmpdir=''${XDG_RUNTIME_DIR} minio.XXXXXX.log) + export MINIO_ACCESS_KEY=$(${pkgs.pwgen}/bin/pwgen -s 16 1) + export MINIO_SECRET_KEY=$(${pkgs.pwgen}/bin/pwgen -s 32 1) + + minio server --address localhost:$(($PORT_OFFSET + 9000)) ''${MINIO_DIR} &>''${MINIO_LOGFILE} & + minio_pid=$! + + export UPLOAD_S3_HOST=localhost + export UPLOAD_S3_PORT=$(($PORT_OFFSET + 9000)) + export UPLOAD_S3_SSL=false + export UPLOAD_S3_KEY_ID=''${MINIO_ACCESS_KEY} + export UPLOAD_S3_KEY=''${MINIO_SECRET_KEY} + + sleep 1 + + set +xe + fi + + ${optionalString (pkgs.nodePackages ? "maildev") '' + if [[ -z "$SMTPHOST" ]]; then + set -xe + + cleanup_maildev() { + [[ -n "$maildev_pid" ]] && kill $maildev_pid + } + + TMPDIR=''${XDG_RUNTIME_DIR} ${pkgs.nodePackages.maildev}/bin/maildev --smtp $(($PORT_OFFSET + 1025)) --web $(($PORT_OFFSET + 8080)) --ip localhost --web-ip localhost &>/dev/null & + maildev_pid=$! + + export SMTPHOST=localhost + export SMTPPORT=$(($PORT_OFFSET + 1025)) + export SMTPSSL=none + + set +xe + fi + ''} + + set -xe + + cat >&4 <