studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Format all nix files with new nixfmt

Browse Source
This commit is contained in:
Vladislav Grechannik
2026-01-30 01:04:33 +01:00
committed by June Strawberry
parent dbc208d5d9
commit f2a15fda34
7 changed files with 819 additions and 728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
default.nix
View File

@@ -1,10 +1,11 @@
(import
(
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
fetchTarball {
url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
)
{ src = ./.; }
).defaultNix
(import (
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
in
fetchTarball {
url =
lock.nodes.flake-compat.locked.url
or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
sha256 = lock.nodes.flake-compat.locked.narHash;
}
) { src = ./.; }).defaultNix

923
flake.nix
View File

File diff suppressed because it is too large Load Diff

11
nix/pkgs/book/default.nix
View File

@@ -1,9 +1,10 @@
{ inputs
{
inputs,
# Dependencies
, main
, mdbook
, stdenv
# Dependencies
main,
mdbook,
stdenv,
}:
stdenv.mkDerivation {

72
nix/pkgs/complement/default.nix
View File

@@ -1,13 +1,14 @@
# Dependencies
{ bashInteractive
, buildEnv
, coreutils
, dockerTools
, lib
, main
, stdenv
, tini
, writeShellScriptBin
{
bashInteractive,
buildEnv,
coreutils,
dockerTools,
lib,
main,
stdenv,
tini,
writeShellScriptBin,
}:
let
@@ -16,24 +17,24 @@ let
all_features = true;
disable_release_max_log_level = true;
disable_features = [
# console/CLI stuff isn't used or relevant for complement
"console"
"tokio_console"
# sentry telemetry isn't useful for complement, disabled by default anyways
"sentry_telemetry"
"perf_measurements"
# this is non-functional on nix for some reason
"hardened_malloc"
# dont include experimental features
"experimental"
# compression isn't needed for complement
"brotli_compression"
"gzip_compression"
"zstd_compression"
# complement doesn't need hot reloading
"tuwunel_mods"
# complement doesn't have URL preview media tests
"url_preview"
# console/CLI stuff isn't used or relevant for complement
"console"
"tokio_console"
# sentry telemetry isn't useful for complement, disabled by default anyways
"sentry_telemetry"
"perf_measurements"
# this is non-functional on nix for some reason
"hardened_malloc"
# dont include experimental features
"experimental"
# compression isn't needed for complement
"brotli_compression"
"gzip_compression"
"zstd_compression"
# complement doesn't need hot reloading
"tuwunel_mods"
# complement doesn't have URL preview media tests
"url_preview"
];
};
@@ -68,11 +69,18 @@ dockerTools.buildImage {
"${lib.getExe start}"
];
Entrypoint = if !stdenv.hostPlatform.isDarwin
Entrypoint =
if
!stdenv.hostPlatform.isDarwin
# Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
# are handled as expected
then [ "${lib.getExe' tini "tini"}" "--" ]
else [];
then
[
"${lib.getExe' tini "tini"}"
"--"
]
else
[ ];
Env = [
"TUWUNEL_TLS__KEY=${./private_key.key}"
@@ -82,8 +90,8 @@ dockerTools.buildImage {
];
ExposedPorts = {
"8008/tcp" = {};
"8448/tcp" = {};
"8008/tcp" = { };
"8448/tcp" = { };
};
};
}

85
nix/pkgs/main/cross-compilation-env.nix
View File

@@ -1,38 +1,35 @@
{ lib
, pkgsBuildHost
, rust
, stdenv
{
lib,
pkgsBuildHost,
rust,
stdenv,
}:
lib.optionalAttrs stdenv.hostPlatform.isStatic {
ROCKSDB_STATIC = "";
}
//
{
CARGO_BUILD_RUSTFLAGS =
lib.concatStringsSep
" "
([]
# This disables PIE for static builds, which isn't great in terms
# of security. Unfortunately, my hand is forced because nixpkgs'
# `libstdc++.a` is built without `-fPIE`, which precludes us from
# leaving PIE enabled.
++ lib.optionals
stdenv.hostPlatform.isStatic
[ "-C" "relocation-model=static" ]
++ lib.optionals
(stdenv.buildPlatform.config != stdenv.hostPlatform.config)
[
"-l"
"c"
// {
CARGO_BUILD_RUSTFLAGS = lib.concatStringsSep " " (
[ ]
# This disables PIE for static builds, which isn't great in terms
# of security. Unfortunately, my hand is forced because nixpkgs'
# `libstdc++.a` is built without `-fPIE`, which precludes us from
# leaving PIE enabled.
++ lib.optionals stdenv.hostPlatform.isStatic [
"-C"
"relocation-model=static"
]
++ lib.optionals (stdenv.buildPlatform.config != stdenv.hostPlatform.config) [
"-l"
"c"
"-l"
"stdc++"
"-l"
"stdc++"
"-L"
"${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib"
]
);
"-L"
"${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib"
]
);
}
# What follows is stolen from [here][0]. Its purpose is to properly
@@ -41,26 +38,21 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
# run on the build platform (I think).
#
# [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68
//
(
// (
let
inherit (rust.lib) envVars;
in
lib.optionalAttrs
(stdenv.targetPlatform.rust.rustcTarget
!= stdenv.hostPlatform.rust.rustcTarget)
(
let
inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget;
in
{
"CC_${cargoEnvVarTarget}" = envVars.ccForTarget;
"CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget;
"CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForTarget;
}
)
//
(
lib.optionalAttrs (stdenv.targetPlatform.rust.rustcTarget != stdenv.hostPlatform.rust.rustcTarget) (
let
inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget;
in
{
"CC_${cargoEnvVarTarget}" = envVars.ccForTarget;
"CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget;
"CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForTarget;
}
)
// (
let
inherit (stdenv.hostPlatform.rust) cargoEnvVarTarget rustcTarget;
in
@@ -71,8 +63,7 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic {
CARGO_BUILD_TARGET = rustcTarget;
}
)
//
(
// (
let
inherit (stdenv.buildPlatform.rust) cargoEnvVarTarget;
in

402
nix/pkgs/main/default.nix
View File

@@ -1,177 +1,203 @@
# Dependencies (keep sorted)
{ craneLib
, inputs
, jq
, lib
, libiconv
, liburing
, pkgsBuildHost
, rocksdb
, removeReferencesTo
, rust
, autoPatchelfHook
, rust-jemalloc-sys-unprefixed
, stdenv
{
craneLib,
inputs,
jq,
lib,
libiconv,
liburing,
pkgsBuildHost,
rocksdb,
removeReferencesTo,
rust,
autoPatchelfHook,
rust-jemalloc-sys-unprefixed,
stdenv,
# Options (keep sorted)
, all_features ? false
, default_features ? true
# default list of disabled features
, disable_features ? [
# dont include experimental features
"experimental"
# jemalloc profiling/stats features are expensive and shouldn't
# be expected on non-debug builds.
"jemalloc_prof"
"jemalloc_stats"
# tuwunel_mods is a development-only hot reload feature
"tuwunel_mods"
]
, disable_release_max_log_level ? false
, features ? []
, profile ? "release"
# rocksdb compiled with -march=haswell and target-cpu=haswell rustflag
# haswell is pretty much any x86 cpu made in the last 12 years, and
# supports modern CPU extensions that rocksdb can make use of.
# disable if trying to make a portable x86_64 build for very old hardware
, x86_64_haswell_target_optimised ? false
# Options (keep sorted)
all_features ? false,
default_features ? true,
# default list of disabled features
disable_features ? [
# dont include experimental features
"experimental"
# jemalloc profiling/stats features are expensive and shouldn't
# be expected on non-debug builds.
"jemalloc_prof"
"jemalloc_stats"
# tuwunel_mods is a development-only hot reload feature
"tuwunel_mods"
],
disable_release_max_log_level ? false,
features ? [ ],
profile ? "release",
# rocksdb compiled with -march=haswell and target-cpu=haswell rustflag
# haswell is pretty much any x86 cpu made in the last 12 years, and
# supports modern CPU extensions that rocksdb can make use of.
# disable if trying to make a portable x86_64 build for very old hardware
x86_64_haswell_target_optimised ? false,
}:
let
# We perform default-feature unification in nix, because some of the dependencies
# on the nix side depend on feature values.
crateFeatures = path:
let manifest = lib.importTOML "${path}/Cargo.toml"; in
lib.remove "default" (lib.attrNames manifest.features);
crateDefaultFeatures = path:
(lib.importTOML "${path}/Cargo.toml").features.default;
allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main";
allFeatures = crateFeatures "${inputs.self}/src/main";
features' = lib.unique
(features ++
lib.optionals default_features allDefaultFeatures ++
lib.optionals all_features allFeatures);
disable_features' = disable_features ++ lib.optionals disable_release_max_log_level ["release_max_log_level"];
features'' = lib.subtractLists disable_features' features';
# We perform default-feature unification in nix, because some of the dependencies
# on the nix side depend on feature values.
crateFeatures =
path:
let
manifest = lib.importTOML "${path}/Cargo.toml";
in
lib.remove "default" (lib.attrNames manifest.features);
crateDefaultFeatures = path: (lib.importTOML "${path}/Cargo.toml").features.default;
allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main";
allFeatures = crateFeatures "${inputs.self}/src/main";
features' = lib.unique (
features
++ lib.optionals default_features allDefaultFeatures
++ lib.optionals all_features allFeatures
);
disable_features' =
disable_features ++ lib.optionals disable_release_max_log_level [ "release_max_log_level" ];
features'' = lib.subtractLists disable_features' features';
featureEnabled = feature : builtins.elem feature features'';
featureEnabled = feature: builtins.elem feature features'';
enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin;
enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin;
# This derivation will set the JEMALLOC_OVERRIDE variable, causing the
# tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's
# own. In order for this to work, we need to set flags on the build that match
# whatever flags tikv-jemalloc-sys was going to use. These are dependent on
# which features we enable in tikv-jemalloc-sys.
rust-jemalloc-sys' =
# tikv-jemalloc-sys/unprefixed_malloc_on_supported_platforms feature
rust-jemalloc-sys-unprefixed
.overrideAttrs (old: { configureFlags = old.configureFlags ++
# we dont need docs
[ "--disable-doc" ] ++
# we dont need cxx/C++ integration
[ "--disable-cxx" ] ++
# tikv-jemalloc-sys/profiling feature
lib.optional (featureEnabled "jemalloc_prof") "--enable-prof" ++
# tikv-jemalloc-sys/stats feature
(if (featureEnabled "jemalloc_stats") then [ "--enable-stats" ] else [ "--disable-stats" ]);
});
# This derivation will set the JEMALLOC_OVERRIDE variable, causing the
# tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's
# own. In order for this to work, we need to set flags on the build that match
# whatever flags tikv-jemalloc-sys was going to use. These are dependent on
# which features we enable in tikv-jemalloc-sys.
rust-jemalloc-sys' =
# tikv-jemalloc-sys/unprefixed_malloc_on_supported_platforms feature
rust-jemalloc-sys-unprefixed.overrideAttrs (old: {
configureFlags =
old.configureFlags
++
# we dont need docs
[ "--disable-doc" ]
++
# we dont need cxx/C++ integration
[ "--disable-cxx" ]
++
# tikv-jemalloc-sys/profiling feature
lib.optional (featureEnabled "jemalloc_prof") "--enable-prof"
++
# tikv-jemalloc-sys/stats feature
(if (featureEnabled "jemalloc_stats") then [ "--enable-stats" ] else [ "--disable-stats" ]);
});
rocksdb' = (rocksdb.override {
jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys';
# rocksdb fails to build with prefixed jemalloc, which is required on
# darwin due to [1]. In this case, fall back to building rocksdb with
# libc malloc. This should not cause conflicts, because all of the
# jemalloc symbols are prefixed.
#
# [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17
enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin;
rocksdb' =
(rocksdb.override {
jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys';
# rocksdb fails to build with prefixed jemalloc, which is required on
# darwin due to [1]. In this case, fall back to building rocksdb with
# libc malloc. This should not cause conflicts, because all of the
# jemalloc symbols are prefixed.
#
# [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17
enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin;
# for some reason enableLiburing in nixpkgs rocksdb is default true
# which breaks Darwin entirely
enableLiburing = enableLiburing;
}).overrideAttrs (old: {
enableLiburing = enableLiburing;
cmakeFlags = (if x86_64_haswell_target_optimised then (lib.subtractLists [
# dont make a portable build if x86_64_haswell_target_optimised is enabled
"-DPORTABLE=1"
] old.cmakeFlags
++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ])
)
++ old.cmakeFlags;
# for some reason enableLiburing in nixpkgs rocksdb is default true
# which breaks Darwin entirely
enableLiburing = enableLiburing;
}).overrideAttrs
(old: {
enableLiburing = enableLiburing;
cmakeFlags =
(
if x86_64_haswell_target_optimised then
(
lib.subtractLists [
# dont make a portable build if x86_64_haswell_target_optimised is enabled
"-DPORTABLE=1"
] old.cmakeFlags
++ [ "-DPORTABLE=haswell" ]
)
else
([ "-DPORTABLE=1" ])
)
++ old.cmakeFlags;
# outputs has "tools" which we dont need or use
outputs = [ "out" ];
# outputs has "tools" which we dont need or use
outputs = [ "out" ];
# preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
preInstall = "";
});
# preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
preInstall = "";
});
buildDepsOnlyEnv = {
# https://crane.dev/faq/rebuilds-bindgen.html
NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
buildDepsOnlyEnv = {
# https://crane.dev/faq/rebuilds-bindgen.html
NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa";
CARGO_PROFILE = profile;
ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include";
ROCKSDB_LIB_DIR = "${rocksdb'}/lib";
CARGO_PROFILE = profile;
ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include";
ROCKSDB_LIB_DIR = "${rocksdb'}/lib";
}
//
(import ./cross-compilation-env.nix {
// (import ./cross-compilation-env.nix {
# Keep sorted
inherit
lib
pkgsBuildHost
rust
stdenv;
stdenv
;
});
buildPackageEnv = {
TUWUNEL_VERSION_EXTRA = inputs.self.shortRev or inputs.self.dirtyShortRev or "";
TUWUNEL_DATABASE_PATH = "/var/tmp/tuwunel.db";
} // buildDepsOnlyEnv // {
# Only needed in static stdenv because these are transitive dependencies of rocksdb
CARGO_BUILD_RUSTFLAGS = buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS
+ lib.optionalString (enableLiburing && stdenv.hostPlatform.isStatic)
" -L${lib.getLib liburing}/lib -luring"
+ lib.optionalString x86_64_haswell_target_optimised
" -Ctarget-cpu=haswell";
};
buildPackageEnv = {
TUWUNEL_VERSION_EXTRA = inputs.self.shortRev or inputs.self.dirtyShortRev or "";
TUWUNEL_DATABASE_PATH = "/var/tmp/tuwunel.db";
}
// buildDepsOnlyEnv
// {
# Only needed in static stdenv because these are transitive dependencies of rocksdb
CARGO_BUILD_RUSTFLAGS =
buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS
+ lib.optionalString (
enableLiburing && stdenv.hostPlatform.isStatic
) " -L${lib.getLib liburing}/lib -luring"
+ lib.optionalString x86_64_haswell_target_optimised " -Ctarget-cpu=haswell";
};
commonAttrs = {
inherit
(craneLib.crateNameFromCargoToml {
cargoToml = "${inputs.self}/Cargo.toml";
})
pname
version
;
src =
let
filter = inputs.nix-filter.lib;
in
filter {
root = inputs.self;
commonAttrs = {
inherit
(craneLib.crateNameFromCargoToml {
cargoToml = "${inputs.self}/Cargo.toml";
})
pname
version;
src = let filter = inputs.nix-filter.lib; in filter {
root = inputs.self;
# Keep sorted
include = [
".cargo"
"Cargo.lock"
"Cargo.toml"
"src"
];
};
# Keep sorted
include = [
".cargo"
"Cargo.lock"
"Cargo.toml"
"src"
];
};
doCheck = true;
cargoExtraArgs = "--no-default-features --locked "
+ lib.optionalString
(features'' != [])
"--features " + (builtins.concatStringsSep "," features'');
cargoExtraArgs =
"--no-default-features --locked "
+ lib.optionalString (features'' != [ ]) "--features "
+ (builtins.concatStringsSep "," features'');
dontStrip = profile == "dev" || profile == "test";
dontPatchELF = profile == "dev" || profile == "test";
buildInputs = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys-unprefixed
# needed to build Rust applications on macOS
++ lib.optionals stdenv.hostPlatform.isDarwin [
buildInputs =
lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys-unprefixed
# needed to build Rust applications on macOS
++ lib.optionals stdenv.hostPlatform.isDarwin [
# https://github.com/NixOS/nixpkgs/issues/206242
# ld: library not found for -liconv
libiconv
@@ -188,56 +214,62 @@ commonAttrs = {
# differing values for `NIX_CFLAGS_COMPILE`, which contributes to spurious
# rebuilds of bindgen and its depedents.
jq
];
};
];
};
in
craneLib.buildPackage ( commonAttrs // rec {
cargoArtifacts = craneLib.buildDepsOnly (commonAttrs // {
env = buildDepsOnlyEnv;
});
craneLib.buildPackage (
commonAttrs
// rec {
cargoArtifacts = craneLib.buildDepsOnly (
commonAttrs
// {
env = buildDepsOnlyEnv;
}
);
# Adds runpath settings to the resulting binary
buildInputs = (commonAttrs.buildInputs or []) ++ [
rocksdb'
];
nativeBuildInputs = (commonAttrs.nativeBuildInputs or []) ++ [
autoPatchelfHook
];
# This is needed for tests to link
LD_LIBRARY_PATH = lib.makeLibraryPath buildInputs;
# Adds runpath settings to the resulting binary
buildInputs = (commonAttrs.buildInputs or [ ]) ++ [
rocksdb'
];
nativeBuildInputs = (commonAttrs.nativeBuildInputs or [ ]) ++ [
autoPatchelfHook
];
# This is needed for tests to link
LD_LIBRARY_PATH = lib.makeLibraryPath buildInputs;
nativeCheckInputs = [
pkgsBuildHost.libredirect.hook
];
nativeCheckInputs = [
pkgsBuildHost.libredirect.hook
];
preCheck =
let
fakeResolvConf = pkgsBuildHost.writeTextFile {
name = "resolv.conf";
text = ''
nameserver 0.0.0.0
'';
};
in
''
export NIX_REDIRECTS="/etc/resolv.conf=${fakeResolvConf}"
export TUWUNEL_DATABASE_PATH="$(mktemp -d)/smoketest.db"
'';
doCheck = true;
preCheck =
let
fakeResolvConf = pkgsBuildHost.writeTextFile {
name = "resolv.conf";
text = ''
nameserver 0.0.0.0
'';
};
in
''
export NIX_REDIRECTS="/etc/resolv.conf=${fakeResolvConf}"
export TUWUNEL_DATABASE_PATH="$(mktemp -d)/smoketest.db"
'';
doCheck = true;
doBenchmark = false;
doBenchmark = false;
cargoExtraArgs = "--no-default-features --locked "
+ lib.optionalString
(features'' != [])
"--features " + (builtins.concatStringsSep "," features'');
cargoExtraArgs =
"--no-default-features --locked "
+ lib.optionalString (features'' != [ ]) "--features "
+ (builtins.concatStringsSep "," features'');
env = buildPackageEnv;
passthru = {
env = buildPackageEnv;
};
meta.mainProgram = commonAttrs.pname;
})
passthru = {
env = buildPackageEnv;
};
meta.mainProgram = commonAttrs.pname;
}
)

33
nix/pkgs/oci-image/default.nix
View File

@@ -1,11 +1,12 @@
{ inputs
{
inputs,
# Dependencies
, dockerTools
, lib
, main
, stdenv
, tini
# Dependencies
dockerTools,
lib,
main,
stdenv,
tini,
}:
dockerTools.buildLayeredImage {
@@ -17,11 +18,18 @@ dockerTools.buildLayeredImage {
main
];
config = {
Entrypoint = if !stdenv.hostPlatform.isDarwin
Entrypoint =
if
!stdenv.hostPlatform.isDarwin
# Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
# are handled as expected
then [ "${lib.getExe' tini "tini"}" "--" ]
else [];
then
[
"${lib.getExe' tini "tini"}"
"--"
]
else
[ ];
Cmd = [
"${lib.getExe main}"
];
@@ -29,9 +37,10 @@ dockerTools.buildLayeredImage {
"RUST_BACKTRACE=full"
];
Labels = {
"org.opencontainers.image.authors" = "June Clementine Strawberry <june@girlboss.ceo> and Jason Volk
"org.opencontainers.image.authors" =
"June Clementine Strawberry <june@girlboss.ceo> and Jason Volk
<jason@zemos.net>";
"org.opencontainers.image.created" ="@${toString inputs.self.lastModified}";
"org.opencontainers.image.created" = "@${toString inputs.self.lastModified}";
"org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust";
"org.opencontainers.image.documentation" = "https://conduwuit.puppyirl.gay/";
"org.opencontainers.image.licenses" = "Apache-2.0";