From f2a15fda34978ccef9640106e3d6eb6d9fd464ac Mon Sep 17 00:00:00 2001 From: Vladislav Grechannik Date: Fri, 30 Jan 2026 01:04:33 +0100 Subject: [PATCH] Format all nix files with new nixfmt --- default.nix | 21 +- flake.nix | 923 +++++++++++++----------- nix/pkgs/book/default.nix | 11 +- nix/pkgs/complement/default.nix | 72 +- nix/pkgs/main/cross-compilation-env.nix | 85 +-- nix/pkgs/main/default.nix | 402 ++++++----- nix/pkgs/oci-image/default.nix | 33 +- 7 files changed, 819 insertions(+), 728 deletions(-) diff --git a/default.nix b/default.nix index f620865d..1d976a35 100644 --- a/default.nix +++ b/default.nix @@ -1,10 +1,11 @@ -(import - ( - let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in - fetchTarball { - url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; - sha256 = lock.nodes.flake-compat.locked.narHash; - } - ) - { src = ./.; } -).defaultNix +(import ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = + lock.nodes.flake-compat.locked.url + or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } +) { src = ./.; }).defaultNix diff --git a/flake.nix b/flake.nix index 4ad43398..6b5ecfe2 100644 --- a/flake.nix +++ b/flake.nix @@ -2,265 +2,299 @@ inputs = { attic.url = "github:zhaofengli/attic?ref=main"; cachix.url = "github:cachix/cachix?ref=master"; - complement = { url = "github:matrix-construct/complement?ref=main"; flake = false; }; - crane = { url = "github:ipetkov/crane?ref=master"; }; - fenix = { url = "github:nix-community/fenix?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; }; - flake-compat = { url = "github:edolstra/flake-compat?ref=master"; flake = false; }; + complement = { + url = "github:matrix-construct/complement?ref=main"; + flake = false; + }; + crane = { + url = "github:ipetkov/crane?ref=master"; + }; + fenix = { + url = "github:nix-community/fenix?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-compat = { + url = "github:edolstra/flake-compat?ref=master"; + flake = false; + }; flake-utils.url = "github:numtide/flake-utils?ref=main"; nix-filter.url = "github:numtide/nix-filter?ref=main"; nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable"; - rocksdb = { url = "github:matrix-construct/rocksdb?ref=tuwunel-changes"; flake = false; }; - liburing = { url = "github:axboe/liburing?ref=master"; flake = false; }; + rocksdb = { + url = "github:matrix-construct/rocksdb?ref=tuwunel-changes"; + flake = false; + }; + liburing = { + url = "github:axboe/liburing?ref=master"; + flake = false; + }; }; - outputs = inputs: - inputs.flake-utils.lib.eachDefaultSystem (system: - let - pkgsHost = import inputs.nixpkgs{ - inherit system; - }; - pkgsHostStatic = pkgsHost.pkgsStatic; - - # The Rust toolchain to use - toolchain = inputs.fenix.packages.${system}.fromToolchainFile { - file = ./rust-toolchain.toml; - - # See also `rust-toolchain.toml` - sha256 = "sha256-SDu4snEWjuZU475PERvu+iO50Mi39KVjqCeJeNvpguU="; - }; - - mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: { - inherit pkgs; - book = self.callPackage ./nix/pkgs/book {}; - complement = self.callPackage ./nix/pkgs/complement {}; - craneLib = ((inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain)); - inherit inputs; - main = self.callPackage ./nix/pkgs/main {}; - oci-image = self.callPackage ./nix/pkgs/oci-image {}; - tini = pkgs.tini.overrideAttrs { - # newer clang/gcc is unhappy with tini-static: - patches = [ (pkgs.fetchpatch { - url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch"; - hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k="; - }) - ]; - }; - liburing = pkgs.liburing.overrideAttrs { - # Tests weren't building - outputs = [ "out" "dev" "man" ]; - buildFlags = [ "library" ]; - src = inputs.liburing; - }; - rocksdb = (pkgs.rocksdb.override { - liburing = self.liburing; - }).overrideAttrs (final: old: { - src = inputs.rocksdb; - version = pkgs.lib.removePrefix - "v" - (builtins.fromJSON (builtins.readFile ./flake.lock)) - .nodes.rocksdb.original.ref; - # we have this already at https://github.com/girlbossceo/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155 - # unsetting this so i don't have to revert it and make this nix exclusive - patches = []; - postPatch = - pkgs.lib.optionalString (pkgs.lib.versionOlder final.version "8") '' - # Fix gcc-13 build failures due to missing and - # includes, fixed upstream since 8.x - sed -e '1i #include ' -i db/compaction/compaction_iteration_stats.h - sed -e '1i #include ' -i table/block_based/data_block_hash_index.h - sed -e '1i #include ' -i util/string_util.h - sed -e '1i #include ' -i include/rocksdb/utilities/checkpoint.h - ''; - cmakeFlags = pkgs.lib.subtractLists - [ - # no real reason to have snappy or zlib, no one uses this - "-DWITH_SNAPPY=1" - "-DZLIB=1" - "-DWITH_ZLIB=1" - # we dont need to use ldb or sst_dump (core_tools) - "-DWITH_CORE_TOOLS=1" - # we dont need to build rocksdb tests - "-DWITH_TESTS=1" - # we use rust-rocksdb via C interface and dont need C++ RTTI - "-DUSE_RTTI=1" - # this doesn't exist in RocksDB, and USE_SSE is deprecated for - # PORTABLE=$(march) - "-DFORCE_SSE42=1" - # PORTABLE will get set in main/default.nix - "-DPORTABLE=1" - ] - old.cmakeFlags - ++ [ - # no real reason to have snappy, no one uses this - "-DWITH_SNAPPY=0" - "-DZLIB=0" - "-DWITH_ZLIB=0" - # we dont need to use ldb or sst_dump (core_tools) - "-DWITH_CORE_TOOLS=0" - # we dont need trace tools - "-DWITH_TRACE_TOOLS=0" - # we dont need to build rocksdb tests - "-DWITH_TESTS=0" - # we use rust-rocksdb via C interface and dont need C++ RTTI - "-DUSE_RTTI=0" - ]; - - # outputs has "tools" which we dont need or use - outputs = [ "out" ]; - - # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use - preInstall = ""; - }); - }); - - scopeHost = mkScope pkgsHost; - scopeHostStatic = mkScope pkgsHostStatic; - scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic; - mkCrossScope = crossSystem: - let pkgsCrossStatic = (import inputs.nixpkgs { + outputs = + inputs: + inputs.flake-utils.lib.eachDefaultSystem ( + system: + let + pkgsHost = import inputs.nixpkgs { inherit system; - crossSystem = { - config = crossSystem; + }; + pkgsHostStatic = pkgsHost.pkgsStatic; + + # The Rust toolchain to use + toolchain = inputs.fenix.packages.${system}.fromToolchainFile { + file = ./rust-toolchain.toml; + + # See also `rust-toolchain.toml` + sha256 = "sha256-SDu4snEWjuZU475PERvu+iO50Mi39KVjqCeJeNvpguU="; + }; + + mkScope = + pkgs: + pkgs.lib.makeScope pkgs.newScope (self: { + inherit pkgs; + book = self.callPackage ./nix/pkgs/book { }; + complement = self.callPackage ./nix/pkgs/complement { }; + craneLib = ((inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain)); + inherit inputs; + main = self.callPackage ./nix/pkgs/main { }; + oci-image = self.callPackage ./nix/pkgs/oci-image { }; + tini = pkgs.tini.overrideAttrs { + # newer clang/gcc is unhappy with tini-static: + patches = [ + (pkgs.fetchpatch { + url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch"; + hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k="; + }) + ]; + }; + liburing = pkgs.liburing.overrideAttrs { + # Tests weren't building + outputs = [ + "out" + "dev" + "man" + ]; + buildFlags = [ "library" ]; + src = inputs.liburing; + }; + rocksdb = + (pkgs.rocksdb.override { + liburing = self.liburing; + }).overrideAttrs + ( + final: old: { + src = inputs.rocksdb; + version = pkgs.lib.removePrefix "v" (builtins.fromJSON (builtins.readFile ./flake.lock)) + .nodes.rocksdb.original.ref; + # we have this already at https://github.com/girlbossceo/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155 + # unsetting this so i don't have to revert it and make this nix exclusive + patches = [ ]; + postPatch = pkgs.lib.optionalString (pkgs.lib.versionOlder final.version "8") '' + # Fix gcc-13 build failures due to missing and + # includes, fixed upstream since 8.x + sed -e '1i #include ' -i db/compaction/compaction_iteration_stats.h + sed -e '1i #include ' -i table/block_based/data_block_hash_index.h + sed -e '1i #include ' -i util/string_util.h + sed -e '1i #include ' -i include/rocksdb/utilities/checkpoint.h + ''; + cmakeFlags = + pkgs.lib.subtractLists [ + # no real reason to have snappy or zlib, no one uses this + "-DWITH_SNAPPY=1" + "-DZLIB=1" + "-DWITH_ZLIB=1" + # we dont need to use ldb or sst_dump (core_tools) + "-DWITH_CORE_TOOLS=1" + # we dont need to build rocksdb tests + "-DWITH_TESTS=1" + # we use rust-rocksdb via C interface and dont need C++ RTTI + "-DUSE_RTTI=1" + # this doesn't exist in RocksDB, and USE_SSE is deprecated for + # PORTABLE=$(march) + "-DFORCE_SSE42=1" + # PORTABLE will get set in main/default.nix + "-DPORTABLE=1" + ] old.cmakeFlags + ++ [ + # no real reason to have snappy, no one uses this + "-DWITH_SNAPPY=0" + "-DZLIB=0" + "-DWITH_ZLIB=0" + # we dont need to use ldb or sst_dump (core_tools) + "-DWITH_CORE_TOOLS=0" + # we dont need trace tools + "-DWITH_TRACE_TOOLS=0" + # we dont need to build rocksdb tests + "-DWITH_TESTS=0" + # we use rust-rocksdb via C interface and dont need C++ RTTI + "-DUSE_RTTI=0" + ]; + + # outputs has "tools" which we dont need or use + outputs = [ "out" ]; + + # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use + preInstall = ""; + } + ); + }); + + scopeHost = mkScope pkgsHost; + scopeHostStatic = mkScope pkgsHostStatic; + scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic; + mkCrossScope = + crossSystem: + let + pkgsCrossStatic = + (import inputs.nixpkgs { + inherit system; + crossSystem = { + config = crossSystem; + }; + }).pkgsStatic; + in + mkScope pkgsCrossStatic; + + mkDevShell = + scope: + scope.pkgs.mkShell { + env = scope.main.env // { + # Rust Analyzer needs to be able to find the path to default crate + # sources, and it can read this environment variable to do so. The + # `rust-src` component is required in order for this to work. + RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; + + # Convenient way to access a pinned version of Complement's source + # code. + COMPLEMENT_SRC = inputs.complement.outPath; + + # Needed for Complement: + CGO_CFLAGS = "-Wl,--no-gc-sections"; + CGO_LDFLAGS = "-Wl,--no-gc-sections"; + }; + + # Development tools + packages = [ + # Always use nightly rustfmt because most of its options are unstable + # + # This needs to come before `toolchain` in this list, otherwise + # `$PATH` will have stable rustfmt instead. + inputs.fenix.packages.${system}.latest.rustfmt + + toolchain + ] + ++ ( + with pkgsHost.pkgs; + [ + # Required by hardened-malloc.rs dep + binutils + + cargo-audit + cargo-auditable + + # Needed for producing Debian packages + cargo-deb + + # Needed for CI to check validity of produced Debian packages (dpkg-deb) + dpkg + + engage + + # Needed for Complement + go + + # Needed for our script for Complement + jq + gotestfmt + + # Needed for finding broken markdown links + lychee + + # Needed for linting markdown files + markdownlint-cli + + # Useful for editing the book locally + mdbook + + # used for rust caching in CI to speed it up + sccache + ] + # liburing is Linux-exclusive + ++ lib.optional stdenv.hostPlatform.isLinux liburing + ++ lib.optional stdenv.hostPlatform.isLinux numactl + ) + ++ scope.main.buildInputs + ++ scope.main.propagatedBuildInputs + ++ scope.main.nativeBuildInputs; }; - }).pkgsStatic; - in - mkScope pkgsCrossStatic; - - mkDevShell = scope: scope.pkgs.mkShell { - env = scope.main.env // { - # Rust Analyzer needs to be able to find the path to default crate - # sources, and it can read this environment variable to do so. The - # `rust-src` component is required in order for this to work. - RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; - - # Convenient way to access a pinned version of Complement's source - # code. - COMPLEMENT_SRC = inputs.complement.outPath; - - # Needed for Complement: - CGO_CFLAGS = "-Wl,--no-gc-sections"; - CGO_LDFLAGS = "-Wl,--no-gc-sections"; - }; - - # Development tools - packages = [ - # Always use nightly rustfmt because most of its options are unstable - # - # This needs to come before `toolchain` in this list, otherwise - # `$PATH` will have stable rustfmt instead. - inputs.fenix.packages.${system}.latest.rustfmt - - toolchain - ] - ++ (with pkgsHost.pkgs; [ - # Required by hardened-malloc.rs dep - binutils - - cargo-audit - cargo-auditable - - # Needed for producing Debian packages - cargo-deb - - # Needed for CI to check validity of produced Debian packages (dpkg-deb) - dpkg - - engage - - # Needed for Complement - go - - # Needed for our script for Complement - jq - gotestfmt - - # Needed for finding broken markdown links - lychee - - # Needed for linting markdown files - markdownlint-cli - - # Useful for editing the book locally - mdbook - - # used for rust caching in CI to speed it up - sccache - ] - # liburing is Linux-exclusive - ++ lib.optional stdenv.hostPlatform.isLinux liburing - ++ lib.optional stdenv.hostPlatform.isLinux numactl) - ++ scope.main.buildInputs - ++ scope.main.propagatedBuildInputs - ++ scope.main.nativeBuildInputs; - }; - in - { - packages = { - default = scopeHost.main.override { + in + { + packages = { + default = scopeHost.main.override { disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # tuwunel_mods is a development-only hot reload feature - "tuwunel_mods" + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # tuwunel_mods is a development-only hot reload feature + "tuwunel_mods" ]; - }; - default-debug = scopeHost.main.override { + }; + default-debug = scopeHost.main.override { profile = "dev"; # debug build users expect full logs disable_release_max_log_level = true; disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "tuwunel_mods" + # dont include experimental features + "experimental" + # this is non-functional on nix for some reason + "tuwunel_mods" ]; - }; - # just a test profile used for things like CI and complement - default-test = scopeHost.main.override { + }; + # just a test profile used for things like CI and complement + default-test = scopeHost.main.override { profile = "test"; disable_release_max_log_level = true; disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "tuwunel_mods" + # dont include experimental features + "experimental" + # this is non-functional on nix for some reason + "tuwunel_mods" ]; - }; - all-features = scopeHost.main.override { + }; + all-features = scopeHost.main.override { all_features = true; disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "tuwunel_mods" + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # this is non-functional on nix for some reason + "tuwunel_mods" ]; - }; - all-features-debug = scopeHost.main.override { + }; + all-features-debug = scopeHost.main.override { profile = "dev"; all_features = true; # debug build users expect full logs disable_release_max_log_level = true; disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "tuwunel_mods" + # dont include experimental features + "experimental" + # this is non-functional on nix for some reason + "tuwunel_mods" ]; - }; + }; - oci-image = scopeHost.oci-image; - oci-image-all-features = scopeHost.oci-image.override { - main = scopeHost.main.override { - all_features = true; - disable_features = [ + oci-image = scopeHost.oci-image; + oci-image-all-features = scopeHost.oci-image.override { + main = scopeHost.main.override { + all_features = true; + disable_features = [ # dont include experimental features "experimental" # jemalloc profiling/stats features are expensive and shouldn't @@ -269,171 +303,88 @@ "jemalloc_stats" # tuwunel_mods is a development-only hot reload feature "tuwunel_mods" - ]; + ]; + }; }; - }; - oci-image-all-features-debug = scopeHost.oci-image.override { - main = scopeHost.main.override { - profile = "dev"; - all_features = true; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ + oci-image-all-features-debug = scopeHost.oci-image.override { + main = scopeHost.main.override { + profile = "dev"; + all_features = true; + # debug build users expect full logs + disable_release_max_log_level = true; + disable_features = [ # dont include experimental features "experimental" # tuwunel_mods is a development-only hot reload feature "tuwunel_mods" - ]; + ]; + }; }; - }; - book = scopeHost.book; + book = scopeHost.book; - complement = scopeHost.complement; - static-complement = scopeHostStatic.complement; - # macOS containers don't exist, so the complement images must be forced to linux - linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement; - } - // - builtins.listToAttrs - (builtins.concatLists - (builtins.map - (crossSystem: - let - binaryName = "static-${crossSystem}"; - scopeCrossStatic = mkCrossScope crossSystem; - in - [ - # An output for a statically-linked binary - { - name = binaryName; - value = scopeCrossStatic.main; - } + complement = scopeHost.complement; + static-complement = scopeHostStatic.complement; + # macOS containers don't exist, so the complement images must be forced to linux + linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement; + } + // builtins.listToAttrs ( + builtins.concatLists ( + builtins.map + ( + crossSystem: + let + binaryName = "static-${crossSystem}"; + scopeCrossStatic = mkCrossScope crossSystem; + in + [ + # An output for a statically-linked binary + { + name = binaryName; + value = scopeCrossStatic.main; + } - # An output for a statically-linked binary with x86_64 haswell - # target optimisations - { - name = "${binaryName}-x86_64-haswell-optimised"; - value = scopeCrossStatic.main.override { - x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false); - }; - } - - # An output for a statically-linked unstripped debug ("dev") binary - { - name = "${binaryName}-debug"; - value = scopeCrossStatic.main.override { - profile = "dev"; - # debug build users expect full logs - disable_release_max_log_level = true; - }; - } - - # An output for a statically-linked unstripped debug binary with the - # "test" profile (for CI usage only) - { - name = "${binaryName}-test"; - value = scopeCrossStatic.main.override { - profile = "test"; - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # tuwunel_mods is a development-only hot reload feature - "tuwunel_mods" - ]; - }; - } - - # An output for a statically-linked binary with `--all-features` - { - name = "${binaryName}-all-features"; - value = scopeCrossStatic.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # tuwunel_mods is a development-only hot reload feature - "tuwunel_mods" - ]; - }; - } - - # An output for a statically-linked binary with `--all-features` and with x86_64 haswell - # target optimisations - { - name = "${binaryName}-all-features-x86_64-haswell-optimised"; - value = scopeCrossStatic.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # tuwunel_mods is a development-only hot reload feature - "tuwunel_mods" - ]; - x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false); - }; - } - - # An output for a statically-linked unstripped debug ("dev") binary with `--all-features` - { - name = "${binaryName}-all-features-debug"; - value = scopeCrossStatic.main.override { - profile = "dev"; - all_features = true; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # tuwunel_mods is a development-only hot reload feature - "tuwunel_mods" - ]; - }; - } - - # An output for an OCI image based on that binary - { - name = "oci-image-${crossSystem}"; - value = scopeCrossStatic.oci-image; - } - - # An output for an OCI image based on that binary with x86_64 haswell - # target optimisations - { - name = "oci-image-${crossSystem}-x86_64-haswell-optimised"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false); + # An output for a statically-linked binary with x86_64 haswell + # target optimisations + { + name = "${binaryName}-x86_64-haswell-optimised"; + value = scopeCrossStatic.main.override { + x86_64_haswell_target_optimised = ( + if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false + ); }; - }; - } + } - # An output for an OCI image based on that unstripped debug ("dev") binary - { - name = "oci-image-${crossSystem}-debug"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - profile = "dev"; - # debug build users expect full logs - disable_release_max_log_level = true; + # An output for a statically-linked unstripped debug ("dev") binary + { + name = "${binaryName}-debug"; + value = scopeCrossStatic.main.override { + profile = "dev"; + # debug build users expect full logs + disable_release_max_log_level = true; }; - }; - } + } - # An output for an OCI image based on that binary with `--all-features` - { - name = "oci-image-${crossSystem}-all-features"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { + # An output for a statically-linked unstripped debug binary with the + # "test" profile (for CI usage only) + { + name = "${binaryName}-test"; + value = scopeCrossStatic.main.override { + profile = "test"; + disable_release_max_log_level = true; + disable_features = [ + # dont include experimental features + "experimental" + # tuwunel_mods is a development-only hot reload feature + "tuwunel_mods" + ]; + }; + } + + # An output for a statically-linked binary with `--all-features` + { + name = "${binaryName}-all-features"; + value = scopeCrossStatic.main.override { all_features = true; disable_features = [ # dont include experimental features @@ -446,15 +397,13 @@ "tuwunel_mods" ]; }; - }; - } + } - # An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell - # target optimisations - { - name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { + # An output for a statically-linked binary with `--all-features` and with x86_64 haswell + # target optimisations + { + name = "${binaryName}-all-features-x86_64-haswell-optimised"; + value = scopeCrossStatic.main.override { all_features = true; disable_features = [ # dont include experimental features @@ -466,16 +415,16 @@ # tuwunel_mods is a development-only hot reload feature "tuwunel_mods" ]; - x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false); + x86_64_haswell_target_optimised = ( + if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false + ); }; - }; - } + } - # An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features` - { - name = "oci-image-${crossSystem}-all-features-debug"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { + # An output for a statically-linked unstripped debug ("dev") binary with `--all-features` + { + name = "${binaryName}-all-features-debug"; + value = scopeCrossStatic.main.override { profile = "dev"; all_features = true; # debug build users expect full logs @@ -487,47 +436,147 @@ "tuwunel_mods" ]; }; - }; - } + } - # An output for a complement OCI image for the specified platform - { - name = "complement-${crossSystem}"; - value = scopeCrossStatic.complement; - } + # An output for an OCI image based on that binary + { + name = "oci-image-${crossSystem}"; + value = scopeCrossStatic.oci-image; + } + + # An output for an OCI image based on that binary with x86_64 haswell + # target optimisations + { + name = "oci-image-${crossSystem}-x86_64-haswell-optimised"; + value = scopeCrossStatic.oci-image.override { + main = scopeCrossStatic.main.override { + x86_64_haswell_target_optimised = ( + if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false + ); + }; + }; + } + + # An output for an OCI image based on that unstripped debug ("dev") binary + { + name = "oci-image-${crossSystem}-debug"; + value = scopeCrossStatic.oci-image.override { + main = scopeCrossStatic.main.override { + profile = "dev"; + # debug build users expect full logs + disable_release_max_log_level = true; + }; + }; + } + + # An output for an OCI image based on that binary with `--all-features` + { + name = "oci-image-${crossSystem}-all-features"; + value = scopeCrossStatic.oci-image.override { + main = scopeCrossStatic.main.override { + all_features = true; + disable_features = [ + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # tuwunel_mods is a development-only hot reload feature + "tuwunel_mods" + ]; + }; + }; + } + + # An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell + # target optimisations + { + name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised"; + value = scopeCrossStatic.oci-image.override { + main = scopeCrossStatic.main.override { + all_features = true; + disable_features = [ + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # tuwunel_mods is a development-only hot reload feature + "tuwunel_mods" + ]; + x86_64_haswell_target_optimised = ( + if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false + ); + }; + }; + } + + # An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features` + { + name = "oci-image-${crossSystem}-all-features-debug"; + value = scopeCrossStatic.oci-image.override { + main = scopeCrossStatic.main.override { + profile = "dev"; + all_features = true; + # debug build users expect full logs + disable_release_max_log_level = true; + disable_features = [ + # dont include experimental features + "experimental" + # tuwunel_mods is a development-only hot reload feature + "tuwunel_mods" + ]; + }; + }; + } + + # An output for a complement OCI image for the specified platform + { + name = "complement-${crossSystem}"; + value = scopeCrossStatic.complement; + } + ] + ) + [ + #"x86_64-apple-darwin" + #"aarch64-apple-darwin" + "x86_64-linux-gnu" + "x86_64-linux-musl" + "aarch64-linux-musl" ] - ) - [ - #"x86_64-apple-darwin" - #"aarch64-apple-darwin" - "x86_64-linux-gnu" - "x86_64-linux-musl" - "aarch64-linux-musl" - ] ) ); - devShells.default = mkDevShell scopeHostStatic; - devShells.all-features = mkDevShell - (scopeHostStatic.overrideScope (final: prev: { - main = prev.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # tuwunel_mods is a development-only hot reload feature - "tuwunel_mods" - ]; - }; - })); - devShells.no-features = mkDevShell - (scopeHostStatic.overrideScope (final: prev: { - main = prev.main.override { default_features = false; }; - })); - devShells.dynamic = mkDevShell scopeHost; - }); + devShells.default = mkDevShell scopeHostStatic; + devShells.all-features = mkDevShell ( + scopeHostStatic.overrideScope ( + final: prev: { + main = prev.main.override { + all_features = true; + disable_features = [ + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # tuwunel_mods is a development-only hot reload feature + "tuwunel_mods" + ]; + }; + } + ) + ); + devShells.no-features = mkDevShell ( + scopeHostStatic.overrideScope ( + final: prev: { + main = prev.main.override { default_features = false; }; + } + ) + ); + devShells.dynamic = mkDevShell scopeHost; + } + ); } diff --git a/nix/pkgs/book/default.nix b/nix/pkgs/book/default.nix index 1c70a75c..97d80be9 100644 --- a/nix/pkgs/book/default.nix +++ b/nix/pkgs/book/default.nix @@ -1,9 +1,10 @@ -{ inputs +{ + inputs, -# Dependencies -, main -, mdbook -, stdenv + # Dependencies + main, + mdbook, + stdenv, }: stdenv.mkDerivation { diff --git a/nix/pkgs/complement/default.nix b/nix/pkgs/complement/default.nix index 6b8fa38a..172c377c 100644 --- a/nix/pkgs/complement/default.nix +++ b/nix/pkgs/complement/default.nix @@ -1,13 +1,14 @@ # Dependencies -{ bashInteractive -, buildEnv -, coreutils -, dockerTools -, lib -, main -, stdenv -, tini -, writeShellScriptBin +{ + bashInteractive, + buildEnv, + coreutils, + dockerTools, + lib, + main, + stdenv, + tini, + writeShellScriptBin, }: let @@ -16,24 +17,24 @@ let all_features = true; disable_release_max_log_level = true; disable_features = [ - # console/CLI stuff isn't used or relevant for complement - "console" - "tokio_console" - # sentry telemetry isn't useful for complement, disabled by default anyways - "sentry_telemetry" - "perf_measurements" - # this is non-functional on nix for some reason - "hardened_malloc" - # dont include experimental features - "experimental" - # compression isn't needed for complement - "brotli_compression" - "gzip_compression" - "zstd_compression" - # complement doesn't need hot reloading - "tuwunel_mods" - # complement doesn't have URL preview media tests - "url_preview" + # console/CLI stuff isn't used or relevant for complement + "console" + "tokio_console" + # sentry telemetry isn't useful for complement, disabled by default anyways + "sentry_telemetry" + "perf_measurements" + # this is non-functional on nix for some reason + "hardened_malloc" + # dont include experimental features + "experimental" + # compression isn't needed for complement + "brotli_compression" + "gzip_compression" + "zstd_compression" + # complement doesn't need hot reloading + "tuwunel_mods" + # complement doesn't have URL preview media tests + "url_preview" ]; }; @@ -68,11 +69,18 @@ dockerTools.buildImage { "${lib.getExe start}" ]; - Entrypoint = if !stdenv.hostPlatform.isDarwin + Entrypoint = + if + !stdenv.hostPlatform.isDarwin # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT) # are handled as expected - then [ "${lib.getExe' tini "tini"}" "--" ] - else []; + then + [ + "${lib.getExe' tini "tini"}" + "--" + ] + else + [ ]; Env = [ "TUWUNEL_TLS__KEY=${./private_key.key}" @@ -82,8 +90,8 @@ dockerTools.buildImage { ]; ExposedPorts = { - "8008/tcp" = {}; - "8448/tcp" = {}; + "8008/tcp" = { }; + "8448/tcp" = { }; }; }; } diff --git a/nix/pkgs/main/cross-compilation-env.nix b/nix/pkgs/main/cross-compilation-env.nix index 0f326c92..d95ccb10 100644 --- a/nix/pkgs/main/cross-compilation-env.nix +++ b/nix/pkgs/main/cross-compilation-env.nix @@ -1,38 +1,35 @@ -{ lib -, pkgsBuildHost -, rust -, stdenv +{ + lib, + pkgsBuildHost, + rust, + stdenv, }: lib.optionalAttrs stdenv.hostPlatform.isStatic { ROCKSDB_STATIC = ""; } -// -{ - CARGO_BUILD_RUSTFLAGS = - lib.concatStringsSep - " " - ([] - # This disables PIE for static builds, which isn't great in terms - # of security. Unfortunately, my hand is forced because nixpkgs' - # `libstdc++.a` is built without `-fPIE`, which precludes us from - # leaving PIE enabled. - ++ lib.optionals - stdenv.hostPlatform.isStatic - [ "-C" "relocation-model=static" ] - ++ lib.optionals - (stdenv.buildPlatform.config != stdenv.hostPlatform.config) - [ - "-l" - "c" +// { + CARGO_BUILD_RUSTFLAGS = lib.concatStringsSep " " ( + [ ] + # This disables PIE for static builds, which isn't great in terms + # of security. Unfortunately, my hand is forced because nixpkgs' + # `libstdc++.a` is built without `-fPIE`, which precludes us from + # leaving PIE enabled. + ++ lib.optionals stdenv.hostPlatform.isStatic [ + "-C" + "relocation-model=static" + ] + ++ lib.optionals (stdenv.buildPlatform.config != stdenv.hostPlatform.config) [ + "-l" + "c" - "-l" - "stdc++" + "-l" + "stdc++" - "-L" - "${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib" - ] - ); + "-L" + "${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib" + ] + ); } # What follows is stolen from [here][0]. Its purpose is to properly @@ -41,26 +38,21 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic { # run on the build platform (I think). # # [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68 -// -( +// ( let inherit (rust.lib) envVars; in - lib.optionalAttrs - (stdenv.targetPlatform.rust.rustcTarget - != stdenv.hostPlatform.rust.rustcTarget) - ( - let - inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget; - in - { - "CC_${cargoEnvVarTarget}" = envVars.ccForTarget; - "CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget; - "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForTarget; - } - ) - // - ( + lib.optionalAttrs (stdenv.targetPlatform.rust.rustcTarget != stdenv.hostPlatform.rust.rustcTarget) ( + let + inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget; + in + { + "CC_${cargoEnvVarTarget}" = envVars.ccForTarget; + "CXX_${cargoEnvVarTarget}" = envVars.cxxForTarget; + "CARGO_TARGET_${cargoEnvVarTarget}_LINKER" = envVars.ccForTarget; + } + ) + // ( let inherit (stdenv.hostPlatform.rust) cargoEnvVarTarget rustcTarget; in @@ -71,8 +63,7 @@ lib.optionalAttrs stdenv.hostPlatform.isStatic { CARGO_BUILD_TARGET = rustcTarget; } ) - // - ( + // ( let inherit (stdenv.buildPlatform.rust) cargoEnvVarTarget; in diff --git a/nix/pkgs/main/default.nix b/nix/pkgs/main/default.nix index 7a92dba8..eb8f47f7 100644 --- a/nix/pkgs/main/default.nix +++ b/nix/pkgs/main/default.nix @@ -1,177 +1,203 @@ # Dependencies (keep sorted) -{ craneLib -, inputs -, jq -, lib -, libiconv -, liburing -, pkgsBuildHost -, rocksdb -, removeReferencesTo -, rust -, autoPatchelfHook -, rust-jemalloc-sys-unprefixed -, stdenv +{ + craneLib, + inputs, + jq, + lib, + libiconv, + liburing, + pkgsBuildHost, + rocksdb, + removeReferencesTo, + rust, + autoPatchelfHook, + rust-jemalloc-sys-unprefixed, + stdenv, -# Options (keep sorted) -, all_features ? false -, default_features ? true -# default list of disabled features -, disable_features ? [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # tuwunel_mods is a development-only hot reload feature - "tuwunel_mods" -] -, disable_release_max_log_level ? false -, features ? [] -, profile ? "release" -# rocksdb compiled with -march=haswell and target-cpu=haswell rustflag -# haswell is pretty much any x86 cpu made in the last 12 years, and -# supports modern CPU extensions that rocksdb can make use of. -# disable if trying to make a portable x86_64 build for very old hardware -, x86_64_haswell_target_optimised ? false + # Options (keep sorted) + all_features ? false, + default_features ? true, + # default list of disabled features + disable_features ? [ + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # tuwunel_mods is a development-only hot reload feature + "tuwunel_mods" + ], + disable_release_max_log_level ? false, + features ? [ ], + profile ? "release", + # rocksdb compiled with -march=haswell and target-cpu=haswell rustflag + # haswell is pretty much any x86 cpu made in the last 12 years, and + # supports modern CPU extensions that rocksdb can make use of. + # disable if trying to make a portable x86_64 build for very old hardware + x86_64_haswell_target_optimised ? false, }: let -# We perform default-feature unification in nix, because some of the dependencies -# on the nix side depend on feature values. -crateFeatures = path: - let manifest = lib.importTOML "${path}/Cargo.toml"; in - lib.remove "default" (lib.attrNames manifest.features); -crateDefaultFeatures = path: - (lib.importTOML "${path}/Cargo.toml").features.default; -allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main"; -allFeatures = crateFeatures "${inputs.self}/src/main"; -features' = lib.unique - (features ++ - lib.optionals default_features allDefaultFeatures ++ - lib.optionals all_features allFeatures); -disable_features' = disable_features ++ lib.optionals disable_release_max_log_level ["release_max_log_level"]; -features'' = lib.subtractLists disable_features' features'; + # We perform default-feature unification in nix, because some of the dependencies + # on the nix side depend on feature values. + crateFeatures = + path: + let + manifest = lib.importTOML "${path}/Cargo.toml"; + in + lib.remove "default" (lib.attrNames manifest.features); + crateDefaultFeatures = path: (lib.importTOML "${path}/Cargo.toml").features.default; + allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main"; + allFeatures = crateFeatures "${inputs.self}/src/main"; + features' = lib.unique ( + features + ++ lib.optionals default_features allDefaultFeatures + ++ lib.optionals all_features allFeatures + ); + disable_features' = + disable_features ++ lib.optionals disable_release_max_log_level [ "release_max_log_level" ]; + features'' = lib.subtractLists disable_features' features'; -featureEnabled = feature : builtins.elem feature features''; + featureEnabled = feature: builtins.elem feature features''; -enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin; + enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin; -# This derivation will set the JEMALLOC_OVERRIDE variable, causing the -# tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's -# own. In order for this to work, we need to set flags on the build that match -# whatever flags tikv-jemalloc-sys was going to use. These are dependent on -# which features we enable in tikv-jemalloc-sys. -rust-jemalloc-sys' = - # tikv-jemalloc-sys/unprefixed_malloc_on_supported_platforms feature - rust-jemalloc-sys-unprefixed -.overrideAttrs (old: { configureFlags = old.configureFlags ++ - # we dont need docs - [ "--disable-doc" ] ++ - # we dont need cxx/C++ integration - [ "--disable-cxx" ] ++ - # tikv-jemalloc-sys/profiling feature - lib.optional (featureEnabled "jemalloc_prof") "--enable-prof" ++ - # tikv-jemalloc-sys/stats feature - (if (featureEnabled "jemalloc_stats") then [ "--enable-stats" ] else [ "--disable-stats" ]); -}); + # This derivation will set the JEMALLOC_OVERRIDE variable, causing the + # tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's + # own. In order for this to work, we need to set flags on the build that match + # whatever flags tikv-jemalloc-sys was going to use. These are dependent on + # which features we enable in tikv-jemalloc-sys. + rust-jemalloc-sys' = + # tikv-jemalloc-sys/unprefixed_malloc_on_supported_platforms feature + rust-jemalloc-sys-unprefixed.overrideAttrs (old: { + configureFlags = + old.configureFlags + ++ + # we dont need docs + [ "--disable-doc" ] + ++ + # we dont need cxx/C++ integration + [ "--disable-cxx" ] + ++ + # tikv-jemalloc-sys/profiling feature + lib.optional (featureEnabled "jemalloc_prof") "--enable-prof" + ++ + # tikv-jemalloc-sys/stats feature + (if (featureEnabled "jemalloc_stats") then [ "--enable-stats" ] else [ "--disable-stats" ]); + }); -rocksdb' = (rocksdb.override { - jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys'; - # rocksdb fails to build with prefixed jemalloc, which is required on - # darwin due to [1]. In this case, fall back to building rocksdb with - # libc malloc. This should not cause conflicts, because all of the - # jemalloc symbols are prefixed. - # - # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17 - enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin; + rocksdb' = + (rocksdb.override { + jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys'; + # rocksdb fails to build with prefixed jemalloc, which is required on + # darwin due to [1]. In this case, fall back to building rocksdb with + # libc malloc. This should not cause conflicts, because all of the + # jemalloc symbols are prefixed. + # + # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17 + enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin; - # for some reason enableLiburing in nixpkgs rocksdb is default true - # which breaks Darwin entirely - enableLiburing = enableLiburing; -}).overrideAttrs (old: { - enableLiburing = enableLiburing; - cmakeFlags = (if x86_64_haswell_target_optimised then (lib.subtractLists [ - # dont make a portable build if x86_64_haswell_target_optimised is enabled - "-DPORTABLE=1" - ] old.cmakeFlags - ++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ]) - ) - ++ old.cmakeFlags; + # for some reason enableLiburing in nixpkgs rocksdb is default true + # which breaks Darwin entirely + enableLiburing = enableLiburing; + }).overrideAttrs + (old: { + enableLiburing = enableLiburing; + cmakeFlags = + ( + if x86_64_haswell_target_optimised then + ( + lib.subtractLists [ + # dont make a portable build if x86_64_haswell_target_optimised is enabled + "-DPORTABLE=1" + ] old.cmakeFlags + ++ [ "-DPORTABLE=haswell" ] + ) + else + ([ "-DPORTABLE=1" ]) + ) + ++ old.cmakeFlags; - # outputs has "tools" which we dont need or use - outputs = [ "out" ]; + # outputs has "tools" which we dont need or use + outputs = [ "out" ]; - # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use - preInstall = ""; -}); + # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use + preInstall = ""; + }); -buildDepsOnlyEnv = { - # https://crane.dev/faq/rebuilds-bindgen.html - NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa"; + buildDepsOnlyEnv = { + # https://crane.dev/faq/rebuilds-bindgen.html + NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa"; - CARGO_PROFILE = profile; - ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include"; - ROCKSDB_LIB_DIR = "${rocksdb'}/lib"; + CARGO_PROFILE = profile; + ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include"; + ROCKSDB_LIB_DIR = "${rocksdb'}/lib"; } - // - (import ./cross-compilation-env.nix { + // (import ./cross-compilation-env.nix { # Keep sorted inherit lib pkgsBuildHost rust - stdenv; + stdenv + ; }); -buildPackageEnv = { - TUWUNEL_VERSION_EXTRA = inputs.self.shortRev or inputs.self.dirtyShortRev or ""; - TUWUNEL_DATABASE_PATH = "/var/tmp/tuwunel.db"; -} // buildDepsOnlyEnv // { - # Only needed in static stdenv because these are transitive dependencies of rocksdb - CARGO_BUILD_RUSTFLAGS = buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS - + lib.optionalString (enableLiburing && stdenv.hostPlatform.isStatic) - " -L${lib.getLib liburing}/lib -luring" - + lib.optionalString x86_64_haswell_target_optimised - " -Ctarget-cpu=haswell"; -}; + buildPackageEnv = { + TUWUNEL_VERSION_EXTRA = inputs.self.shortRev or inputs.self.dirtyShortRev or ""; + TUWUNEL_DATABASE_PATH = "/var/tmp/tuwunel.db"; + } + // buildDepsOnlyEnv + // { + # Only needed in static stdenv because these are transitive dependencies of rocksdb + CARGO_BUILD_RUSTFLAGS = + buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS + + lib.optionalString ( + enableLiburing && stdenv.hostPlatform.isStatic + ) " -L${lib.getLib liburing}/lib -luring" + + lib.optionalString x86_64_haswell_target_optimised " -Ctarget-cpu=haswell"; + }; + commonAttrs = { + inherit + (craneLib.crateNameFromCargoToml { + cargoToml = "${inputs.self}/Cargo.toml"; + }) + pname + version + ; + src = + let + filter = inputs.nix-filter.lib; + in + filter { + root = inputs.self; -commonAttrs = { - inherit - (craneLib.crateNameFromCargoToml { - cargoToml = "${inputs.self}/Cargo.toml"; - }) - pname - version; - - src = let filter = inputs.nix-filter.lib; in filter { - root = inputs.self; - - # Keep sorted - include = [ - ".cargo" - "Cargo.lock" - "Cargo.toml" - "src" - ]; - }; + # Keep sorted + include = [ + ".cargo" + "Cargo.lock" + "Cargo.toml" + "src" + ]; + }; doCheck = true; - cargoExtraArgs = "--no-default-features --locked " - + lib.optionalString - (features'' != []) - "--features " + (builtins.concatStringsSep "," features''); + cargoExtraArgs = + "--no-default-features --locked " + + lib.optionalString (features'' != [ ]) "--features " + + (builtins.concatStringsSep "," features''); dontStrip = profile == "dev" || profile == "test"; dontPatchELF = profile == "dev" || profile == "test"; - buildInputs = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys-unprefixed - # needed to build Rust applications on macOS - ++ lib.optionals stdenv.hostPlatform.isDarwin [ + buildInputs = + lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys-unprefixed + # needed to build Rust applications on macOS + ++ lib.optionals stdenv.hostPlatform.isDarwin [ # https://github.com/NixOS/nixpkgs/issues/206242 # ld: library not found for -liconv libiconv @@ -188,56 +214,62 @@ commonAttrs = { # differing values for `NIX_CFLAGS_COMPILE`, which contributes to spurious # rebuilds of bindgen and its depedents. jq - ]; - }; + ]; + }; in -craneLib.buildPackage ( commonAttrs // rec { - cargoArtifacts = craneLib.buildDepsOnly (commonAttrs // { - env = buildDepsOnlyEnv; - }); +craneLib.buildPackage ( + commonAttrs + // rec { + cargoArtifacts = craneLib.buildDepsOnly ( + commonAttrs + // { + env = buildDepsOnlyEnv; + } + ); - # Adds runpath settings to the resulting binary - buildInputs = (commonAttrs.buildInputs or []) ++ [ - rocksdb' - ]; - nativeBuildInputs = (commonAttrs.nativeBuildInputs or []) ++ [ - autoPatchelfHook - ]; - # This is needed for tests to link - LD_LIBRARY_PATH = lib.makeLibraryPath buildInputs; + # Adds runpath settings to the resulting binary + buildInputs = (commonAttrs.buildInputs or [ ]) ++ [ + rocksdb' + ]; + nativeBuildInputs = (commonAttrs.nativeBuildInputs or [ ]) ++ [ + autoPatchelfHook + ]; + # This is needed for tests to link + LD_LIBRARY_PATH = lib.makeLibraryPath buildInputs; - nativeCheckInputs = [ - pkgsBuildHost.libredirect.hook - ]; + nativeCheckInputs = [ + pkgsBuildHost.libredirect.hook + ]; - preCheck = - let - fakeResolvConf = pkgsBuildHost.writeTextFile { - name = "resolv.conf"; - text = '' - nameserver 0.0.0.0 - ''; - }; - in - '' - export NIX_REDIRECTS="/etc/resolv.conf=${fakeResolvConf}" - export TUWUNEL_DATABASE_PATH="$(mktemp -d)/smoketest.db" - ''; - doCheck = true; + preCheck = + let + fakeResolvConf = pkgsBuildHost.writeTextFile { + name = "resolv.conf"; + text = '' + nameserver 0.0.0.0 + ''; + }; + in + '' + export NIX_REDIRECTS="/etc/resolv.conf=${fakeResolvConf}" + export TUWUNEL_DATABASE_PATH="$(mktemp -d)/smoketest.db" + ''; + doCheck = true; - doBenchmark = false; + doBenchmark = false; - cargoExtraArgs = "--no-default-features --locked " - + lib.optionalString - (features'' != []) - "--features " + (builtins.concatStringsSep "," features''); + cargoExtraArgs = + "--no-default-features --locked " + + lib.optionalString (features'' != [ ]) "--features " + + (builtins.concatStringsSep "," features''); - env = buildPackageEnv; - - passthru = { env = buildPackageEnv; - }; - meta.mainProgram = commonAttrs.pname; -}) + passthru = { + env = buildPackageEnv; + }; + + meta.mainProgram = commonAttrs.pname; + } +) diff --git a/nix/pkgs/oci-image/default.nix b/nix/pkgs/oci-image/default.nix index 1650053d..220c400d 100644 --- a/nix/pkgs/oci-image/default.nix +++ b/nix/pkgs/oci-image/default.nix @@ -1,11 +1,12 @@ -{ inputs +{ + inputs, -# Dependencies -, dockerTools -, lib -, main -, stdenv -, tini + # Dependencies + dockerTools, + lib, + main, + stdenv, + tini, }: dockerTools.buildLayeredImage { @@ -17,11 +18,18 @@ dockerTools.buildLayeredImage { main ]; config = { - Entrypoint = if !stdenv.hostPlatform.isDarwin + Entrypoint = + if + !stdenv.hostPlatform.isDarwin # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT) # are handled as expected - then [ "${lib.getExe' tini "tini"}" "--" ] - else []; + then + [ + "${lib.getExe' tini "tini"}" + "--" + ] + else + [ ]; Cmd = [ "${lib.getExe main}" ]; @@ -29,9 +37,10 @@ dockerTools.buildLayeredImage { "RUST_BACKTRACE=full" ]; Labels = { - "org.opencontainers.image.authors" = "June Clementine Strawberry and Jason Volk + "org.opencontainers.image.authors" = + "June Clementine Strawberry and Jason Volk "; - "org.opencontainers.image.created" ="@${toString inputs.self.lastModified}"; + "org.opencontainers.image.created" = "@${toString inputs.self.lastModified}"; "org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust"; "org.opencontainers.image.documentation" = "https://conduwuit.puppyirl.gay/"; "org.opencontainers.image.licenses" = "Apache-2.0";