regnault.dev / core
forked from tangled.org/core
Monorepo for Tangled
fork atom

nix: update nix modules & VM to new knot interface

Signed-off-by: oppiliappan <me@oppi.li>

oppi.li c7a5d815 e0935763

options
unified split
Changed files
+41 -47
flake.nix
+41 -47
flake.nix
··· 49 inherit (gitignore.lib) gitignoreSource; 50 in { 51 overlays.default = final: prev: let 52 - goModHash = "sha256-H/sKps9um8vvv/WAZ1hEN+ZVhmXlddRNSVWVRBK1zEo="; 53 - buildCmdPackage = name: 54 - final.buildGoModule { 55 - pname = name; 56 - version = "0.1.0"; 57 - src = gitignoreSource ./.; 58 - subPackages = ["cmd/${name}"]; 59 - vendorHash = goModHash; 60 - env.CGO_ENABLED = 0; 61 - }; 62 in { 63 indigo-lexgen = final.buildGoModule { 64 pname = "indigo-lexgen"; ··· 92 stdenv = pkgsStatic.stdenv; 93 }; 94 95 - knotserver = with final; 96 final.pkgsStatic.buildGoModule { 97 - pname = "knotserver"; 98 version = "0.1.0"; 99 src = gitignoreSource ./.; 100 nativeBuildInputs = [final.makeWrapper]; 101 - subPackages = ["cmd/knotserver"]; 102 vendorHash = goModHash; 103 installPhase = '' 104 runHook preInstall 105 106 mkdir -p $out/bin 107 - cp $GOPATH/bin/knotserver $out/bin/knotserver 108 109 - wrapProgram $out/bin/knotserver \ 110 --prefix PATH : ${pkgs.git}/bin 111 112 runHook postInstall 113 ''; 114 env.CGO_ENABLED = 1; 115 }; 116 - knotserver-unwrapped = final.pkgsStatic.buildGoModule { 117 - pname = "knotserver"; 118 version = "0.1.0"; 119 src = gitignoreSource ./.; 120 - subPackages = ["cmd/knotserver"]; 121 vendorHash = goModHash; 122 env.CGO_ENABLED = 1; 123 }; 124 - repoguard = buildCmdPackage "repoguard"; 125 - keyfetch = buildCmdPackage "keyfetch"; 126 - genjwks = buildCmdPackage "genjwks"; 127 }; 128 packages = forAllSystems (system: { 129 inherit 130 (nixpkgsFor."${system}") 131 indigo-lexgen 132 appview 133 - knotserver 134 - knotserver-unwrapped 135 - repoguard 136 - keyfetch 137 genjwks 138 ; 139 }); ··· 172 }); 173 apps = forAllSystems (system: let 174 pkgs = nixpkgsFor."${system}"; 175 - air-watcher = name: 176 pkgs.writeShellScriptBin "run" 177 '' 178 ${pkgs.air}/bin/air -c /dev/null \ 179 -build.cmd "${pkgs.go}/bin/go build -o ./out/${name}.out ./cmd/${name}/main.go" \ 180 - -build.bin "./out/${name}.out" \ 181 -build.stop_on_error "true" \ 182 -build.include_ext "go" 183 ''; ··· 189 in { 190 watch-appview = { 191 type = "app"; 192 - program = ''${air-watcher "appview"}/bin/run''; 193 }; 194 - watch-knotserver = { 195 type = "app"; 196 - program = ''${air-watcher "knotserver"}/bin/run''; 197 }; 198 watch-tailwind = { 199 type = "app"; ··· 247 }; 248 }; 249 250 - nixosModules.knotserver = { 251 config, 252 pkgs, 253 lib, 254 ... 255 }: let 256 - cfg = config.services.tangled-knotserver; 257 in 258 with lib; { 259 options = { 260 - services.tangled-knotserver = { 261 enable = mkOption { 262 type = types.bool; 263 default = false; 264 - description = "Enable a tangled knotserver"; 265 }; 266 267 appviewEndpoint = mkOption { ··· 383 mode = "0555"; 384 text = '' 385 #!${pkgs.stdenv.shell} 386 - ${self.packages.${pkgs.system}.keyfetch}/bin/keyfetch \ 387 - -repoguard-path ${self.packages.${pkgs.system}.repoguard}/bin/repoguard \ 388 -internal-api "http://${cfg.server.internalListenAddr}" \ 389 -git-dir "${cfg.repo.scanPath}" \ 390 - -log-path /tmp/repoguard.log 391 ''; 392 }; 393 394 - systemd.services.knotserver = { 395 - description = "knotserver service"; 396 after = ["network.target" "sshd.service"]; 397 wantedBy = ["multi-user.target"]; 398 serviceConfig = { ··· 408 "KNOT_SERVER_HOSTNAME=${cfg.server.hostname}" 409 ]; 410 EnvironmentFile = cfg.server.secretFile; 411 - ExecStart = "${self.packages.${pkgs.system}.knotserver}/bin/knotserver"; 412 Restart = "always"; 413 }; 414 }; ··· 420 nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem { 421 system = "x86_64-linux"; 422 modules = [ 423 - self.nixosModules.knotserver 424 ({ 425 config, 426 pkgs, ··· 432 services.getty.autologinUser = "root"; 433 environment.systemPackages = with pkgs; [curl vim git]; 434 systemd.tmpfiles.rules = let 435 - u = config.services.tangled-knotserver.gitUser; 436 - g = config.services.tangled-knotserver.gitUser; 437 in [ 438 - "d /var/lib/knotserver 0770 ${u} ${g} - -" # Create the directory first 439 - "f+ /var/lib/knotserver/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=38a7c3237c2a585807e06a5bcfac92eb39442063f3da306b7acb15cfdc51d19d" 440 ]; 441 - services.tangled-knotserver = { 442 enable = true; 443 server = { 444 - secretFile = "/var/lib/knotserver/secret"; 445 hostname = "localhost:6000"; 446 listenAddr = "0.0.0.0:6000"; 447 };
··· 49 inherit (gitignore.lib) gitignoreSource; 50 in { 51 overlays.default = final: prev: let 52 + goModHash = "sha256-H2gBkkuJaZtHlvW33aWZu0pS9vsS/A2ojeEUbp6o7Go="; 53 in { 54 indigo-lexgen = final.buildGoModule { 55 pname = "indigo-lexgen"; ··· 83 stdenv = pkgsStatic.stdenv; 84 }; 85 86 + knot = with final; 87 final.pkgsStatic.buildGoModule { 88 + pname = "knot"; 89 version = "0.1.0"; 90 src = gitignoreSource ./.; 91 nativeBuildInputs = [final.makeWrapper]; 92 + subPackages = ["cmd/knot"]; 93 vendorHash = goModHash; 94 installPhase = '' 95 runHook preInstall 96 97 mkdir -p $out/bin 98 + cp $GOPATH/bin/knot $out/bin/knot 99 100 + wrapProgram $out/bin/knot \ 101 --prefix PATH : ${pkgs.git}/bin 102 103 runHook postInstall 104 ''; 105 env.CGO_ENABLED = 1; 106 }; 107 + knot-unwrapped = final.pkgsStatic.buildGoModule { 108 + pname = "knot"; 109 version = "0.1.0"; 110 src = gitignoreSource ./.; 111 + subPackages = ["cmd/knot"]; 112 vendorHash = goModHash; 113 env.CGO_ENABLED = 1; 114 }; 115 + genjwks = final.pkgsStatic.buildGoModule { 116 + pname = "genjwks"; 117 + version = "0.1.0"; 118 + src = gitignoreSource ./.; 119 + subPackages = ["cmd/genjwks"]; 120 + vendorHash = goModHash; 121 + env.CGO_ENABLED = 0; 122 + }; 123 }; 124 packages = forAllSystems (system: { 125 inherit 126 (nixpkgsFor."${system}") 127 indigo-lexgen 128 appview 129 + knot 130 + knot-unwrapped 131 genjwks 132 ; 133 }); ··· 166 }); 167 apps = forAllSystems (system: let 168 pkgs = nixpkgsFor."${system}"; 169 + air-watcher = name: arg: 170 pkgs.writeShellScriptBin "run" 171 '' 172 ${pkgs.air}/bin/air -c /dev/null \ 173 -build.cmd "${pkgs.go}/bin/go build -o ./out/${name}.out ./cmd/${name}/main.go" \ 174 + -build.bin "./out/${name}.out ${arg}" \ 175 -build.stop_on_error "true" \ 176 -build.include_ext "go" 177 ''; ··· 183 in { 184 watch-appview = { 185 type = "app"; 186 + program = ''${air-watcher "appview" ""}/bin/run''; 187 }; 188 + watch-knot = { 189 type = "app"; 190 + program = ''${air-watcher "knot" "server"}/bin/run''; 191 }; 192 watch-tailwind = { 193 type = "app"; ··· 241 }; 242 }; 243 244 + nixosModules.knot = { 245 config, 246 pkgs, 247 lib, 248 ... 249 }: let 250 + cfg = config.services.tangled-knot; 251 in 252 with lib; { 253 options = { 254 + services.tangled-knot = { 255 enable = mkOption { 256 type = types.bool; 257 default = false; 258 + description = "Enable a tangled knot"; 259 }; 260 261 appviewEndpoint = mkOption { ··· 377 mode = "0555"; 378 text = '' 379 #!${pkgs.stdenv.shell} 380 + ${self.packages.${pkgs.system}.knot}/bin/knot keys \ 381 + -output authorized-keys \ 382 -internal-api "http://${cfg.server.internalListenAddr}" \ 383 -git-dir "${cfg.repo.scanPath}" \ 384 + -log-path /tmp/knotguard.log 385 ''; 386 }; 387 388 + systemd.services.knot = { 389 + description = "knot service"; 390 after = ["network.target" "sshd.service"]; 391 wantedBy = ["multi-user.target"]; 392 serviceConfig = { ··· 402 "KNOT_SERVER_HOSTNAME=${cfg.server.hostname}" 403 ]; 404 EnvironmentFile = cfg.server.secretFile; 405 + ExecStart = "${self.packages.${pkgs.system}.knot}/bin/knot server"; 406 Restart = "always"; 407 }; 408 }; ··· 414 nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem { 415 system = "x86_64-linux"; 416 modules = [ 417 + self.nixosModules.knot 418 ({ 419 config, 420 pkgs, ··· 426 services.getty.autologinUser = "root"; 427 environment.systemPackages = with pkgs; [curl vim git]; 428 systemd.tmpfiles.rules = let 429 + u = config.services.tangled-knot.gitUser; 430 + g = config.services.tangled-knot.gitUser; 431 in [ 432 + "d /var/lib/knot 0770 ${u} ${g} - -" # Create the directory first 433 + "f+ /var/lib/knot/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=38a7c3237c2a585807e06a5bcfac92eb39442063f3da306b7acb15cfdc51d19d" 434 ]; 435 + services.tangled-knot = { 436 enable = true; 437 server = { 438 + secretFile = "/var/lib/knot/secret"; 439 hostname = "localhost:6000"; 440 listenAddr = "0.0.0.0:6000"; 441 };