From b9b74904ca728b6401204e6bd1fe0573d890da6a Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 24 Nov 2024 20:44:30 +0100 Subject: [PATCH] flake cleanup --- flake.lock | 4 +- flake.nix | 2 +- flake_.nix | 86 ---------------- module.nix | 122 ----------------------- node_modules.nix => nix/node_modules.nix | 2 +- overlay.nix => nix/overlay.nix | 0 package.nix => nix/package.nix | 4 +- 7 files changed, 6 insertions(+), 214 deletions(-) delete mode 100644 flake_.nix delete mode 100644 module.nix rename node_modules.nix => nix/node_modules.nix (75%) rename overlay.nix => nix/overlay.nix (100%) rename package.nix => nix/package.nix (85%) diff --git a/flake.lock b/flake.lock index 603a982..7ec7d4e 100644 --- a/flake.lock +++ b/flake.lock @@ -41,8 +41,8 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1732212005, - "narHash": "sha256-t2+yKoxZe2JkvyHkJAAyyLS6N8yzyx0o95DuzHqv7JA=", + "lastModified": 1732308743, + "narHash": "sha256-z9tk/ssnvmd3zZCaYWtycTAD/7X7jSJX2btO7QO4y1I=", "path": "/home/robin/Projects/mill-scale", "type": "path" }, diff --git a/flake.nix b/flake.nix index 0cc8f14..0a717af 100644 --- a/flake.nix +++ b/flake.nix @@ -35,7 +35,7 @@ (final: prev: { demostf-frontend-toolchain = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; }) - (import ./overlay.nix) + (import ./nix/overlay.nix) ]; toolchain = pkgs: pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; tools = pkgs: with pkgs; [ diff --git a/flake_.nix b/flake_.nix deleted file mode 100644 index d3646cd..0000000 --- a/flake_.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ - inputs = { - utils.url = "github:numtide/flake-utils"; - nixpkgs.url = "nixpkgs/release-24.05"; - rust-overlay.url = "github:oxalica/rust-overlay"; - npmlock2nix.url = "github:nix-community/npmlock2nix"; - npmlock2nix.flake = false; - flocken = { - url = "github:mirkolenz/flocken/v2"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = - { self - , nixpkgs - , utils - , rust-overlay - , npmlock2nix - , flocken - , - }: - utils.lib.eachDefaultSystem - (system: - let - overlays = [ - (import rust-overlay) - (final: prev: { - npmlock2nix = final.callPackage npmlock2nix { }; - }) - (import ./overlay.nix) - (final: prev: { - demostf-frontend-toolchain = final.rust-bin.nightly."2024-06-04".default; - }) - ]; - pkgs = (import nixpkgs) { - inherit system overlays; - }; - inherit (flocken.legacyPackages.${system}) mkDockerManifest; - inherit (builtins) fromTOML readFile; - version = (fromTOML (readFile ./Cargo.toml)).package.version; - in - rec { - packages = rec { - node_modules = pkgs.demostf-frontend-node-modules; - frontend = pkgs.demostf-frontend; - docker = pkgs.demostf-frontend-docker; - default = frontend; - - dockerManifest = mkDockerManifest { - tags = [ "latest" ]; - registries = { - "docker.io" = { - enable = true; - repo = "demostf/frontend"; - username = "$DOCKERHUB_USERNAME"; - password = "$DOCKERHUB_TOKEN"; - }; - }; - inherit version; - images = with self.packages; [ x86_64-linux.docker aarch64-linux.docker ]; - }; - }; - devShells.default = pkgs.mkShell { - OPENSSL_NO_VENDOR = 1; - - nativeBuildInputs = with pkgs; [ - demostf-frontend-toolchain - bacon - cargo-edit - cargo-outdated - clippy - cargo-audit - cargo-watch - pkg-config - openssl - nodejs - nodePackages.svgo - typescript - sqlx-cli - ]; - }; - }) // { - overlays.default = import ./overlay.nix; - }; -} diff --git a/module.nix b/module.nix deleted file mode 100644 index 539b51e..0000000 --- a/module.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ config -, lib -, pkgs -, ... -}: -with lib; let - format = pkgs.formats.toml { }; - configFile = format.generate "demostf-frontend.toml" { - output.target = cfg.outputPath; - mqtt = { - inherit (cfg.mqtt) hostname port username; - "password-file" = "$CREDENTIALS_DIRECTORY/mqtt_password"; - }; - device."password-file" = "$CREDENTIALS_DIRECTORY/device_password"; - }; - cfg = config.services.demostf-frontend; -in -{ - options.services.demostf-frontend = { - enable = mkEnableOption "Log archiver"; - - outputPath = mkOption { - type = types.str; - description = "Directory to save the backups into"; - }; - - mqtt = mkOption { - type = types.submodule { - options = { - hostname = mkOption { - type = types.str; - description = "MQTT hostname"; - }; - port = mkOption { - type = types.port; - default = 1883; - description = "MQTT port"; - }; - username = mkOption { - type = types.str; - description = "MQTT username"; - }; - passwordFile = mkOption { - type = types.str; - description = "File containing the MQTT password"; - }; - }; - }; - description = "MQTT options"; - }; - - devicePasswordFile = mkOption { - type = types.str; - description = "File containing the device password"; - }; - - interval = mkOption { - type = types.str; - default = "daily"; - description = "Interval to run the backup"; - }; - - package = mkOption { - type = types.package; - defaultText = literalExpression "pkgs.tasproxy"; - description = "package to use"; - }; - }; - - config = mkIf cfg.enable { - systemd.services."demostf-frontend" = { - description = "Backup tasmota configurations"; - - serviceConfig = { - ExecStart = "${cfg.package}/bin/demostf-frontend ${configFile}"; - LoadCredential = [ - "mqtt_password:${cfg.mqtt.passwordFile}" - "device_password:${cfg.devicePasswordFile}" - ]; - ReadWritePaths = [ cfg.outputPath ]; - Restart = "on-failure"; - DynamicUser = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - NoNewPrivileges = true; - PrivateDevices = true; - ProtectClock = true; - CapabilityBoundingSet = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - SystemCallArchitectures = "native"; - ProtectKernelModules = true; - RestrictNamespaces = true; - MemoryDenyWriteExecute = true; - ProtectHostname = true; - LockPersonality = true; - ProtectKernelTunables = true; - RestrictAddressFamilies = "AF_INET AF_INET6"; - RestrictRealtime = true; - ProtectProc = "noaccess"; - SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ]; - IPAddressDeny = "multicast"; - PrivateUsers = true; - ProcSubset = "pid"; - RuntimeDirectory = "demostf-frontend"; - RestrictSUIDSGID = true; - }; - }; - - systemd.timers."demostf-frontend" = { - inherit (config.systemd.services."demostf-frontend") description; - - enable = true; - wantedBy = [ "multi-user.target" ]; - timerConfig = { - OnCalendar = cfg.interval; - RandomizedDelaySec = "15m"; - }; - }; - }; -} diff --git a/node_modules.nix b/nix/node_modules.nix similarity index 75% rename from node_modules.nix rename to nix/node_modules.nix index 5ee1d23..b7c0a26 100644 --- a/node_modules.nix +++ b/nix/node_modules.nix @@ -7,6 +7,6 @@ let inherit (lib.sources) sourceByRegex; in npmlock2nix.v2.node_modules { - src = sourceByRegex ./. [ "package.*" ]; + src = sourceByRegex ../. [ "package.*" ]; nodejs = nodejs_20; } diff --git a/overlay.nix b/nix/overlay.nix similarity index 100% rename from overlay.nix rename to nix/overlay.nix diff --git a/package.nix b/nix/package.nix similarity index 85% rename from package.nix rename to nix/package.nix index 5a98ace..9767c19 100644 --- a/package.nix +++ b/nix/package.nix @@ -18,7 +18,7 @@ rustPlatform.buildRustPackage rec { pname = "demostf-frontend"; version = "0.1.0"; - src = sourceByRegex ./. [ "Cargo.*" "(src|build|images|script|style|.sqlx)(/.*)?" ]; + src = sourceByRegex ../. [ "Cargo.*" "(src|build|images|script|style|.sqlx)(/.*)?" ]; buildInputs = [ openssl ]; @@ -31,7 +31,7 @@ rustPlatform.buildRustPackage rec { doCheck = false; cargoLock = { - lockFile = ./Cargo.lock; + lockFile = ../Cargo.lock; outputHashes = { "jsx-dom-expressions-0.1.0" = "sha256-5TN9FBfPYznTkpL9ZtnKv3RghX7r8c2WvSL1sc+F0cw="; };