tangled.org / core
Monorepo for Tangled tangled.org
2
Fork 66

Configure Feed

Select the types of activity you want to include in your feed.

core / flake.nix
at dwn/spindle-microvm-debugssh 20 kB View raw
dawn knot: add checkPushAllowed xrpc, normalize ingested pubkeys
6c3753a7
1{ 2 description = "atproto github"; 3 4 inputs = { 5 nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; 6 microvm = { 7 url = "github:microvm-nix/microvm.nix"; 8 inputs.nixpkgs.follows = "nixpkgs"; 9 }; 10 fenix = { 11 url = "github:nix-community/fenix"; 12 inputs.nixpkgs.follows = "nixpkgs"; 13 }; 14 gomod2nix = { 15 url = "github:nix-community/gomod2nix"; 16 inputs.nixpkgs.follows = "nixpkgs"; 17 }; 18 flake-compat = { 19 url = "https://git.lix.systems/lix-project/flake-compat/archive/main.tar.gz"; 20 flake = false; 21 }; 22 indigo = { 23 url = "github:oppiliappan/indigo"; 24 flake = false; 25 }; 26 htmx-src = { 27 url = "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"; 28 flake = false; 29 }; 30 htmx-ws-src = { 31 # strange errors in console that i can't really make out 32 # url = "https://unpkg.com/htmx.org@2.0.4/dist/ext/ws.js"; 33 url = "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2"; 34 flake = false; 35 }; 36 lucide-src = { 37 url = "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip"; 38 flake = false; 39 }; 40 inter-fonts-src = { 41 url = "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip"; 42 flake = false; 43 }; 44 actor-typeahead-src = { 45 url = "git+https://tangled.org/@jakelazaroff.com/actor-typeahead"; 46 flake = false; 47 }; 48 mermaid-src = { 49 url = "https://cdn.jsdelivr.net/npm/mermaid@11.12.3/dist/mermaid.min.js"; 50 flake = false; 51 }; 52 ibm-plex-mono-src = { 53 url = "https://github.com/IBM/plex/releases/download/%40ibm%2Fplex-mono%401.1.0/ibm-plex-mono.zip"; 54 flake = false; 55 }; 56 sqlite-lib-src = { 57 url = "https://sqlite.org/2024/sqlite-amalgamation-3450100.zip"; 58 flake = false; 59 }; 60 }; 61 62 outputs = { 63 self, 64 nixpkgs, 65 fenix, 66 gomod2nix, 67 indigo, 68 htmx-src, 69 htmx-ws-src, 70 lucide-src, 71 inter-fonts-src, 72 sqlite-lib-src, 73 ibm-plex-mono-src, 74 actor-typeahead-src, 75 mermaid-src, 76 microvm, 77 ... 78 }: let 79 supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; 80 forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 81 nixpkgsFor = forAllSystems (system: nixpkgs.legacyPackages.${system}); 82 83 mkPackageSet = pkgs: 84 pkgs.lib.makeScope pkgs.newScope (self: { 85 src = let 86 fs = pkgs.lib.fileset; 87 in 88 fs.toSource { 89 root = ./.; 90 fileset = fs.difference (fs.intersection (fs.gitTracked ./.) (fs.fileFilter (file: !(file.hasExt "nix")) ./.)) (fs.maybeMissing ./.jj); 91 }; 92 rustSrc = let 93 fs = pkgs.lib.fileset; 94 in 95 fs.toSource { 96 root = ./.; 97 fileset = 98 fs.intersection 99 (fs.fromSource self.src) 100 (fs.unions [ 101 ./Cargo.toml 102 ./Cargo.lock 103 ./shuttle 104 ./bobbin 105 ]); 106 }; 107 buildGoApplication = 108 (self.callPackage "${gomod2nix}/builder" { 109 gomod2nix = gomod2nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}.gomod2nix; 110 }).buildGoApplication; 111 rustPlatform = pkgs.makeRustPlatform { 112 inherit (fenix.packages.${pkgs.stdenv.hostPlatform.system}.stable) rustc cargo; 113 }; 114 rustPlatformStatic = let 115 system = pkgs.stdenv.hostPlatform.system; 116 muslTarget = pkgs.pkgsStatic.stdenv.hostPlatform.rust.rustcTarget; 117 toolchain = fenix.packages.${system}.combine [ 118 fenix.packages.${system}.stable.cargo 119 fenix.packages.${system}.stable.rustc 120 fenix.packages.${system}.targets.${muslTarget}.stable.rust-std 121 ]; 122 in 123 pkgs.pkgsStatic.makeRustPlatform { 124 cargo = toolchain; 125 rustc = toolchain; 126 }; 127 modules = ./nix/gomod2nix.toml; 128 sqlite-lib = self.callPackage ./nix/pkgs/sqlite-lib.nix { 129 inherit sqlite-lib-src; 130 }; 131 lexgen = self.callPackage ./nix/pkgs/lexgen.nix {inherit indigo;}; 132 goat = self.callPackage ./nix/pkgs/goat.nix {inherit indigo;}; 133 appview-static-files = self.callPackage ./nix/pkgs/appview-static-files.nix { 134 inherit htmx-src htmx-ws-src lucide-src inter-fonts-src ibm-plex-mono-src actor-typeahead-src mermaid-src; 135 }; 136 appview = self.callPackage ./nix/pkgs/appview.nix {}; 137 blog = self.callPackage ./nix/pkgs/blog.nix {}; 138 docs = self.callPackage ./nix/pkgs/docs.nix { 139 inherit inter-fonts-src ibm-plex-mono-src lucide-src; 140 inherit (pkgs) pagefind; 141 }; 142 spindle = self.callPackage ./nix/pkgs/spindle.nix {}; 143 shuttle = self.callPackage ./nix/pkgs/shuttle.nix { 144 src = self.rustSrc; 145 }; 146 shuttle-static = self.callPackage ./nix/pkgs/shuttle.nix { 147 src = self.rustSrc; 148 rustPlatform = self.rustPlatformStatic; 149 }; 150 knot-unwrapped = self.callPackage ./nix/pkgs/knot-unwrapped.nix {}; 151 knot = self.callPackage ./nix/pkgs/knot.nix {}; 152 dolly = self.callPackage ./nix/pkgs/dolly.nix {}; 153 tap = self.callPackage ./nix/pkgs/tap.nix {}; 154 knotmirror = self.callPackage ./nix/pkgs/knotmirror.nix {}; 155 bobbin = self.callPackage ./nix/pkgs/bobbin.nix {}; 156 }); 157 in { 158 overlays.default = final: prev: { 159 inherit (mkPackageSet final) lexgen goat sqlite-lib spindle shuttle knot-unwrapped knot appview docs dolly tap knotmirror bobbin; 160 }; 161 162 packages = forAllSystems (system: let 163 pkgs = nixpkgsFor.${system}; 164 linuxPkgs = nixpkgsFor."x86_64-linux"; 165 packages = mkPackageSet pkgs; 166 staticPackages = mkPackageSet pkgs.pkgsStatic; 167 crossPackages = mkPackageSet pkgs.pkgsCross.gnu64.pkgsStatic; 168 in { 169 inherit 170 (packages) 171 appview 172 appview-static-files 173 blog 174 lexgen 175 goat 176 spindle 177 knot 178 knot-unwrapped 179 sqlite-lib 180 docs 181 shuttle 182 shuttle-static 183 dolly 184 tap 185 knotmirror 186 bobbin 187 ; 188 189 pkgsStatic-appview = staticPackages.appview; 190 pkgsStatic-knot = staticPackages.knot; 191 pkgsStatic-knot-unwrapped = staticPackages.knot-unwrapped; 192 pkgsStatic-spindle = staticPackages.spindle; 193 pkgsStatic-sqlite-lib = staticPackages.sqlite-lib; 194 pkgsStatic-dolly = staticPackages.dolly; 195 196 pkgsCross-gnu64-pkgsStatic-appview = crossPackages.appview; 197 pkgsCross-gnu64-pkgsStatic-knot = crossPackages.knot; 198 pkgsCross-gnu64-pkgsStatic-knot-unwrapped = crossPackages.knot-unwrapped; 199 pkgsCross-gnu64-pkgsStatic-spindle = crossPackages.spindle; 200 pkgsCross-gnu64-pkgsStatic-dolly = crossPackages.dolly; 201 202 treefmt-wrapper = pkgs.treefmt.withConfig { 203 settings.formatter = { 204 alejandra = { 205 command = pkgs.lib.getExe pkgs.alejandra; 206 includes = ["*.nix"]; 207 }; 208 209 gofmt = { 210 command = pkgs.lib.getExe' pkgs.go "gofmt"; 211 options = ["-w"]; 212 includes = ["*.go"]; 213 }; 214 215 rustfmt = { 216 command = pkgs.lib.getExe' fenix.packages.${system}.stable.rustfmt "rustfmt"; 217 options = ["--edition" "2024"]; 218 includes = ["*.rs"]; 219 excludes = ["**/src/_lex/**"]; 220 }; 221 222 # prettier = let 223 # wrapper = pkgs.runCommandLocal "prettier-wrapper" {nativeBuildInputs = [pkgs.makeWrapper];} '' 224 # makeWrapper ${pkgs.prettier}/bin/prettier "$out" --add-flags "--plugin=${pkgs.prettier-plugin-go-template}/lib/node_modules/prettier-plugin-go-template/lib/index.js" 225 # ''; 226 # in { 227 # command = wrapper; 228 # options = ["-w"]; 229 # includes = ["*.html"]; 230 # # causes Go template plugin errors: https://github.com/NiklasPor/prettier-plugin-go-template/issues/120 231 # excludes = ["appview/pages/templates/layouts/repobase.html" "appview/pages/templates/repo/tags.html"]; 232 # }; 233 }; 234 }; 235 236 spindle-nixos-image = linuxPkgs.callPackage ./nix/pkgs/spindle-nixos-image.nix { 237 nixosSystem = self.nixosConfigurations.spindle-nixos; 238 }; 239 spindle-nixos-image-tarball = linuxPkgs.runCommand "spindle-nixos-image-tarball.tar.gz" {} '' 240 tar -S -C ${self.packages.${system}.spindle-nixos-image} -h -czf $out . 241 ''; 242 243 spindle-alpine-image = let 244 branch = "3.24"; 245 version = "${branch}.0"; 246 arch = "x86_64"; 247 cdn = "https://dl-cdn.alpinelinux.org/alpine/v${branch}/releases/${arch}"; 248 249 shuttle = (mkPackageSet linuxPkgs).shuttle-static; 250 in 251 linuxPkgs.callPackage ./nix/pkgs/spindle-alpine-image.nix { 252 inherit arch shuttle; 253 repositories = [ 254 "https://dl-cdn.alpinelinux.org/alpine/v${branch}/main" 255 "https://dl-cdn.alpinelinux.org/alpine/v${branch}/community" 256 ]; 257 rootfs = linuxPkgs.fetchurl { 258 url = "${cdn}/alpine-minirootfs-${version}-${arch}.tar.gz"; 259 hash = "sha256-3poRwODn6clNs+2K97RQ6vwLE2h71+kZnVUFDyCqCok="; 260 }; 261 kernel = linuxPkgs.fetchurl { 262 url = "${cdn}/netboot-${version}/vmlinuz-virt"; 263 hash = "sha256-Hmv5Ancgx1w+0NeRcfIbV5HuQMqXldB8fG4E3F6irpA="; 264 }; 265 initramfs = linuxPkgs.fetchurl { 266 url = "${cdn}/netboot-${version}/initramfs-virt"; 267 hash = "sha256-ZCWGSaVMOYOmLz1Gwsf2RhYarMqk+tFVA6MMDWiHVJQ="; 268 }; 269 modloop = linuxPkgs.fetchurl { 270 url = "${cdn}/netboot-${version}/modloop-virt"; 271 hash = "sha256-p3yO7yU28k04iT01sOzhDmEYi+Yl7VZs5r3RYsWCBX0="; 272 }; 273 }; 274 spindle-alpine-image-tarball = linuxPkgs.runCommand "spindle-alpine-image-tarball.tar.gz" {} '' 275 tar -S -C ${self.packages.${system}.spindle-alpine-image} -h -czf $out . 276 ''; 277 }); 278 defaultPackage = forAllSystems (system: self.packages.${system}.appview); 279 devShells = forAllSystems (system: let 280 pkgs = nixpkgsFor.${system}; 281 packages' = self.packages.${system}; 282 staticShell = args: 283 (pkgs.mkShell.override { 284 stdenv = pkgs.pkgsStatic.stdenv; 285 }) (args 286 // { 287 nativeBuildInputs = 288 args.nativeBuildInputs 289 ++ pkgs.lib.optionals pkgs.stdenv.isDarwin [ 290 pkgs.darwin.cctools 291 ]; 292 }); 293 in { 294 default = staticShell { 295 nativeBuildInputs = 296 [ 297 pkgs.go 298 pkgs.air 299 pkgs.gopls 300 pkgs.httpie 301 pkgs.litecli 302 pkgs.websocat 303 pkgs.tailwindcss 304 pkgs.nixos-shell 305 pkgs.redis 306 pkgs.worker-build 307 pkgs.cargo-generate 308 pkgs.qemu 309 pkgs.cdrkit 310 pkgs.buf 311 pkgs.protobuf 312 pkgs.protoc-gen-prost 313 pkgs.protoc-gen-prost-crate 314 pkgs.protoc-gen-prost-serde 315 pkgs.protoc-gen-go 316 (fenix.packages.${system}.combine [ 317 fenix.packages.${system}.stable.cargo 318 fenix.packages.${system}.stable.rustc 319 fenix.packages.${system}.stable.rust-src 320 fenix.packages.${system}.stable.clippy 321 fenix.packages.${system}.stable.rustfmt 322 fenix.packages.${system}.targets.wasm32-unknown-unknown.stable.rust-std 323 ]) 324 pkgs.coreutils # for those of us who are on systems that use busybox (alpine) 325 packages'.lexgen 326 packages'.treefmt-wrapper 327 packages'.tap 328 pkgs.e2fsprogs 329 pkgs.util-linux 330 ] 331 ++ pkgs.lib.optionals pkgs.stdenv.isLinux [ 332 pkgs.parted 333 pkgs.slirp4netns 334 pkgs.iproute2 335 ]; 336 shellHook = '' 337 mkdir -p appview/pages/static 338 # temporary self-heal for workspaces that copied static assets as read-only 339 [ -d appview/pages/static/icons ] && [ ! -w appview/pages/static/icons ] && chmod -R u+rwX appview/pages/static 340 # no preserve is needed because watch-tailwind will want to be able to overwrite 341 cp -fr --no-preserve=ownership,mode ${packages'.appview-static-files}/* appview/pages/static 342 export TANGLED_OAUTH_CLIENT_KID="$(date +%s)" 343 export TANGLED_OAUTH_CLIENT_SECRET="$(${packages'.goat}/bin/goat key generate -t P-256 | grep -A1 "Secret Key" | tail -n1 | awk '{print $1}')" 344 # Make xcrun (Nix stub) able to find ld from the system Command Line Tools. 345 # Without this, worker-build/cargo fails with "error: tool 'ld' not found". 346 if [ -d /Library/Developer/CommandLineTools/usr/bin ]; then 347 export PATH=/Library/Developer/CommandLineTools/usr/bin:$PATH 348 fi 349 ''; 350 env.CGO_ENABLED = 1; 351 }; 352 }); 353 apps = forAllSystems (system: let 354 pkgs = nixpkgsFor."${system}"; 355 packages' = self.packages.${system}; 356 air-watcher = name: arg: 357 pkgs.writeShellScriptBin "run" 358 '' 359 export PATH=${pkgs.go}/bin:$PATH 360 ${pkgs.air}/bin/air -c ./.air/${name}.toml \ 361 -build.args_bin "${arg}" 362 ''; 363 tailwind-watcher = 364 pkgs.writeShellScriptBin "run" 365 '' 366 export BROWSERSLIST_IGNORE_OLD_DATA=true 367 ${pkgs.tailwindcss}/bin/tailwindcss --watch=always -i input.css -o ./appview/pages/static/tw.css 368 ''; 369 in { 370 watch-appview = { 371 type = "app"; 372 program = toString (pkgs.writeShellScript "watch-appview" '' 373 echo "copying static files to appview/pages/static..." 374 mkdir -p appview/pages/static 375 ${pkgs.coreutils}/bin/cp -fr --no-preserve=ownership,mode ${packages'.appview-static-files}/* appview/pages/static 376 ${air-watcher "appview" ""}/bin/run 377 ''); 378 }; 379 watch-knot = { 380 type = "app"; 381 program = ''${air-watcher "knot" "server"}/bin/run''; 382 }; 383 watch-spindle = { 384 type = "app"; 385 program = ''${air-watcher "spindle" ""}/bin/run''; 386 }; 387 watch-blog = { 388 type = "app"; 389 program = toString (pkgs.writeShellScript "watch-blog" '' 390 echo "copying static files to appview/pages/static..." 391 mkdir -p appview/pages/static 392 ${pkgs.coreutils}/bin/cp -fr --no-preserve=ownership,mode ${packages'.appview-static-files}/* appview/pages/static 393 ${air-watcher "blog" "serve"}/bin/run 394 ''); 395 }; 396 watch-tailwind = { 397 type = "app"; 398 program = ''${tailwind-watcher}/bin/run''; 399 }; 400 serve-docs = { 401 type = "app"; 402 program = toString (pkgs.writeShellScript "serve-docs" '' 403 echo "building docs..." 404 docsOut=$(nix build --no-link --print-out-paths .#docs) 405 echo "serving docs at http://localhost:1414" 406 cd "$docsOut" 407 exec ${pkgs.python3}/bin/python3 -m http.server 1414 408 ''); 409 }; 410 regenerate-proto = { 411 type = "app"; 412 program = 413 (pkgs.writeShellApplication { 414 name = "regenerate-proto"; 415 runtimeInputs = with pkgs; [git buf coreutils]; 416 text = '' 417 rootDir=$(git rev-parse --show-toplevel 2>/dev/null || pwd) 418 cd "$rootDir" 419 echo ">>> regenerating protobuf files.." 420 buf generate 421 echo ">>> generating file descriptor set for shuttle..." 422 buf build -o shuttle/src/gen/file_descriptor_set.bin 423 echo ">>> done" 424 ''; 425 }) 426 + "/bin/regenerate-proto"; 427 }; 428 vm = let 429 guestSystem = 430 if pkgs.stdenv.hostPlatform.isAarch64 431 then "aarch64-linux" 432 else "x86_64-linux"; 433 in { 434 type = "app"; 435 program = 436 (pkgs.writeShellApplication { 437 name = "launch-vm"; 438 text = '' 439 rootDir=$(jj --ignore-working-copy root || git rev-parse --show-toplevel) || (echo "error: can't find repo root?"; exit 1) 440 cd "$rootDir" 441 442 # Reset TMPDIR in case it points to a stale nix-shell temp dir 443 export TMPDIR=/tmp 444 445 mkdir -p nix/vm-data/{knot,repos,spindle,spindle-logs} 446 447 export TANGLED_VM_DATA_DIR="$rootDir/nix/vm-data" 448 exec ${pkgs.lib.getExe 449 (import ./nix/vm.nix { 450 inherit nixpkgs self; 451 system = guestSystem; 452 hostSystem = system; 453 }).config.system.build.vm} 454 ''; 455 }) 456 + /bin/launch-vm; 457 }; 458 gomod2nix = { 459 type = "app"; 460 program = toString (pkgs.writeShellScript "gomod2nix" '' 461 ${gomod2nix.legacyPackages.${system}.gomod2nix}/bin/gomod2nix generate --outdir ./nix 462 ''); 463 }; 464 lexgen = { 465 type = "app"; 466 program = 467 (pkgs.writeShellApplication { 468 name = "lexgen"; 469 runtimeInputs = [pkgs.stdenv.cc]; 470 text = '' 471 if ! command -v lexgen > /dev/null; then 472 echo "error: must be executed from devshell" 473 exit 1 474 fi 475 476 # pin CC to a glibc gcc so a stray musl cc cant mess up CGO 477 export CC=${pkgs.stdenv.cc}/bin/cc 478 479 rootDir=$(jj --ignore-working-copy root || git rev-parse --show-toplevel) || (echo "error: can't find repo root?"; exit 1) 480 cd "$rootDir" 481 482 rm -f api/tangled/* 483 lexgen --build-file lexicon-build-config.json lexicons 484 sed -i.bak 's/\tutil/\/\/\tutil/' api/tangled/* 485 # lexgen generates incomplete Marshaler/Unmarshaler for union types 486 find api/tangled/*.go -not -name "cbor_gen.go" -exec \ 487 sed -i '/^func.*\(MarshalCBOR\|UnmarshalCBOR\)/,/^}/ s/^/\/\/ /' {} + 488 ${pkgs.gotools}/bin/goimports -w api/tangled/* 489 CGO_ENABLED=1 go run ./cmd/cborgen/ 490 lexgen --build-file lexicon-build-config.json lexicons 491 rm api/tangled/*.bak 492 ''; 493 }) 494 + /bin/lexgen; 495 }; 496 }); 497 498 nixosModules.appview = { 499 lib, 500 pkgs, 501 ... 502 }: { 503 imports = [./nix/modules/appview.nix]; 504 505 services.tangled.appview.package = lib.mkDefault self.packages.${pkgs.stdenv.hostPlatform.system}.appview; 506 }; 507 nixosModules.knotmirror = { 508 lib, 509 pkgs, 510 ... 511 }: { 512 imports = [./nix/modules/knotmirror.nix]; 513 514 services.tangled.knotmirror.tap-package = lib.mkDefault self.packages.${pkgs.stdenv.hostPlatform.system}.tap; 515 services.tangled.knotmirror.package = lib.mkDefault self.packages.${pkgs.stdenv.hostPlatform.system}.knotmirror; 516 }; 517 nixosModules.knot = { 518 lib, 519 pkgs, 520 ... 521 }: { 522 imports = [./nix/modules/knot.nix]; 523 524 services.tangled.knot.package = lib.mkDefault self.packages.${pkgs.stdenv.hostPlatform.system}.knot; 525 }; 526 nixosModules.spindle = { 527 lib, 528 pkgs, 529 ... 530 }: { 531 imports = [./nix/modules/spindle.nix]; 532 533 services.tangled.spindle.package = lib.mkDefault self.packages.${pkgs.stdenv.hostPlatform.system}.spindle; 534 }; 535 nixosModules.shuttle = { 536 lib, 537 pkgs, 538 ... 539 }: { 540 imports = [./nix/modules/shuttle.nix]; 541 542 services.tangled.shuttle.package = lib.mkDefault self.packages.${pkgs.stdenv.hostPlatform.system}.shuttle; 543 }; 544 545 nixosModules.spindle-nixos = import ./nix/microvm/spindle-vm.nix {inherit self microvm;} ./nix/microvm/qemu.nix; 546 547 formatter = forAllSystems (system: self.packages.${system}.treefmt-wrapper); 548 549 nixosConfigurations = let 550 spindleNixosBase = nixpkgs.lib.nixosSystem { 551 system = "x86_64-linux"; 552 modules = [self.nixosModules.spindle-nixos]; 553 }; 554 in { 555 spindle-nixos = spindleNixosBase; 556 }; 557 }; 558}