veryroundbird.house / core
forked from tangled.org/core
this repo has no description
fork atom

nix: update nix modules & VM to new knot interface

Signed-off-by: oppiliappan <me@oppi.li>

oppi.li c7a5d815 e0935763

options
unified split
Changed files
+41 -47
flake.nix
+41 -47
flake.nix 
···

       
49

       
 

       
    inherit (gitignore.lib) gitignoreSource;


     

       
50

       
 

       
  in {


     

       
51

       
 

       
    overlays.default = final: prev: let


     

       
52

       
-

       
      goModHash = "sha256-H/sKps9um8vvv/WAZ1hEN+ZVhmXlddRNSVWVRBK1zEo=";


     

       
53

       
-

       
      buildCmdPackage = name:


     

       
54

       
-

       
        final.buildGoModule {


     

       
55

       
-

       
          pname = name;


     

       
56

       
-

       
          version = "0.1.0";


     

       
57

       
-

       
          src = gitignoreSource ./.;


     

       
58

       
-

       
          subPackages = ["cmd/${name}"];


     

       
59

       
-

       
          vendorHash = goModHash;


     

       
60

       
-

       
          env.CGO_ENABLED = 0;


     

       
61

       
-

       
        };


     

       
62

       
 

       
    in {


     

       
63

       
 

       
      indigo-lexgen = final.buildGoModule {


     

       
64

       
 

       
        pname = "indigo-lexgen";


     
···

       
92

       
 

       
          stdenv = pkgsStatic.stdenv;


     

       
93

       
 

       
        };


     

       
94

       
 

       



     

       
95

       
-

       
      knotserver = with final;


     

       
96

       
 

       
        final.pkgsStatic.buildGoModule {


     

       
97

       
-

       
          pname = "knotserver";


     

       
98

       
 

       
          version = "0.1.0";


     

       
99

       
 

       
          src = gitignoreSource ./.;


     

       
100

       
 

       
          nativeBuildInputs = [final.makeWrapper];


     

       
101

       
-

       
          subPackages = ["cmd/knotserver"];


     

       
102

       
 

       
          vendorHash = goModHash;


     

       
103

       
 

       
          installPhase = ''


     

       
104

       
 

       
            runHook preInstall


     

       
105

       
 

       



     

       
106

       
 

       
            mkdir -p $out/bin


     

       
107

       
-

       
            cp $GOPATH/bin/knotserver $out/bin/knotserver


     

       
108

       
 

       



     

       
109

       
-

       
            wrapProgram $out/bin/knotserver \


     

       
110

       
 

       
            --prefix PATH : ${pkgs.git}/bin


     

       
111

       
 

       



     

       
112

       
 

       
            runHook postInstall


     

       
113

       
 

       
          '';


     

       
114

       
 

       
          env.CGO_ENABLED = 1;


     

       
115

       
 

       
        };


     

       
116

       
-

       
      knotserver-unwrapped = final.pkgsStatic.buildGoModule {


     

       
117

       
-

       
        pname = "knotserver";


     

       
118

       
 

       
        version = "0.1.0";


     

       
119

       
 

       
        src = gitignoreSource ./.;


     

       
120

       
-

       
        subPackages = ["cmd/knotserver"];


     

       
121

       
 

       
        vendorHash = goModHash;


     

       
122

       
 

       
        env.CGO_ENABLED = 1;


     

       
123

       
 

       
      };


     

       
124

       
-

       
      repoguard = buildCmdPackage "repoguard";


     

       
125

       
-

       
      keyfetch = buildCmdPackage "keyfetch";


     

       
126

       
-

       
      genjwks = buildCmdPackage "genjwks";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
127

       
 

       
    };


     

       
128

       
 

       
    packages = forAllSystems (system: {


     

       
129

       
 

       
      inherit


     

       
130

       
 

       
        (nixpkgsFor."${system}")


     

       
131

       
 

       
        indigo-lexgen


     

       
132

       
 

       
        appview


     

       
133

       
-

       
        knotserver


     

       
134

       
-

       
        knotserver-unwrapped


     

       
135

       
-

       
        repoguard


     

       
136

       
-

       
        keyfetch


     

       
137

       
 

       
        genjwks


     

       
138

       
 

       
        ;


     

       
139

       
 

       
    });


     
···

       
172

       
 

       
    });


     

       
173

       
 

       
    apps = forAllSystems (system: let


     

       
174

       
 

       
      pkgs = nixpkgsFor."${system}";


     

       
175

       
-

       
      air-watcher = name:


     

       
176

       
 

       
        pkgs.writeShellScriptBin "run"


     

       
177

       
 

       
        ''


     

       
178

       
 

       
          ${pkgs.air}/bin/air -c /dev/null \


     

       
179

       
 

       
          -build.cmd "${pkgs.go}/bin/go build -o ./out/${name}.out ./cmd/${name}/main.go" \


     

       
180

       
-

       
          -build.bin "./out/${name}.out" \


     

       
181

       
 

       
          -build.stop_on_error "true" \


     

       
182

       
 

       
          -build.include_ext "go"


     

       
183

       
 

       
        '';


     
···

       
189

       
 

       
    in {


     

       
190

       
 

       
      watch-appview = {


     

       
191

       
 

       
        type = "app";


     

       
192

       
-

       
        program = ''${air-watcher "appview"}/bin/run'';


     

       
193

       
 

       
      };


     

       
194

       
-

       
      watch-knotserver = {


     

       
195

       
 

       
        type = "app";


     

       
196

       
-

       
        program = ''${air-watcher "knotserver"}/bin/run'';


     

       
197

       
 

       
      };


     

       
198

       
 

       
      watch-tailwind = {


     

       
199

       
 

       
        type = "app";


     
···

       
247

       
 

       
        };


     

       
248

       
 

       
      };


     

       
249

       
 

       



     

       
250

       
-

       
    nixosModules.knotserver = {


     

       
251

       
 

       
      config,


     

       
252

       
 

       
      pkgs,


     

       
253

       
 

       
      lib,


     

       
254

       
 

       
      ...


     

       
255

       
 

       
    }: let


     

       
256

       
-

       
      cfg = config.services.tangled-knotserver;


     

       
257

       
 

       
    in


     

       
258

       
 

       
      with lib; {


     

       
259

       
 

       
        options = {


     

       
260

       
-

       
          services.tangled-knotserver = {


     

       
261

       
 

       
            enable = mkOption {


     

       
262

       
 

       
              type = types.bool;


     

       
263

       
 

       
              default = false;


     

       
264

       
-

       
              description = "Enable a tangled knotserver";


     

       
265

       
 

       
            };


     

       
266

       
 

       



     

       
267

       
 

       
            appviewEndpoint = mkOption {


     
···

       
383

       
 

       
            mode = "0555";


     

       
384

       
 

       
            text = ''


     

       
385

       
 

       
              #!${pkgs.stdenv.shell}


     

       
386

       
-

       
              ${self.packages.${pkgs.system}.keyfetch}/bin/keyfetch \


     

       
387

       
-

       
                -repoguard-path ${self.packages.${pkgs.system}.repoguard}/bin/repoguard \


     

       
388

       
 

       
                -internal-api "http://${cfg.server.internalListenAddr}" \


     

       
389

       
 

       
                -git-dir "${cfg.repo.scanPath}" \


     

       
390

       
-

       
                -log-path /tmp/repoguard.log


     

       
391

       
 

       
            '';


     

       
392

       
 

       
          };


     

       
393

       
 

       



     

       
394

       
-

       
          systemd.services.knotserver = {


     

       
395

       
-

       
            description = "knotserver service";


     

       
396

       
 

       
            after = ["network.target" "sshd.service"];


     

       
397

       
 

       
            wantedBy = ["multi-user.target"];


     

       
398

       
 

       
            serviceConfig = {


     
···

       
408

       
 

       
                "KNOT_SERVER_HOSTNAME=${cfg.server.hostname}"


     

       
409

       
 

       
              ];


     

       
410

       
 

       
              EnvironmentFile = cfg.server.secretFile;


     

       
411

       
-

       
              ExecStart = "${self.packages.${pkgs.system}.knotserver}/bin/knotserver";


     

       
412

       
 

       
              Restart = "always";


     

       
413

       
 

       
            };


     

       
414

       
 

       
          };


     
···

       
420

       
 

       
    nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem {


     

       
421

       
 

       
      system = "x86_64-linux";


     

       
422

       
 

       
      modules = [


     

       
423

       
-

       
        self.nixosModules.knotserver


     

       
424

       
 

       
        ({


     

       
425

       
 

       
          config,


     

       
426

       
 

       
          pkgs,


     
···

       
432

       
 

       
          services.getty.autologinUser = "root";


     

       
433

       
 

       
          environment.systemPackages = with pkgs; [curl vim git];


     

       
434

       
 

       
          systemd.tmpfiles.rules = let


     

       
435

       
-

       
            u = config.services.tangled-knotserver.gitUser;


     

       
436

       
-

       
            g = config.services.tangled-knotserver.gitUser;


     

       
437

       
 

       
          in [


     

       
438

       
-

       
            "d /var/lib/knotserver 0770 ${u} ${g} - -" # Create the directory first


     

       
439

       
-

       
            "f+ /var/lib/knotserver/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=38a7c3237c2a585807e06a5bcfac92eb39442063f3da306b7acb15cfdc51d19d"


     

       
440

       
 

       
          ];


     

       
441

       
-

       
          services.tangled-knotserver = {


     

       
442

       
 

       
            enable = true;


     

       
443

       
 

       
            server = {


     

       
444

       
-

       
              secretFile = "/var/lib/knotserver/secret";


     

       
445

       
 

       
              hostname = "localhost:6000";


     

       
446

       
 

       
              listenAddr = "0.0.0.0:6000";


     

       
447

       
 

       
            };


     
···

       
49

       
 

       
    inherit (gitignore.lib) gitignoreSource;


     

       
50

       
 

       
  in {


     

       
51

       
 

       
    overlays.default = final: prev: let


     

       
52

       
+

       
      goModHash = "sha256-H2gBkkuJaZtHlvW33aWZu0pS9vsS/A2ojeEUbp6o7Go=";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
53

       
 

       
    in {


     

       
54

       
 

       
      indigo-lexgen = final.buildGoModule {


     

       
55

       
 

       
        pname = "indigo-lexgen";


     
···

       
83

       
 

       
          stdenv = pkgsStatic.stdenv;


     

       
84

       
 

       
        };


     

       
85

       
 

       



     

       
86

       
+

       
      knot = with final;


     

       
87

       
 

       
        final.pkgsStatic.buildGoModule {


     

       
88

       
+

       
          pname = "knot";


     

       
89

       
 

       
          version = "0.1.0";


     

       
90

       
 

       
          src = gitignoreSource ./.;


     

       
91

       
 

       
          nativeBuildInputs = [final.makeWrapper];


     

       
92

       
+

       
          subPackages = ["cmd/knot"];


     

       
93

       
 

       
          vendorHash = goModHash;


     

       
94

       
 

       
          installPhase = ''


     

       
95

       
 

       
            runHook preInstall


     

       
96

       
 

       



     

       
97

       
 

       
            mkdir -p $out/bin


     

       
98

       
+

       
            cp $GOPATH/bin/knot $out/bin/knot


     

       
99

       
 

       



     

       
100

       
+

       
            wrapProgram $out/bin/knot \


     

       
101

       
 

       
            --prefix PATH : ${pkgs.git}/bin


     

       
102

       
 

       



     

       
103

       
 

       
            runHook postInstall


     

       
104

       
 

       
          '';


     

       
105

       
 

       
          env.CGO_ENABLED = 1;


     

       
106

       
 

       
        };


     

       
107

       
+

       
      knot-unwrapped = final.pkgsStatic.buildGoModule {


     

       
108

       
+

       
        pname = "knot";


     

       
109

       
 

       
        version = "0.1.0";


     

       
110

       
 

       
        src = gitignoreSource ./.;


     

       
111

       
+

       
        subPackages = ["cmd/knot"];


     

       
112

       
 

       
        vendorHash = goModHash;


     

       
113

       
 

       
        env.CGO_ENABLED = 1;


     

       
114

       
 

       
      };


     

       
115

       
+

       
      genjwks = final.pkgsStatic.buildGoModule {


     

       
116

       
+

       
          pname =  "genjwks";


     

       
117

       
+

       
          version = "0.1.0";


     

       
118

       
+

       
          src = gitignoreSource ./.;


     

       
119

       
+

       
          subPackages = ["cmd/genjwks"];


     

       
120

       
+

       
          vendorHash = goModHash;


     

       
121

       
+

       
          env.CGO_ENABLED = 0;


     

       
122

       
+

       
      };


     

       
123

       
 

       
    };


     

       
124

       
 

       
    packages = forAllSystems (system: {


     

       
125

       
 

       
      inherit


     

       
126

       
 

       
        (nixpkgsFor."${system}")


     

       
127

       
 

       
        indigo-lexgen


     

       
128

       
 

       
        appview


     

       
129

       
+

       
        knot


     

       
130

       
+

       
        knot-unwrapped


     

       

       

       
     

       

       

       
     

       
131

       
 

       
        genjwks


     

       
132

       
 

       
        ;


     

       
133

       
 

       
    });


     
···

       
166

       
 

       
    });


     

       
167

       
 

       
    apps = forAllSystems (system: let


     

       
168

       
 

       
      pkgs = nixpkgsFor."${system}";


     

       
169

       
+

       
      air-watcher = name: arg:


     

       
170

       
 

       
        pkgs.writeShellScriptBin "run"


     

       
171

       
 

       
        ''


     

       
172

       
 

       
          ${pkgs.air}/bin/air -c /dev/null \


     

       
173

       
 

       
          -build.cmd "${pkgs.go}/bin/go build -o ./out/${name}.out ./cmd/${name}/main.go" \


     

       
174

       
+

       
          -build.bin "./out/${name}.out ${arg}" \


     

       
175

       
 

       
          -build.stop_on_error "true" \


     

       
176

       
 

       
          -build.include_ext "go"


     

       
177

       
 

       
        '';


     
···

       
183

       
 

       
    in {


     

       
184

       
 

       
      watch-appview = {


     

       
185

       
 

       
        type = "app";


     

       
186

       
+

       
        program = ''${air-watcher "appview" ""}/bin/run'';


     

       
187

       
 

       
      };


     

       
188

       
+

       
      watch-knot = {


     

       
189

       
 

       
        type = "app";


     

       
190

       
+

       
        program = ''${air-watcher "knot" "server"}/bin/run'';


     

       
191

       
 

       
      };


     

       
192

       
 

       
      watch-tailwind = {


     

       
193

       
 

       
        type = "app";


     
···

       
241

       
 

       
        };


     

       
242

       
 

       
      };


     

       
243

       
 

       



     

       
244

       
+

       
    nixosModules.knot = {


     

       
245

       
 

       
      config,


     

       
246

       
 

       
      pkgs,


     

       
247

       
 

       
      lib,


     

       
248

       
 

       
      ...


     

       
249

       
 

       
    }: let


     

       
250

       
+

       
      cfg = config.services.tangled-knot;


     

       
251

       
 

       
    in


     

       
252

       
 

       
      with lib; {


     

       
253

       
 

       
        options = {


     

       
254

       
+

       
          services.tangled-knot = {


     

       
255

       
 

       
            enable = mkOption {


     

       
256

       
 

       
              type = types.bool;


     

       
257

       
 

       
              default = false;


     

       
258

       
+

       
              description = "Enable a tangled knot";


     

       
259

       
 

       
            };


     

       
260

       
 

       



     

       
261

       
 

       
            appviewEndpoint = mkOption {


     
···

       
377

       
 

       
            mode = "0555";


     

       
378

       
 

       
            text = ''


     

       
379

       
 

       
              #!${pkgs.stdenv.shell}


     

       
380

       
+

       
              ${self.packages.${pkgs.system}.knot}/bin/knot keys \


     

       
381

       
+

       
                -output authorized-keys \


     

       
382

       
 

       
                -internal-api "http://${cfg.server.internalListenAddr}" \


     

       
383

       
 

       
                -git-dir "${cfg.repo.scanPath}" \


     

       
384

       
+

       
                -log-path /tmp/knotguard.log


     

       
385

       
 

       
            '';


     

       
386

       
 

       
          };


     

       
387

       
 

       



     

       
388

       
+

       
          systemd.services.knot = {


     

       
389

       
+

       
            description = "knot service";


     

       
390

       
 

       
            after = ["network.target" "sshd.service"];


     

       
391

       
 

       
            wantedBy = ["multi-user.target"];


     

       
392

       
 

       
            serviceConfig = {


     
···

       
402

       
 

       
                "KNOT_SERVER_HOSTNAME=${cfg.server.hostname}"


     

       
403

       
 

       
              ];


     

       
404

       
 

       
              EnvironmentFile = cfg.server.secretFile;


     

       
405

       
+

       
              ExecStart = "${self.packages.${pkgs.system}.knot}/bin/knot server";


     

       
406

       
 

       
              Restart = "always";


     

       
407

       
 

       
            };


     

       
408

       
 

       
          };


     
···

       
414

       
 

       
    nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem {


     

       
415

       
 

       
      system = "x86_64-linux";


     

       
416

       
 

       
      modules = [


     

       
417

       
+

       
        self.nixosModules.knot


     

       
418

       
 

       
        ({


     

       
419

       
 

       
          config,


     

       
420

       
 

       
          pkgs,


     
···

       
426

       
 

       
          services.getty.autologinUser = "root";


     

       
427

       
 

       
          environment.systemPackages = with pkgs; [curl vim git];


     

       
428

       
 

       
          systemd.tmpfiles.rules = let


     

       
429

       
+

       
            u = config.services.tangled-knot.gitUser;


     

       
430

       
+

       
            g = config.services.tangled-knot.gitUser;


     

       
431

       
 

       
          in [


     

       
432

       
+

       
            "d /var/lib/knot 0770 ${u} ${g} - -" # Create the directory first


     

       
433

       
+

       
            "f+ /var/lib/knot/secret 0660 ${u} ${g} - KNOT_SERVER_SECRET=38a7c3237c2a585807e06a5bcfac92eb39442063f3da306b7acb15cfdc51d19d"


     

       
434

       
 

       
          ];


     

       
435

       
+

       
          services.tangled-knot = {


     

       
436

       
 

       
            enable = true;


     

       
437

       
 

       
            server = {


     

       
438

       
+

       
              secretFile = "/var/lib/knot/secret";


     

       
439

       
 

       
              hostname = "localhost:6000";


     

       
440

       
 

       
              listenAddr = "0.0.0.0:6000";


     

       
441

       
 

       
            };