diff --git a/flake.lock b/flake.lock index 1f87b9b6..51a04c6c 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1738524606, - "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=", + "lastModified": 1751403276, + "narHash": "sha256-V0EPQNsQko1a8OqIWc2lLviLnMpR1m08Ej00z5RVTfs=", "owner": "zhaofengli", "repo": "attic", - "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e", + "rev": "896ad88fa57ad5dbcd267c0ac51f1b71ccfcb4dd", "type": "github" }, "original": { @@ -32,11 +32,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1737621947, - "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=", + "lastModified": 1748883665, + "narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=", "owner": "cachix", "repo": "cachix", - "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5", + "rev": "f707778d902af4d62d8dd92c269f8e70de09acbe", "type": "github" }, "original": { @@ -63,11 +63,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1728672398, - "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", + "lastModified": 1744206633, + "narHash": "sha256-pb5aYkE8FOoa4n123slgHiOf1UbNSnKe5pEZC+xXD5g=", "owner": "cachix", "repo": "cachix", - "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", + "rev": "8a60090640b96f9df95d1ab99e5763a586be1404", "type": "github" }, "original": { @@ -77,23 +77,6 @@ "type": "github" } }, - "complement": { - "flake": false, - "locked": { - "lastModified": 1741891349, - "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", - "owner": "girlbossceo", - "repo": "complement", - "rev": "e587b3df569cba411aeac7c20b6366d03c143745", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "main", - "repo": "complement", - "type": "github" - } - }, "crane": { "inputs": { "nixpkgs": [ @@ -117,11 +100,11 @@ }, "crane_2": { "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", + "lastModified": 1750266157, + "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", "owner": "ipetkov", "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", + "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", "type": "github" }, "original": { @@ -149,11 +132,11 @@ ] }, "locked": { - "lastModified": 1733323168, - "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", + "lastModified": 1748273445, + "narHash": "sha256-5V0dzpNgQM0CHDsMzh+ludYeu1S+Y+IMjbaskSSdFh0=", "owner": "cachix", "repo": "devenv", - "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", + "rev": "668a50d8b7bdb19a0131f53c9f6c25c9071e1ffb", "type": "github" }, "original": { @@ -170,11 +153,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1740724364, - "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=", + "lastModified": 1751525020, + "narHash": "sha256-oDO6lCYS5Bf4jUITChj9XV7k3TP38DE0Ckz5n5ORCME=", "owner": "nix-community", "repo": "fenix", - "rev": "edf7d9e431cda8782e729253835f178a356d3aab", + "rev": "a1a5f92f47787e7df9f30e5e5ac13e679215aa1e", "type": "github" }, "original": { @@ -203,11 +186,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -219,11 +202,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -306,15 +289,14 @@ "nixpkgs": [ "cachix", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" + ] }, "locked": { - "lastModified": 1733318908, - "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -361,23 +343,6 @@ "type": "github" } }, - "liburing": { - "flake": false, - "locked": { - "lastModified": 1740613216, - "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=", - "owner": "axboe", - "repo": "liburing", - "rev": "e1003e496e66f9b0ae06674869795edf772d5500", - "type": "github" - }, - "original": { - "owner": "axboe", - "ref": "master", - "repo": "liburing", - "type": "github" - } - }, "nix": { "inputs": { "flake-compat": [ @@ -401,11 +366,11 @@ ] }, "locked": { - "lastModified": 1727438425, - "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", + "lastModified": 1745930071, + "narHash": "sha256-bYyjarS3qSNqxfgc89IoVz8cAFDkF9yPE63EJr+h50s=", "owner": "domenkozar", "repo": "nix", - "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", + "rev": "b455edf3505f1bf0172b39a735caef94687d0d9c", "type": "github" }, "original": { @@ -484,29 +449,13 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -534,11 +483,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1748190013, + "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", "type": "github" }, "original": { @@ -550,11 +499,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1740547748, - "narHash": "sha256-Ly2fBL1LscV+KyCqPRufUBuiw+zmWrlJzpWOWbahplg=", + "lastModified": 1751498133, + "narHash": "sha256-QWJ+NQbMU+NcU2xiyo7SNox1fAuwksGlQhpzBl76g1I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3a05eebede89661660945da1f151959900903b6a", + "rev": "d55716bb59b91ae9d1ced4b1ccdea7a442ecbfdb", "type": "github" }, "original": { @@ -569,28 +518,26 @@ "locked": { "lastModified": 1741308171, "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=", - "owner": "girlbossceo", - "repo": "rocksdb", + "ref": "v9.11.1", "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986", - "type": "github" + "revCount": 13177, + "type": "git", + "url": "https://forgejo.ellis.link/continuwuation/rocksdb" }, "original": { - "owner": "girlbossceo", "ref": "v9.11.1", - "repo": "rocksdb", - "type": "github" + "type": "git", + "url": "https://forgejo.ellis.link/continuwuation/rocksdb" } }, "root": { "inputs": { "attic": "attic", "cachix": "cachix", - "complement": "complement", "crane": "crane_2", "fenix": "fenix", "flake-compat": "flake-compat_3", "flake-utils": "flake-utils", - "liburing": "liburing", "nix-filter": "nix-filter", "nixpkgs": "nixpkgs_5", "rocksdb": "rocksdb" @@ -599,11 +546,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1740691488, - "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=", + "lastModified": 1751433876, + "narHash": "sha256-IsdwOcvLLDDlkFNwhdD5BZy20okIQL01+UQ7Kxbqh8s=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5", + "rev": "11d45c881389dae90b0da5a94cde52c79d0fc7ef", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 52fdc10b..564cd479 100644 --- a/flake.nix +++ b/flake.nix @@ -2,577 +2,344 @@ inputs = { attic.url = "github:zhaofengli/attic?ref=main"; cachix.url = "github:cachix/cachix?ref=master"; - complement = { url = "github:girlbossceo/complement?ref=main"; flake = false; }; - crane = { url = "github:ipetkov/crane?ref=master"; }; - fenix = { url = "github:nix-community/fenix?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; }; - flake-compat = { url = "github:edolstra/flake-compat?ref=master"; flake = false; }; + crane = { + url = "github:ipetkov/crane?ref=master"; + }; + fenix = { + url = "github:nix-community/fenix?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-compat = { + url = "github:edolstra/flake-compat?ref=master"; + flake = false; + }; flake-utils.url = "github:numtide/flake-utils?ref=main"; nix-filter.url = "github:numtide/nix-filter?ref=main"; nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable"; - rocksdb = { url = "github:girlbossceo/rocksdb?ref=v9.11.1"; flake = false; }; - liburing = { url = "github:axboe/liburing?ref=master"; flake = false; }; + rocksdb = { + url = "git+https://forgejo.ellis.link/continuwuation/rocksdb?ref=v9.11.1"; + flake = false; + }; }; - outputs = inputs: - inputs.flake-utils.lib.eachDefaultSystem (system: - let - pkgsHost = import inputs.nixpkgs{ - inherit system; - }; - pkgsHostStatic = pkgsHost.pkgsStatic; - - # The Rust toolchain to use - toolchain = inputs.fenix.packages.${system}.fromToolchainFile { - file = ./rust-toolchain.toml; - - # See also `rust-toolchain.toml` - sha256 = "sha256-KUm16pHj+cRedf8vxs/Hd2YWxpOrWZ7UOrwhILdSJBU="; - }; - - mkScope = pkgs: pkgs.lib.makeScope pkgs.newScope (self: { - inherit pkgs; - book = self.callPackage ./nix/pkgs/book {}; - complement = self.callPackage ./nix/pkgs/complement {}; - craneLib = ((inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain)); - inherit inputs; - main = self.callPackage ./nix/pkgs/main {}; - oci-image = self.callPackage ./nix/pkgs/oci-image {}; - tini = pkgs.tini.overrideAttrs { - # newer clang/gcc is unhappy with tini-static: - patches = [ (pkgs.fetchpatch { - url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch"; - hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k="; - }) - ]; - }; - liburing = pkgs.liburing.overrideAttrs { - # Tests weren't building - outputs = [ "out" "dev" "man" ]; - buildFlags = [ "library" ]; - src = inputs.liburing; - }; - rocksdb = (pkgs.rocksdb.override { - liburing = self.liburing; - }).overrideAttrs (old: { - src = inputs.rocksdb; - version = pkgs.lib.removePrefix - "v" - (builtins.fromJSON (builtins.readFile ./flake.lock)) - .nodes.rocksdb.original.ref; - # we have this already at https://github.com/girlbossceo/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155 - # unsetting this so i don't have to revert it and make this nix exclusive - patches = []; - cmakeFlags = pkgs.lib.subtractLists - [ - # no real reason to have snappy or zlib, no one uses this - "-DWITH_SNAPPY=1" - "-DZLIB=1" - "-DWITH_ZLIB=1" - # we dont need to use ldb or sst_dump (core_tools) - "-DWITH_CORE_TOOLS=1" - # we dont need to build rocksdb tests - "-DWITH_TESTS=1" - # we use rust-rocksdb via C interface and dont need C++ RTTI - "-DUSE_RTTI=1" - # this doesn't exist in RocksDB, and USE_SSE is deprecated for - # PORTABLE=$(march) - "-DFORCE_SSE42=1" - # PORTABLE will get set in main/default.nix - "-DPORTABLE=1" - ] - old.cmakeFlags - ++ [ - # no real reason to have snappy, no one uses this - "-DWITH_SNAPPY=0" - "-DZLIB=0" - "-DWITH_ZLIB=0" - # we dont need to use ldb or sst_dump (core_tools) - "-DWITH_CORE_TOOLS=0" - # we dont need trace tools - "-DWITH_TRACE_TOOLS=0" - # we dont need to build rocksdb tests - "-DWITH_TESTS=0" - # we use rust-rocksdb via C interface and dont need C++ RTTI - "-DUSE_RTTI=0" - ]; - - # outputs has "tools" which we dont need or use - outputs = [ "out" ]; - - # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use - preInstall = ""; - }); - }); - - scopeHost = mkScope pkgsHost; - scopeHostStatic = mkScope pkgsHostStatic; - scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic; - mkCrossScope = crossSystem: - let pkgsCrossStatic = (import inputs.nixpkgs { + outputs = + inputs: + inputs.flake-utils.lib.eachDefaultSystem ( + system: + let + pkgsHost = import inputs.nixpkgs { inherit system; - crossSystem = { - config = crossSystem; - }; - }).pkgsStatic; - in - mkScope pkgsCrossStatic; - - mkDevShell = scope: scope.pkgs.mkShell { - env = scope.main.env // { - # Rust Analyzer needs to be able to find the path to default crate - # sources, and it can read this environment variable to do so. The - # `rust-src` component is required in order for this to work. - RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; - - # Convenient way to access a pinned version of Complement's source - # code. - COMPLEMENT_SRC = inputs.complement.outPath; - - # Needed for Complement: - CGO_CFLAGS = "-Wl,--no-gc-sections"; - CGO_LDFLAGS = "-Wl,--no-gc-sections"; }; - # Development tools - packages = [ - # Always use nightly rustfmt because most of its options are unstable - # - # This needs to come before `toolchain` in this list, otherwise - # `$PATH` will have stable rustfmt instead. - inputs.fenix.packages.${system}.latest.rustfmt + # The Rust toolchain to use + toolchain = inputs.fenix.packages.${system}.fromToolchainFile { + file = ./rust-toolchain.toml; - toolchain - ] - ++ (with pkgsHost.pkgs; [ - # Required by hardened-malloc.rs dep - binutils + # See also `rust-toolchain.toml` + sha256 = "sha256-KUm16pHj+cRedf8vxs/Hd2YWxpOrWZ7UOrwhILdSJBU="; + }; - cargo-audit - cargo-auditable + mkScope = + pkgs: + pkgs.lib.makeScope pkgs.newScope (self: { + inherit pkgs inputs; + craneLib = (inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain); + main = self.callPackage ./nix/pkgs/main { }; + liburing = pkgs.liburing.overrideAttrs { + # Tests weren't building + outputs = [ + "out" + "dev" + "man" + ]; + buildFlags = [ "library" ]; + }; + rocksdb = + (pkgs.rocksdb_9_10.override { + # Override the liburing input for the build with our own so + # we have it built with the library flag + inherit (self) liburing; + }).overrideAttrs + (old: { + src = inputs.rocksdb; + version = "v9.11.1"; + cmakeFlags = + pkgs.lib.subtractLists [ + # No real reason to have snappy or zlib, no one uses this + "-DWITH_SNAPPY=1" + "-DZLIB=1" + "-DWITH_ZLIB=1" + # We don't need to use ldb or sst_dump (core_tools) + "-DWITH_CORE_TOOLS=1" + # We don't need to build rocksdb tests + "-DWITH_TESTS=1" + # We use rust-rocksdb via C interface and don't need C++ RTTI + "-DUSE_RTTI=1" + # This doesn't exist in RocksDB, and USE_SSE is deprecated for + # PORTABLE=$(march) + "-DFORCE_SSE42=1" + # PORTABLE will get set in main/default.nix + "-DPORTABLE=1" + ] old.cmakeFlags + ++ [ + # No real reason to have snappy, no one uses this + "-DWITH_SNAPPY=0" + "-DZLIB=0" + "-DWITH_ZLIB=0" + # We don't need to use ldb or sst_dump (core_tools) + "-DWITH_CORE_TOOLS=0" + # We don't need trace tools + "-DWITH_TRACE_TOOLS=0" + # We don't need to build rocksdb tests + "-DWITH_TESTS=0" + # We use rust-rocksdb via C interface and don't need C++ RTTI + "-DUSE_RTTI=0" + ]; - # Needed for producing Debian packages - cargo-deb + # outputs has "tools" which we don't need or use + outputs = [ "out" ]; - # Needed for CI to check validity of produced Debian packages (dpkg-deb) - dpkg + # preInstall hooks has stuff for messing with ldb/sst_dump which we don't need or use + preInstall = ""; - engage + # We have this already at https://forgejo.ellis.link/continuwuation/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155 + # Unsetting this so we don't have to revert it and make this nix exclusive + patches = [ ]; - # Needed for Complement - go + postPatch = '' + # Fix gcc-13 build failures due to missing and + # includes, fixed upstream since 8.x + sed -e '1i #include ' -i db/compaction/compaction_iteration_stats.h + sed -e '1i #include ' -i table/block_based/data_block_hash_index.h + sed -e '1i #include ' -i util/string_util.h + sed -e '1i #include ' -i include/rocksdb/utilities/checkpoint.h + ''; + }); + }); - # Needed for our script for Complement - jq - gotestfmt + scopeHost = mkScope pkgsHost; + mkCrossScope = + crossSystem: + let + pkgsCrossStatic = + (import inputs.nixpkgs { + inherit system; + crossSystem = { + config = crossSystem; + }; + }).pkgsStatic; + in + mkScope pkgsCrossStatic; - # Needed for finding broken markdown links - lychee - - # Needed for linting markdown files - markdownlint-cli - - # Useful for editing the book locally - mdbook - - # used for rust caching in CI to speed it up - sccache - ] - # liburing is Linux-exclusive - ++ lib.optional stdenv.hostPlatform.isLinux liburing - ++ lib.optional stdenv.hostPlatform.isLinux numactl) - ++ scope.main.buildInputs - ++ scope.main.propagatedBuildInputs - ++ scope.main.nativeBuildInputs; - }; - in - { - packages = { - default = scopeHost.main.override { - disable_features = [ - # dont include experimental features + in + { + packages = + { + default = scopeHost.main.override { + disable_features = [ + # Don't include experimental features "experimental" # jemalloc profiling/stats features are expensive and shouldn't # be expected on non-debug builds. "jemalloc_prof" "jemalloc_stats" - # this is non-functional on nix for some reason + # This is non-functional on nix for some reason "hardened_malloc" # conduwuit_mods is a development-only hot reload feature "conduwuit_mods" - ]; - }; - default-debug = scopeHost.main.override { - profile = "dev"; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features + ]; + }; + default-debug = scopeHost.main.override { + profile = "dev"; + # Debug build users expect full logs + disable_release_max_log_level = true; + disable_features = [ + # Don't include experimental features + "experimental" + # This is non-functional on nix for some reason + "hardened_malloc" + # conduwuit_mods is a development-only hot reload feature + "conduwuit_mods" + ]; + }; + # Just a test profile used for things like CI and complement + default-test = scopeHost.main.override { + profile = "test"; + disable_release_max_log_level = true; + disable_features = [ + # Don't include experimental features "experimental" # this is non-functional on nix for some reason "hardened_malloc" # conduwuit_mods is a development-only hot reload feature "conduwuit_mods" - ]; - }; - # just a test profile used for things like CI and complement - default-test = scopeHost.main.override { - profile = "test"; - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - all-features = scopeHost.main.override { - all_features = true; - disable_features = [ - # dont include experimental features + ]; + }; + all-features = scopeHost.main.override { + all_features = true; + disable_features = [ + # Don't include experimental features "experimental" # jemalloc profiling/stats features are expensive and shouldn't # be expected on non-debug builds. "jemalloc_prof" "jemalloc_stats" - # this is non-functional on nix for some reason + # This is non-functional on nix for some reason "hardened_malloc" # conduwuit_mods is a development-only hot reload feature "conduwuit_mods" - ]; - }; - all-features-debug = scopeHost.main.override { - profile = "dev"; - all_features = true; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features + ]; + }; + all-features-debug = scopeHost.main.override { + profile = "dev"; + all_features = true; + # Debug build users expect full logs + disable_release_max_log_level = true; + disable_features = [ + # Don't include experimental features "experimental" - # this is non-functional on nix for some reason + # This is non-functional on nix for some reason "hardened_malloc" # conduwuit_mods is a development-only hot reload feature "conduwuit_mods" - ]; - }; - hmalloc = scopeHost.main.override { features = ["hardened_malloc"]; }; + ]; + }; + hmalloc = scopeHost.main.override { features = [ "hardened_malloc" ]; }; + } + // builtins.listToAttrs ( + builtins.concatLists ( + builtins.map + ( + crossSystem: + let + binaryName = "static-${crossSystem}"; + scopeCrossStatic = mkCrossScope crossSystem; + in + [ + # An output for a statically-linked binary + { + name = binaryName; + value = scopeCrossStatic.main; + } - oci-image = scopeHost.oci-image; - oci-image-all-features = scopeHost.oci-image.override { - main = scopeHost.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - }; - oci-image-all-features-debug = scopeHost.oci-image.override { - main = scopeHost.main.override { - profile = "dev"; - all_features = true; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - }; - oci-image-hmalloc = scopeHost.oci-image.override { - main = scopeHost.main.override { - features = ["hardened_malloc"]; - }; - }; + # An output for a statically-linked binary with x86_64 haswell + # target optimisations + { + name = "${binaryName}-x86_64-haswell-optimised"; + value = scopeCrossStatic.main.override { + x86_64_haswell_target_optimised = + if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false; + }; + } - book = scopeHost.book; - - complement = scopeHost.complement; - static-complement = scopeHostStatic.complement; - # macOS containers don't exist, so the complement images must be forced to linux - linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement; - } - // - builtins.listToAttrs - (builtins.concatLists - (builtins.map - (crossSystem: - let - binaryName = "static-${crossSystem}"; - scopeCrossStatic = mkCrossScope crossSystem; - in - [ - # An output for a statically-linked binary - { - name = binaryName; - value = scopeCrossStatic.main; - } - - # An output for a statically-linked binary with x86_64 haswell - # target optimisations - { - name = "${binaryName}-x86_64-haswell-optimised"; - value = scopeCrossStatic.main.override { - x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false); - }; - } - - # An output for a statically-linked unstripped debug ("dev") binary - { - name = "${binaryName}-debug"; - value = scopeCrossStatic.main.override { - profile = "dev"; - # debug build users expect full logs - disable_release_max_log_level = true; - }; - } - - # An output for a statically-linked unstripped debug binary with the - # "test" profile (for CI usage only) - { - name = "${binaryName}-test"; - value = scopeCrossStatic.main.override { - profile = "test"; - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - } - - # An output for a statically-linked binary with `--all-features` - { - name = "${binaryName}-all-features"; - value = scopeCrossStatic.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - } - - # An output for a statically-linked binary with `--all-features` and with x86_64 haswell - # target optimisations - { - name = "${binaryName}-all-features-x86_64-haswell-optimised"; - value = scopeCrossStatic.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false); - }; - } - - # An output for a statically-linked unstripped debug ("dev") binary with `--all-features` - { - name = "${binaryName}-all-features-debug"; - value = scopeCrossStatic.main.override { - profile = "dev"; - all_features = true; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - } - - # An output for a statically-linked binary with hardened_malloc - { - name = "${binaryName}-hmalloc"; - value = scopeCrossStatic.main.override { - features = ["hardened_malloc"]; - }; - } - - # An output for an OCI image based on that binary - { - name = "oci-image-${crossSystem}"; - value = scopeCrossStatic.oci-image; - } - - # An output for an OCI image based on that binary with x86_64 haswell - # target optimisations - { - name = "oci-image-${crossSystem}-x86_64-haswell-optimised"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false); - }; - }; - } - - # An output for an OCI image based on that unstripped debug ("dev") binary - { - name = "oci-image-${crossSystem}-debug"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { + # An output for a statically-linked unstripped debug ("dev") binary + { + name = "${binaryName}-debug"; + value = scopeCrossStatic.main.override { profile = "dev"; # debug build users expect full logs disable_release_max_log_level = true; - }; - }; - } + }; + } - # An output for an OCI image based on that binary with `--all-features` - { - name = "oci-image-${crossSystem}-all-features"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - }; - } + # An output for a statically-linked unstripped debug binary with the + # "test" profile (for CI usage only) + { + name = "${binaryName}-test"; + value = scopeCrossStatic.main.override { + profile = "test"; + disable_release_max_log_level = true; + disable_features = [ + # dont include experimental features + "experimental" + # this is non-functional on nix for some reason + "hardened_malloc" + # conduwuit_mods is a development-only hot reload feature + "conduwuit_mods" + ]; + }; + } - # An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell - # target optimisations - { - name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - x86_64_haswell_target_optimised = (if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false); - }; - }; - } + # An output for a statically-linked binary with `--all-features` + { + name = "${binaryName}-all-features"; + value = scopeCrossStatic.main.override { + all_features = true; + disable_features = [ + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # this is non-functional on nix for some reason + "hardened_malloc" + # conduwuit_mods is a development-only hot reload feature + "conduwuit_mods" + ]; + }; + } - # An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features` - { - name = "oci-image-${crossSystem}-all-features-debug"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - profile = "dev"; - all_features = true; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - }; - } + # An output for a statically-linked binary with `--all-features` and with x86_64 haswell + # target optimisations + { + name = "${binaryName}-all-features-x86_64-haswell-optimised"; + value = scopeCrossStatic.main.override { + all_features = true; + disable_features = [ + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # this is non-functional on nix for some reason + "hardened_malloc" + # conduwuit_mods is a development-only hot reload feature + "conduwuit_mods" + ]; + x86_64_haswell_target_optimised = + if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false; + }; + } - # An output for an OCI image based on that binary with hardened_malloc - { - name = "oci-image-${crossSystem}-hmalloc"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - features = ["hardened_malloc"]; - }; - }; - } + # An output for a statically-linked unstripped debug ("dev") binary with `--all-features` + { + name = "${binaryName}-all-features-debug"; + value = scopeCrossStatic.main.override { + profile = "dev"; + all_features = true; + # debug build users expect full logs + disable_release_max_log_level = true; + disable_features = [ + # dont include experimental features + "experimental" + # this is non-functional on nix for some reason + "hardened_malloc" + # conduwuit_mods is a development-only hot reload feature + "conduwuit_mods" + ]; + }; + } - # An output for a complement OCI image for the specified platform - { - name = "complement-${crossSystem}"; - value = scopeCrossStatic.complement; - } - ] + # An output for a statically-linked binary with hardened_malloc + { + name = "${binaryName}-hmalloc"; + value = scopeCrossStatic.main.override { + features = [ "hardened_malloc" ]; + }; + } + ] + ) + [ + #"x86_64-apple-darwin" + #"aarch64-apple-darwin" + "x86_64-linux-gnu" + "x86_64-linux-musl" + "aarch64-linux-musl" + ] ) - [ - #"x86_64-apple-darwin" - #"aarch64-apple-darwin" - "x86_64-linux-gnu" - "x86_64-linux-musl" - "aarch64-linux-musl" - ] - ) - ); - - devShells.default = mkDevShell scopeHostStatic; - devShells.all-features = mkDevShell - (scopeHostStatic.overrideScope (final: prev: { - main = prev.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - })); - devShells.no-features = mkDevShell - (scopeHostStatic.overrideScope (final: prev: { - main = prev.main.override { default_features = false; }; - })); - devShells.dynamic = mkDevShell scopeHost; - }); + ); + } + ); } diff --git a/nix/pkgs/book/default.nix b/nix/pkgs/book/default.nix deleted file mode 100644 index 3995ab79..00000000 --- a/nix/pkgs/book/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ inputs - -# Dependencies -, main -, mdbook -, stdenv -}: - -stdenv.mkDerivation { - inherit (main) pname version; - - src = inputs.nix-filter { - root = inputs.self; - include = [ - "book.toml" - "conduwuit-example.toml" - "CODE_OF_CONDUCT.md" - "CONTRIBUTING.md" - "README.md" - "development.md" - "debian/conduwuit.service" - "debian/README.md" - "arch/conduwuit.service" - "docs" - "theme" - ]; - }; - - nativeBuildInputs = [ - mdbook - ]; - - buildPhase = '' - mdbook build -d $out - ''; -} diff --git a/nix/pkgs/complement/certificate.crt b/nix/pkgs/complement/certificate.crt deleted file mode 100644 index 5dd4fdea..00000000 --- a/nix/pkgs/complement/certificate.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIUcrZdSPmCh33Evys/U6mTPpShqdcwDQYJKoZIhvcNAQEL -BQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29mZXJz -IGluYy4xDDAKBgNVBAMMA2hzMTAgFw0yNTAzMTMxMjU4NTFaGA8yMDUyMDcyODEy -NTg1MVowPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29m -ZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjHuCLZLpYt -/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZRxmOhtp88 -awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZbo61q8HBp -L0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42BhGtnJZsK -K5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBevUdBh8gl -8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaNxMG8wCQYDVR0TBAIwADALBgNV -HQ8EBAMCBPAwNgYDVR0RBC8wLYIRKi5kb2NrZXIuaW50ZXJuYWyCA2hzMYIDaHMy -ggNoczOCA2hzNIcEfwAAATAdBgNVHQ4EFgQUr4VYrmW1d+vjBTJewvy7fJYhLDYw -DQYJKoZIhvcNAQELBQADggEBADkYqkjNYxjWX8hUUAmFHNdCwzT1CpYe/5qzLiyJ -irDSdMlC5g6QqMUSrpu7nZxo1lRe1dXGroFVfWpoDxyCjSQhplQZgtYqtyLfOIx+ -HQ7cPE/tUU/KsTGc0aL61cETB6u8fj+rQKUGdfbSlm0Rpu4v0gC8RnDj06X/hZ7e -VkWU+dOBzxlqHuLlwFFtVDgCyyTatIROx5V+GpMHrVqBPO7HcHhwqZ30k2kMM8J3 -y1CWaliQM85jqtSZV+yUHKQV8EksSowCFJuguf+Ahz0i0/koaI3i8m4MRN/1j13d -jbTaX5a11Ynm3A27jioZdtMRty6AJ88oCp18jxVzqTxNNO4= ------END CERTIFICATE----- diff --git a/nix/pkgs/complement/config.toml b/nix/pkgs/complement/config.toml deleted file mode 100644 index 7f4ecef7..00000000 --- a/nix/pkgs/complement/config.toml +++ /dev/null @@ -1,50 +0,0 @@ -[global] -address = "0.0.0.0" -allow_device_name_federation = true -allow_guest_registration = true -allow_public_room_directory_over_federation = true -allow_public_room_directory_without_auth = true -allow_registration = true -database_path = "/database" -log = "trace,h2=debug,hyper=debug" -port = [8008, 8448] -trusted_servers = [] -only_query_trusted_key_servers = false -query_trusted_key_servers_first = false -query_trusted_key_servers_first_on_join = false -yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true -ip_range_denylist = [] -url_preview_domain_contains_allowlist = ["*"] -url_preview_domain_explicit_denylist = ["*"] -media_compat_file_link = false -media_startup_check = true -prune_missing_media = true -log_colors = true -admin_room_notices = false -allow_check_for_updates = false -intentionally_unknown_config_option_for_testing = true -rocksdb_log_level = "info" -rocksdb_max_log_files = 1 -rocksdb_recovery_mode = 0 -rocksdb_paranoid_file_checks = true -log_guest_registrations = false -allow_legacy_media = true -startup_netburst = true -startup_netburst_keep = -1 - -allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true - -# valgrind makes things so slow -dns_timeout = 60 -dns_attempts = 20 -request_conn_timeout = 60 -request_timeout = 120 -well_known_conn_timeout = 60 -well_known_timeout = 60 -federation_idle_timeout = 300 -sender_timeout = 300 -sender_idle_timeout = 300 -sender_retry_backoff_limit = 300 - -[global.tls] -dual_protocol = true diff --git a/nix/pkgs/complement/default.nix b/nix/pkgs/complement/default.nix deleted file mode 100644 index 1295cb03..00000000 --- a/nix/pkgs/complement/default.nix +++ /dev/null @@ -1,89 +0,0 @@ -# Dependencies -{ bashInteractive -, buildEnv -, coreutils -, dockerTools -, lib -, main -, stdenv -, tini -, writeShellScriptBin -}: - -let - main' = main.override { - profile = "test"; - all_features = true; - disable_release_max_log_level = true; - disable_features = [ - # console/CLI stuff isn't used or relevant for complement - "console" - "tokio_console" - # sentry telemetry isn't useful for complement, disabled by default anyways - "sentry_telemetry" - "perf_measurements" - # this is non-functional on nix for some reason - "hardened_malloc" - # dont include experimental features - "experimental" - # compression isn't needed for complement - "brotli_compression" - "gzip_compression" - "zstd_compression" - # complement doesn't need hot reloading - "conduwuit_mods" - # complement doesn't have URL preview media tests - "url_preview" - ]; - }; - - start = writeShellScriptBin "start" '' - set -euxo pipefail - - ${lib.getExe' coreutils "env"} \ - CONDUWUIT_SERVER_NAME="$SERVER_NAME" \ - ${lib.getExe main'} - ''; -in - -dockerTools.buildImage { - name = "complement-conduwuit"; - tag = "main"; - - copyToRoot = buildEnv { - name = "root"; - pathsToLink = [ - "/bin" - ]; - paths = [ - bashInteractive - coreutils - main' - start - ]; - }; - - config = { - Cmd = [ - "${lib.getExe start}" - ]; - - Entrypoint = if !stdenv.hostPlatform.isDarwin - # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT) - # are handled as expected - then [ "${lib.getExe' tini "tini"}" "--" ] - else []; - - Env = [ - "CONTINUWUITY_TLS__KEY=${./private_key.key}" - "CONTINUWUITY_TLS__CERTS=${./certificate.crt}" - "CONTINUWUITY_CONFIG=${./config.toml}" - "RUST_BACKTRACE=full" - ]; - - ExposedPorts = { - "8008/tcp" = {}; - "8448/tcp" = {}; - }; - }; -} diff --git a/nix/pkgs/complement/private_key.key b/nix/pkgs/complement/private_key.key deleted file mode 100644 index 5b9d4d4f..00000000 --- a/nix/pkgs/complement/private_key.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDS/odmZivxajeb -iyT7SMuhXqnMm+hF+zEARLcbieem0wG4x7gi2S6WLf8DlifdXax6me13eYk4rBnT -LvGEvNNx0px5M54H+FVyoVa3c1tmA66WUcZjobafPGsDh5j+5qpScgWwjkMPGg1a -09CphCFswO4PpxUUORX/OTGj/rEKxximW6OtavBwaS9F7mqjXJK7lCrcZxKq5ucc -ebGMmCoO660hROSTBaFigdRTVicclk+NgYRrZyWbCiuXPjQ0jlOE2rcaDepqTUga -Qs/2tdT4kBzBH6kZOiQOIN/ddXaj032QXr1HQYfIJfJmiM6nmRob8nik5rpZdWNO -/Ncsro/fAgMBAAECggEAITCCkfv+a5I+vwvrPE/eIDso0JOxvNhfg+BLQVy3AMnu -WmeoMmshZeREWgcTrEGg8QQnk4Sdrjl8MnkO6sddJ2luza3t7OkGX+q7Hk5aETkB -DIo+f8ufU3sIhlydF3OnVSK0fGpUaBq8AQ6Soyeyrk3G5NVufmjgae5QPbDBnqUb -piOGyfcwagL4JtCbZsMk8AT7vQSynLm6zaWsVzWNd71jummLqtVV063K95J9PqVN -D8meEcP3WR5kQrvf+mgy9RVgWLRtVWN8OLZfJ9yrnl4Efj62elrldUj4jaCFezGQ -8f0W+d8jjt038qhmEdymw2MWQ+X/b0R79lJar1Up8QKBgQD1DtHxauhl+JUoI3y+ -3eboqXl7YPJt1/GTnChb4b6D1Z1hvLsOKUa7hjGEfruYGbsWXBCRMICdfzp+iWcq -/lEOp7/YU9OaW4lQMoG4sXMoBWd9uLgg0E+aH6VDJOBvxsfafqM4ufmtspzwEm90 -FU1cq6oImomFnPChSq4X+3+YpwKBgQDcalaK9llCcscWA8HAP8WVVNTjCOqiDp9q -td61E9IO/FIB/gW5y+JkaFRrA2CN1zY3s3K92uveLTNYTArecWlDcPNNFDuaYu2M -Roz4bC104HGh+zztJ0iPVzELL81Lgg6wHhLONN+eVi4gTftJxzJFXybyb+xVT25A -91ynKXB+CQKBgQC+Ub43MoI+/6pHvBfb3FbDByvz6D0flgBmVXb6tP3TQYmzKHJV -8zSd2wCGGC71V7Z3DRVIzVR1/SOetnPLbivhp+JUzfWfAcxI3pDksdvvjxLrDxTh -VycbWcxtsywjY0w/ou581eLVRcygnpC0pP6qJCAwAmUfwd0YRvmiYo6cLQKBgHIW -UIlJDdaJFmdctnLOD3VGHZMOUHRlYTqYvJe5lKbRD5mcZFZRI/OY1Ok3LEj+tj+K -kL+YizHK76KqaY3N4hBYbHbfHCLDRfWvptQHGlg+vFJ9eoG+LZ6UIPyLV5XX0cZz -KoS1dXG9Zc6uznzXsDucDsq6B/f4TzctUjXsCyARAoGAOKb4HtuNyYAW0jUlujR7 -IMHwUesOGlhSXqFtP9aTvk6qJgvV0+3CKcWEb4y02g+uYftP8BLNbJbIt9qOqLYh -tOVyzCoamAi8araAhjA0w4dXvqDCDK7k/gZFkojmKQtRijoxTHnWcDc3vAjYCgaM -9MVtdgSkuh2gwkD/mMoAJXM= ------END PRIVATE KEY----- diff --git a/nix/pkgs/complement/signing_request.csr b/nix/pkgs/complement/signing_request.csr deleted file mode 100644 index e2aa658e..00000000 --- a/nix/pkgs/complement/signing_request.csr +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIChDCCAWwCAQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQK -DAx3b29mZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjH -uCLZLpYt/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZR -xmOhtp88awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZb -o61q8HBpL0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42B -hGtnJZsKK5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBe -vUdBh8gl8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaAAMA0GCSqGSIb3DQEB -CwUAA4IBAQDR/gjfxN0IID1MidyhZB4qpdWn3m6qZnEQqoTyHHdWalbfNXcALC79 -ffS+Smx40N5hEPvqy6euR89N5YuYvt8Hs+j7aWNBn7Wus5Favixcm2JcfCTJn2R3 -r8FefuSs2xGkoyGsPFFcXE13SP/9zrZiwvOgSIuTdz/Pbh6GtEx7aV4DqHJsrXnb -XuPxpQleoBqKvQgSlmaEBsJg13TQB+Fl2foBVUtqAFDQiv+RIuircf0yesMCKJaK -MPH4Oo+r3pR8lI8ewfJPreRhCoV+XrGYMubaakz003TJ1xlOW8M+N9a6eFyMVh76 -U1nY/KP8Ua6Lgaj9PRz7JCRzNoshZID/ ------END CERTIFICATE REQUEST----- diff --git a/nix/pkgs/complement/v3.ext b/nix/pkgs/complement/v3.ext deleted file mode 100644 index 0deaa48a..00000000 --- a/nix/pkgs/complement/v3.ext +++ /dev/null @@ -1,12 +0,0 @@ -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = *.docker.internal -DNS.2 = hs1 -DNS.3 = hs2 -DNS.4 = hs3 -DNS.5 = hs4 -IP.1 = 127.0.0.1 diff --git a/nix/pkgs/main/cross-compilation-env.nix b/nix/pkgs/main/cross-compilation-env.nix index 0f326c92..3e993bba 100644 --- a/nix/pkgs/main/cross-compilation-env.nix +++ b/nix/pkgs/main/cross-compilation-env.nix @@ -4,51 +4,47 @@ , stdenv }: -lib.optionalAttrs stdenv.hostPlatform.isStatic { - ROCKSDB_STATIC = ""; -} +lib.optionalAttrs stdenv.hostPlatform.isStatic + { + ROCKSDB_STATIC = ""; + } // { CARGO_BUILD_RUSTFLAGS = lib.concatStringsSep " " - ([] - # This disables PIE for static builds, which isn't great in terms - # of security. Unfortunately, my hand is forced because nixpkgs' - # `libstdc++.a` is built without `-fPIE`, which precludes us from - # leaving PIE enabled. - ++ lib.optionals - stdenv.hostPlatform.isStatic - [ "-C" "relocation-model=static" ] - ++ lib.optionals - (stdenv.buildPlatform.config != stdenv.hostPlatform.config) - [ - "-l" - "c" + (lib.optionals + stdenv.hostPlatform.isStatic + [ "-C" "relocation-model=static" ] + ++ lib.optionals + (stdenv.buildPlatform.config != stdenv.hostPlatform.config) + [ + "-l" + "c" - "-l" - "stdc++" + "-l" + "stdc++" - "-L" - "${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib" - ] + "-L" + "${stdenv.cc.cc.lib}/${stdenv.hostPlatform.config}/lib" + ] ); } -# What follows is stolen from [here][0]. Its purpose is to properly -# configure compilers and linkers for various stages of the build, and -# even covers the case of build scripts that need native code compiled and -# run on the build platform (I think). -# -# [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68 -// + # What follows is stolen from [here][0]. Its purpose is to properly + # configure compilers and linkers for various stages of the build, and + # even covers the case of build scripts that need native code compiled and + # run on the build platform (I think). + # + # [0]: https://github.com/NixOS/nixpkgs/blob/nixpkgs-unstable/pkgs/build-support/rust/lib/default.nix#L48-L68 + // ( let inherit (rust.lib) envVars; in lib.optionalAttrs (stdenv.targetPlatform.rust.rustcTarget - != stdenv.hostPlatform.rust.rustcTarget) + != stdenv.hostPlatform.rust.rustcTarget) ( let inherit (stdenv.targetPlatform.rust) cargoEnvVarTarget; diff --git a/nix/pkgs/main/default.nix b/nix/pkgs/main/default.nix index f2fffec0..01fb8e40 100644 --- a/nix/pkgs/main/default.nix +++ b/nix/pkgs/main/default.nix @@ -12,144 +12,146 @@ , rust-jemalloc-sys , stdenv -# Options (keep sorted) + # Options (keep sorted) , all_features ? false , default_features ? true -# default list of disabled features + # default list of disabled features , disable_features ? [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" -] + # dont include experimental features + "experimental" + # jemalloc profiling/stats features are expensive and shouldn't + # be expected on non-debug builds. + "jemalloc_prof" + "jemalloc_stats" + # this is non-functional on nix for some reason + "hardened_malloc" + # conduwuit_mods is a development-only hot reload feature + "conduwuit_mods" + ] , disable_release_max_log_level ? false -, features ? [] +, features ? [ ] , profile ? "release" -# rocksdb compiled with -march=haswell and target-cpu=haswell rustflag -# haswell is pretty much any x86 cpu made in the last 12 years, and -# supports modern CPU extensions that rocksdb can make use of. -# disable if trying to make a portable x86_64 build for very old hardware + # rocksdb compiled with -march=haswell and target-cpu=haswell rustflag + # haswell is pretty much any x86 cpu made in the last 12 years, and + # supports modern CPU extensions that rocksdb can make use of. + # disable if trying to make a portable x86_64 build for very old hardware , x86_64_haswell_target_optimised ? false }: let -# We perform default-feature unification in nix, because some of the dependencies -# on the nix side depend on feature values. -crateFeatures = path: - let manifest = lib.importTOML "${path}/Cargo.toml"; in - lib.remove "default" (lib.attrNames manifest.features); -crateDefaultFeatures = path: - (lib.importTOML "${path}/Cargo.toml").features.default; -allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main"; -allFeatures = crateFeatures "${inputs.self}/src/main"; -features' = lib.unique - (features ++ - lib.optionals default_features allDefaultFeatures ++ - lib.optionals all_features allFeatures); -disable_features' = disable_features ++ lib.optionals disable_release_max_log_level ["release_max_log_level"]; -features'' = lib.subtractLists disable_features' features'; + # We perform default-feature unification in nix, because some of the dependencies + # on the nix side depend on feature values. + crateFeatures = path: + let manifest = lib.importTOML "${path}/Cargo.toml"; in + lib.remove "default" (lib.attrNames manifest.features); + crateDefaultFeatures = path: + (lib.importTOML "${path}/Cargo.toml").features.default; + allDefaultFeatures = crateDefaultFeatures "${inputs.self}/src/main"; + allFeatures = crateFeatures "${inputs.self}/src/main"; + features' = lib.unique + (features ++ + lib.optionals default_features allDefaultFeatures ++ + lib.optionals all_features allFeatures); + disable_features' = disable_features ++ lib.optionals disable_release_max_log_level [ "release_max_log_level" ]; + features'' = lib.subtractLists disable_features' features'; -featureEnabled = feature : builtins.elem feature features''; + featureEnabled = feature: builtins.elem feature features''; -enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin; + enableLiburing = featureEnabled "io_uring" && !stdenv.hostPlatform.isDarwin; -# This derivation will set the JEMALLOC_OVERRIDE variable, causing the -# tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's -# own. In order for this to work, we need to set flags on the build that match -# whatever flags tikv-jemalloc-sys was going to use. These are dependent on -# which features we enable in tikv-jemalloc-sys. -rust-jemalloc-sys' = (rust-jemalloc-sys.override { - # tikv-jemalloc-sys/unprefixed_malloc_on_supported_platforms feature - unprefixed = true; -}).overrideAttrs (old: { - configureFlags = old.configureFlags ++ - # we dont need docs - [ "--disable-doc" ] ++ - # we dont need cxx/C++ integration - [ "--disable-cxx" ] ++ - # tikv-jemalloc-sys/profiling feature - lib.optional (featureEnabled "jemalloc_prof") "--enable-prof" ++ - # tikv-jemalloc-sys/stats feature - (if (featureEnabled "jemalloc_stats") then [ "--enable-stats" ] else [ "--disable-stats" ]); -}); - -buildDepsOnlyEnv = - let - rocksdb' = (rocksdb.override { - jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys'; - # rocksdb fails to build with prefixed jemalloc, which is required on - # darwin due to [1]. In this case, fall back to building rocksdb with - # libc malloc. This should not cause conflicts, because all of the - # jemalloc symbols are prefixed. - # - # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17 - enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin; - - # for some reason enableLiburing in nixpkgs rocksdb is default true - # which breaks Darwin entirely - enableLiburing = enableLiburing; - }).overrideAttrs (old: { - enableLiburing = enableLiburing; - cmakeFlags = (if x86_64_haswell_target_optimised then (lib.subtractLists [ - # dont make a portable build if x86_64_haswell_target_optimised is enabled - "-DPORTABLE=1" - ] old.cmakeFlags - ++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ]) - ) - ++ old.cmakeFlags; - - # outputs has "tools" which we dont need or use - outputs = [ "out" ]; - - # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use - preInstall = ""; - }); - in - { - # https://crane.dev/faq/rebuilds-bindgen.html - NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa"; - - CARGO_PROFILE = profile; - ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include"; - ROCKSDB_LIB_DIR = "${rocksdb'}/lib"; - } - // - (import ./cross-compilation-env.nix { - # Keep sorted - inherit - lib - pkgsBuildHost - rust - stdenv; + # This derivation will set the JEMALLOC_OVERRIDE variable, causing the + # tikv-jemalloc-sys crate to use the nixpkgs jemalloc instead of building it's + # own. In order for this to work, we need to set flags on the build that match + # whatever flags tikv-jemalloc-sys was going to use. These are dependent on + # which features we enable in tikv-jemalloc-sys. + rust-jemalloc-sys' = (rust-jemalloc-sys.override { + # tikv-jemalloc-sys/unprefixed_malloc_on_supported_platforms feature + unprefixed = true; + }).overrideAttrs (old: { + configureFlags = old.configureFlags ++ + # we dont need docs + [ "--disable-doc" ] ++ + # we dont need cxx/C++ integration + [ "--disable-cxx" ] ++ + # tikv-jemalloc-sys/profiling feature + lib.optional (featureEnabled "jemalloc_prof") "--enable-prof" ++ + # tikv-jemalloc-sys/stats feature + (if (featureEnabled "jemalloc_stats") then [ "--enable-stats" ] else [ "--disable-stats" ]); }); -buildPackageEnv = { - GIT_COMMIT_HASH = inputs.self.rev or inputs.self.dirtyRev or ""; - GIT_COMMIT_HASH_SHORT = inputs.self.shortRev or inputs.self.dirtyShortRev or ""; -} // buildDepsOnlyEnv // { - # Only needed in static stdenv because these are transitive dependencies of rocksdb - CARGO_BUILD_RUSTFLAGS = buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS - + lib.optionalString (enableLiburing && stdenv.hostPlatform.isStatic) + buildDepsOnlyEnv = + let + rocksdb' = (rocksdb.override { + jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys'; + # rocksdb fails to build with prefixed jemalloc, which is required on + # darwin due to [1]. In this case, fall back to building rocksdb with + # libc malloc. This should not cause conflicts, because all of the + # jemalloc symbols are prefixed. + # + # [1]: https://github.com/tikv/jemallocator/blob/ab0676d77e81268cd09b059260c75b38dbef2d51/jemalloc-sys/src/env.rs#L17 + enableJemalloc = featureEnabled "jemalloc" && !stdenv.hostPlatform.isDarwin; + + # for some reason enableLiburing in nixpkgs rocksdb is default true + # which breaks Darwin entirely + inherit enableLiburing; + }).overrideAttrs (old: { + inherit enableLiburing; + cmakeFlags = (if x86_64_haswell_target_optimised then + (lib.subtractLists [ + # dont make a portable build if x86_64_haswell_target_optimised is enabled + "-DPORTABLE=1" + ] + old.cmakeFlags + ++ [ "-DPORTABLE=haswell" ]) else [ "-DPORTABLE=1" ] + ) + ++ old.cmakeFlags; + + # outputs has "tools" which we dont need or use + outputs = [ "out" ]; + + # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use + preInstall = ""; + }); + in + { + # https://crane.dev/faq/rebuilds-bindgen.html + NIX_OUTPATH_USED_AS_RANDOM_SEED = "aaaaaaaaaa"; + + CARGO_PROFILE = profile; + ROCKSDB_INCLUDE_DIR = "${rocksdb'}/include"; + ROCKSDB_LIB_DIR = "${rocksdb'}/lib"; + } + // + (import ./cross-compilation-env.nix { + # Keep sorted + inherit + lib + pkgsBuildHost + rust + stdenv; + }); + + buildPackageEnv = { + GIT_COMMIT_HASH = inputs.self.rev or inputs.self.dirtyRev or ""; + GIT_COMMIT_HASH_SHORT = inputs.self.shortRev or inputs.self.dirtyShortRev or ""; + } // buildDepsOnlyEnv // { + # Only needed in static stdenv because these are transitive dependencies of rocksdb + CARGO_BUILD_RUSTFLAGS = buildDepsOnlyEnv.CARGO_BUILD_RUSTFLAGS + + lib.optionalString (enableLiburing && stdenv.hostPlatform.isStatic) " -L${lib.getLib liburing}/lib -luring" - + lib.optionalString x86_64_haswell_target_optimised + + lib.optionalString x86_64_haswell_target_optimised " -Ctarget-cpu=haswell"; -}; + }; -commonAttrs = { - inherit - (craneLib.crateNameFromCargoToml { - cargoToml = "${inputs.self}/Cargo.toml"; - }) - pname - version; + commonAttrs = { + inherit + (craneLib.crateNameFromCargoToml { + cargoToml = "${inputs.self}/Cargo.toml"; + }) + pname + version; src = let filter = inputs.nix-filter.lib; in filter { root = inputs.self; @@ -167,22 +169,22 @@ commonAttrs = { cargoExtraArgs = "--no-default-features --locked " + lib.optionalString - (features'' != []) - "--features " + (builtins.concatStringsSep "," features''); + (features'' != [ ]) + "--features " + (builtins.concatStringsSep "," features''); dontStrip = profile == "dev" || profile == "test"; dontPatchELF = profile == "dev" || profile == "test"; buildInputs = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys' - # needed to build Rust applications on macOS - ++ lib.optionals stdenv.hostPlatform.isDarwin [ - # https://github.com/NixOS/nixpkgs/issues/206242 - # ld: library not found for -liconv - libiconv - # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell - # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612 - pkgsBuildHost.darwin.apple_sdk.frameworks.Security - ]; + # needed to build Rust applications on macOS + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + # https://github.com/NixOS/nixpkgs/issues/206242 + # ld: library not found for -liconv + libiconv + # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell + # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612 + pkgsBuildHost.darwin.apple_sdk.frameworks.Security + ]; nativeBuildInputs = [ # bindgen needs the build platform's libclang. Apparently due to "splicing @@ -195,11 +197,11 @@ commonAttrs = { # differing values for `NIX_CFLAGS_COMPILE`, which contributes to spurious # rebuilds of bindgen and its depedents. jq - ]; - }; + ]; + }; in -craneLib.buildPackage ( commonAttrs // { +craneLib.buildPackage (commonAttrs // { cargoArtifacts = craneLib.buildDepsOnly (commonAttrs // { env = buildDepsOnlyEnv; }); @@ -208,8 +210,8 @@ craneLib.buildPackage ( commonAttrs // { cargoExtraArgs = "--no-default-features --locked " + lib.optionalString - (features'' != []) - "--features " + (builtins.concatStringsSep "," features''); + (features'' != [ ]) + "--features " + (builtins.concatStringsSep "," features''); env = buildPackageEnv; diff --git a/nix/pkgs/oci-image/default.nix b/nix/pkgs/oci-image/default.nix deleted file mode 100644 index 953407ef..00000000 --- a/nix/pkgs/oci-image/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ inputs - -# Dependencies -, dockerTools -, lib -, main -, stdenv -, tini -}: - -dockerTools.buildLayeredImage { - name = main.pname; - tag = "main"; - created = "@${toString inputs.self.lastModified}"; - contents = [ - dockerTools.caCertificates - main - ]; - config = { - Entrypoint = if !stdenv.hostPlatform.isDarwin - # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT) - # are handled as expected - then [ "${lib.getExe' tini "tini"}" "--" ] - else []; - Cmd = [ - "${lib.getExe main}" - ]; - Env = [ - "RUST_BACKTRACE=full" - ]; - Labels = { - "org.opencontainers.image.authors" = "June Clementine Strawberry and Jason Volk - "; - "org.opencontainers.image.created" ="@${toString inputs.self.lastModified}"; - "org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust"; - "org.opencontainers.image.documentation" = "https://continuwuity.org/"; - "org.opencontainers.image.licenses" = "Apache-2.0"; - "org.opencontainers.image.revision" = inputs.self.rev or inputs.self.dirtyRev or ""; - "org.opencontainers.image.source" = "https://forgejo.ellis.link/continuwuation/continuwuity"; - "org.opencontainers.image.title" = main.pname; - "org.opencontainers.image.url" = "https://continuwuity.org/"; - "org.opencontainers.image.vendor" = "continuwuation"; - "org.opencontainers.image.version" = main.version; - }; - }; -}