From 520a179bb0286fdce22902300394a459089e9555 Mon Sep 17 00:00:00 2001 From: Shuroii Date: Thu, 3 Jul 2025 13:02:27 +0200 Subject: [PATCH] ref: Remove lots of unused Nix assets Also change some links to the new ones, removing reliance on June's github repos in some places --- flake.nix | 350 ++---------------------- nix/pkgs/book/default.nix | 36 --- nix/pkgs/complement/certificate.crt | 21 -- nix/pkgs/complement/config.toml | 50 ---- nix/pkgs/complement/default.nix | 90 ------ nix/pkgs/complement/private_key.key | 28 -- nix/pkgs/complement/signing_request.csr | 16 -- nix/pkgs/complement/v3.ext | 12 - nix/pkgs/oci-image/default.nix | 47 ---- 9 files changed, 29 insertions(+), 621 deletions(-) delete mode 100644 nix/pkgs/book/default.nix delete mode 100644 nix/pkgs/complement/certificate.crt delete mode 100644 nix/pkgs/complement/config.toml delete mode 100644 nix/pkgs/complement/default.nix delete mode 100644 nix/pkgs/complement/private_key.key delete mode 100644 nix/pkgs/complement/signing_request.csr delete mode 100644 nix/pkgs/complement/v3.ext delete mode 100644 nix/pkgs/oci-image/default.nix diff --git a/flake.nix b/flake.nix index f8eba0f2..f857471b 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,6 @@ inputs = { attic.url = "github:zhaofengli/attic?ref=main"; cachix.url = "github:cachix/cachix?ref=master"; - complement = { - url = "github:girlbossceo/complement?ref=main"; - flake = false; - }; crane = { url = "github:ipetkov/crane?ref=master"; }; @@ -21,11 +17,7 @@ nix-filter.url = "github:numtide/nix-filter?ref=main"; nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable"; rocksdb = { - url = "github:girlbossceo/rocksdb?ref=v9.11.1"; - flake = false; - }; - liburing = { - url = "github:axboe/liburing?ref=master"; + url = "git+https://forgejo.ellis.link/continuwuation/rocksdb?ref=v9.11.1"; flake = false; }; }; @@ -38,7 +30,6 @@ pkgsHost = import inputs.nixpkgs { inherit system; }; - pkgsHostStatic = pkgsHost.pkgsStatic; # The Rust toolchain to use toolchain = inputs.fenix.packages.${system}.fromToolchainFile { @@ -52,21 +43,9 @@ pkgs: pkgs.lib.makeScope pkgs.newScope (self: { inherit pkgs; - book = self.callPackage ./nix/pkgs/book { }; - complement = self.callPackage ./nix/pkgs/complement { }; craneLib = ((inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain)); inherit inputs; main = self.callPackage ./nix/pkgs/main { }; - oci-image = self.callPackage ./nix/pkgs/oci-image { }; - tini = pkgs.tini.overrideAttrs { - # newer clang/gcc is unhappy with tini-static: - patches = [ - (pkgs.fetchpatch { - url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch"; - hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k="; - }) - ]; - }; liburing = pkgs.liburing.overrideAttrs { # Tests weren't building outputs = [ @@ -75,63 +54,59 @@ "man" ]; buildFlags = [ "library" ]; - src = inputs.liburing; }; rocksdb = (pkgs.rocksdb.override { - liburing = self.liburing; }).overrideAttrs (old: { src = inputs.rocksdb; - version = pkgs.lib.removePrefix "v" (builtins.fromJSON (builtins.readFile ./flake.lock)) - .nodes.rocksdb.original.ref; - # we have this already at https://github.com/girlbossceo/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155 - # unsetting this so i don't have to revert it and make this nix exclusive - patches = [ ]; + version = "v9.11.1"; cmakeFlags = pkgs.lib.subtractLists [ # no real reason to have snappy or zlib, no one uses this "-DWITH_SNAPPY=1" "-DZLIB=1" "-DWITH_ZLIB=1" - # we dont need to use ldb or sst_dump (core_tools) + # We don't need to use ldb or sst_dump (core_tools) "-DWITH_CORE_TOOLS=1" - # we dont need to build rocksdb tests + # We don't need to build rocksdb tests "-DWITH_TESTS=1" - # we use rust-rocksdb via C interface and dont need C++ RTTI + # We use rust-rocksdb via C interface and don't need C++ RTTI "-DUSE_RTTI=1" - # this doesn't exist in RocksDB, and USE_SSE is deprecated for + # This doesn't exist in RocksDB, and USE_SSE is deprecated for # PORTABLE=$(march) "-DFORCE_SSE42=1" # PORTABLE will get set in main/default.nix "-DPORTABLE=1" ] old.cmakeFlags ++ [ - # no real reason to have snappy, no one uses this + # No real reason to have snappy, no one uses this "-DWITH_SNAPPY=0" "-DZLIB=0" "-DWITH_ZLIB=0" - # we dont need to use ldb or sst_dump (core_tools) + # We don't need to use ldb or sst_dump (core_tools) "-DWITH_CORE_TOOLS=0" - # we dont need trace tools + # We don't need trace tools "-DWITH_TRACE_TOOLS=0" - # we dont need to build rocksdb tests + # We don't need to build rocksdb tests "-DWITH_TESTS=0" - # we use rust-rocksdb via C interface and dont need C++ RTTI + # We use rust-rocksdb via C interface and don't need C++ RTTI "-DUSE_RTTI=0" ]; - # outputs has "tools" which we dont need or use + # outputs has "tools" which we don't need or use outputs = [ "out" ]; - # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use + # preInstall hooks has stuff for messing with ldb/sst_dump which we don't need or use preInstall = ""; + + # We have this already at https://forgejo.ellis.link/continuwuation/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155 + # Unsetting this so we don't have to revert it and make this nix exclusive + patches = [ ]; }); }); scopeHost = mkScope pkgsHost; - scopeHostStatic = mkScope pkgsHostStatic; - scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic; mkCrossScope = crossSystem: let @@ -145,92 +120,19 @@ in mkScope pkgsCrossStatic; - mkDevShell = - scope: - scope.pkgs.mkShell { - env = scope.main.env // { - # Rust Analyzer needs to be able to find the path to default crate - # sources, and it can read this environment variable to do so. The - # `rust-src` component is required in order for this to work. - RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; - - # Convenient way to access a pinned version of Complement's source - # code. - COMPLEMENT_SRC = inputs.complement.outPath; - - # Needed for Complement: - CGO_CFLAGS = "-Wl,--no-gc-sections"; - CGO_LDFLAGS = "-Wl,--no-gc-sections"; - }; - - # Development tools - packages = - [ - # Always use nightly rustfmt because most of its options are unstable - # - # This needs to come before `toolchain` in this list, otherwise - # `$PATH` will have stable rustfmt instead. - inputs.fenix.packages.${system}.latest.rustfmt - - toolchain - ] - ++ ( - with pkgsHost.pkgs; - [ - # Required by hardened-malloc.rs dep - binutils - - cargo-audit - cargo-auditable - - # Needed for producing Debian packages - cargo-deb - - # Needed for CI to check validity of produced Debian packages (dpkg-deb) - dpkg - - engage - - # Needed for Complement - go - - # Needed for our script for Complement - jq - gotestfmt - - # Needed for finding broken markdown links - lychee - - # Needed for linting markdown files - markdownlint-cli - - # Useful for editing the book locally - mdbook - - # used for rust caching in CI to speed it up - sccache - ] - # liburing is Linux-exclusive - ++ lib.optional stdenv.hostPlatform.isLinux liburing - ++ lib.optional stdenv.hostPlatform.isLinux numactl - ) - ++ scope.main.buildInputs - ++ scope.main.propagatedBuildInputs - ++ scope.main.nativeBuildInputs; - }; in { packages = { default = scopeHost.main.override { disable_features = [ - # dont include experimental features + # Don't include experimental features "experimental" # jemalloc profiling/stats features are expensive and shouldn't # be expected on non-debug builds. "jemalloc_prof" "jemalloc_stats" - # this is non-functional on nix for some reason + # This is non-functional on nix for some reason "hardened_malloc" # conduwuit_mods is a development-only hot reload feature "conduwuit_mods" @@ -238,23 +140,23 @@ }; default-debug = scopeHost.main.override { profile = "dev"; - # debug build users expect full logs + # Debug build users expect full logs disable_release_max_log_level = true; disable_features = [ - # dont include experimental features + # Don't include experimental features "experimental" - # this is non-functional on nix for some reason + # This is non-functional on nix for some reason "hardened_malloc" # conduwuit_mods is a development-only hot reload feature "conduwuit_mods" ]; }; - # just a test profile used for things like CI and complement + # Just a test profile used for things like CI and complement default-test = scopeHost.main.override { profile = "test"; disable_release_max_log_level = true; disable_features = [ - # dont include experimental features + # Don't include experimental features "experimental" # this is non-functional on nix for some reason "hardened_malloc" @@ -265,13 +167,13 @@ all-features = scopeHost.main.override { all_features = true; disable_features = [ - # dont include experimental features + # Don't include experimental features "experimental" # jemalloc profiling/stats features are expensive and shouldn't # be expected on non-debug builds. "jemalloc_prof" "jemalloc_stats" - # this is non-functional on nix for some reason + # This is non-functional on nix for some reason "hardened_malloc" # conduwuit_mods is a development-only hot reload feature "conduwuit_mods" @@ -280,65 +182,18 @@ all-features-debug = scopeHost.main.override { profile = "dev"; all_features = true; - # debug build users expect full logs + # Debug build users expect full logs disable_release_max_log_level = true; disable_features = [ - # dont include experimental features + # Don't include experimental features "experimental" - # this is non-functional on nix for some reason + # This is non-functional on nix for some reason "hardened_malloc" # conduwuit_mods is a development-only hot reload feature "conduwuit_mods" ]; }; hmalloc = scopeHost.main.override { features = [ "hardened_malloc" ]; }; - - oci-image = scopeHost.oci-image; - oci-image-all-features = scopeHost.oci-image.override { - main = scopeHost.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - }; - oci-image-all-features-debug = scopeHost.oci-image.override { - main = scopeHost.main.override { - profile = "dev"; - all_features = true; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - }; - oci-image-hmalloc = scopeHost.oci-image.override { - main = scopeHost.main.override { - features = [ "hardened_malloc" ]; - }; - }; - - book = scopeHost.book; - - complement = scopeHost.complement; - static-complement = scopeHostStatic.complement; - # macOS containers don't exist, so the complement images must be forced to linux - linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement; } // builtins.listToAttrs ( builtins.concatLists ( @@ -465,122 +320,6 @@ features = [ "hardened_malloc" ]; }; } - - # An output for an OCI image based on that binary - { - name = "oci-image-${crossSystem}"; - value = scopeCrossStatic.oci-image; - } - - # An output for an OCI image based on that binary with x86_64 haswell - # target optimisations - { - name = "oci-image-${crossSystem}-x86_64-haswell-optimised"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - x86_64_haswell_target_optimised = ( - if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false - ); - }; - }; - } - - # An output for an OCI image based on that unstripped debug ("dev") binary - { - name = "oci-image-${crossSystem}-debug"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - profile = "dev"; - # debug build users expect full logs - disable_release_max_log_level = true; - }; - }; - } - - # An output for an OCI image based on that binary with `--all-features` - { - name = "oci-image-${crossSystem}-all-features"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - }; - } - - # An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell - # target optimisations - { - name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - x86_64_haswell_target_optimised = ( - if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false - ); - }; - }; - } - - # An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features` - { - name = "oci-image-${crossSystem}-all-features-debug"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - profile = "dev"; - all_features = true; - # debug build users expect full logs - disable_release_max_log_level = true; - disable_features = [ - # dont include experimental features - "experimental" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - }; - } - - # An output for an OCI image based on that binary with hardened_malloc - { - name = "oci-image-${crossSystem}-hmalloc"; - value = scopeCrossStatic.oci-image.override { - main = scopeCrossStatic.main.override { - features = [ "hardened_malloc" ]; - }; - }; - } - - # An output for a complement OCI image for the specified platform - { - name = "complement-${crossSystem}"; - value = scopeCrossStatic.complement; - } ] ) [ @@ -592,37 +331,6 @@ ] ) ); - - devShells.default = mkDevShell scopeHostStatic; - devShells.all-features = mkDevShell ( - scopeHostStatic.overrideScope ( - final: prev: { - main = prev.main.override { - all_features = true; - disable_features = [ - # dont include experimental features - "experimental" - # jemalloc profiling/stats features are expensive and shouldn't - # be expected on non-debug builds. - "jemalloc_prof" - "jemalloc_stats" - # this is non-functional on nix for some reason - "hardened_malloc" - # conduwuit_mods is a development-only hot reload feature - "conduwuit_mods" - ]; - }; - } - ) - ); - devShells.no-features = mkDevShell ( - scopeHostStatic.overrideScope ( - final: prev: { - main = prev.main.override { default_features = false; }; - } - ) - ); - devShells.dynamic = mkDevShell scopeHost; } ); } diff --git a/nix/pkgs/book/default.nix b/nix/pkgs/book/default.nix deleted file mode 100644 index 882a37b6..00000000 --- a/nix/pkgs/book/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ inputs - - # Dependencies -, main -, mdbook -, stdenv -}: - -stdenv.mkDerivation { - inherit (main) pname version; - - src = inputs.nix-filter { - root = inputs.self; - include = [ - "book.toml" - "conduwuit-example.toml" - "CODE_OF_CONDUCT.md" - "CONTRIBUTING.md" - "README.md" - "development.md" - "debian/conduwuit.service" - "debian/README.md" - "arch/conduwuit.service" - "docs" - "theme" - ]; - }; - - nativeBuildInputs = [ - mdbook - ]; - - buildPhase = '' - mdbook build -d $out - ''; -} diff --git a/nix/pkgs/complement/certificate.crt b/nix/pkgs/complement/certificate.crt deleted file mode 100644 index 5dd4fdea..00000000 --- a/nix/pkgs/complement/certificate.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIUcrZdSPmCh33Evys/U6mTPpShqdcwDQYJKoZIhvcNAQEL -BQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29mZXJz -IGluYy4xDDAKBgNVBAMMA2hzMTAgFw0yNTAzMTMxMjU4NTFaGA8yMDUyMDcyODEy -NTg1MVowPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29m -ZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjHuCLZLpYt -/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZRxmOhtp88 -awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZbo61q8HBp -L0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42BhGtnJZsK -K5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBevUdBh8gl -8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaNxMG8wCQYDVR0TBAIwADALBgNV -HQ8EBAMCBPAwNgYDVR0RBC8wLYIRKi5kb2NrZXIuaW50ZXJuYWyCA2hzMYIDaHMy -ggNoczOCA2hzNIcEfwAAATAdBgNVHQ4EFgQUr4VYrmW1d+vjBTJewvy7fJYhLDYw -DQYJKoZIhvcNAQELBQADggEBADkYqkjNYxjWX8hUUAmFHNdCwzT1CpYe/5qzLiyJ -irDSdMlC5g6QqMUSrpu7nZxo1lRe1dXGroFVfWpoDxyCjSQhplQZgtYqtyLfOIx+ -HQ7cPE/tUU/KsTGc0aL61cETB6u8fj+rQKUGdfbSlm0Rpu4v0gC8RnDj06X/hZ7e -VkWU+dOBzxlqHuLlwFFtVDgCyyTatIROx5V+GpMHrVqBPO7HcHhwqZ30k2kMM8J3 -y1CWaliQM85jqtSZV+yUHKQV8EksSowCFJuguf+Ahz0i0/koaI3i8m4MRN/1j13d -jbTaX5a11Ynm3A27jioZdtMRty6AJ88oCp18jxVzqTxNNO4= ------END CERTIFICATE----- diff --git a/nix/pkgs/complement/config.toml b/nix/pkgs/complement/config.toml deleted file mode 100644 index 7f4ecef7..00000000 --- a/nix/pkgs/complement/config.toml +++ /dev/null @@ -1,50 +0,0 @@ -[global] -address = "0.0.0.0" -allow_device_name_federation = true -allow_guest_registration = true -allow_public_room_directory_over_federation = true -allow_public_room_directory_without_auth = true -allow_registration = true -database_path = "/database" -log = "trace,h2=debug,hyper=debug" -port = [8008, 8448] -trusted_servers = [] -only_query_trusted_key_servers = false -query_trusted_key_servers_first = false -query_trusted_key_servers_first_on_join = false -yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true -ip_range_denylist = [] -url_preview_domain_contains_allowlist = ["*"] -url_preview_domain_explicit_denylist = ["*"] -media_compat_file_link = false -media_startup_check = true -prune_missing_media = true -log_colors = true -admin_room_notices = false -allow_check_for_updates = false -intentionally_unknown_config_option_for_testing = true -rocksdb_log_level = "info" -rocksdb_max_log_files = 1 -rocksdb_recovery_mode = 0 -rocksdb_paranoid_file_checks = true -log_guest_registrations = false -allow_legacy_media = true -startup_netburst = true -startup_netburst_keep = -1 - -allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true - -# valgrind makes things so slow -dns_timeout = 60 -dns_attempts = 20 -request_conn_timeout = 60 -request_timeout = 120 -well_known_conn_timeout = 60 -well_known_timeout = 60 -federation_idle_timeout = 300 -sender_timeout = 300 -sender_idle_timeout = 300 -sender_retry_backoff_limit = 300 - -[global.tls] -dual_protocol = true diff --git a/nix/pkgs/complement/default.nix b/nix/pkgs/complement/default.nix deleted file mode 100644 index f86a01d4..00000000 --- a/nix/pkgs/complement/default.nix +++ /dev/null @@ -1,90 +0,0 @@ -# Dependencies -{ bashInteractive -, buildEnv -, coreutils -, dockerTools -, lib -, main -, stdenv -, tini -, writeShellScriptBin -}: - -let - main' = main.override { - profile = "test"; - all_features = true; - disable_release_max_log_level = true; - disable_features = [ - # console/CLI stuff isn't used or relevant for complement - "console" - "tokio_console" - # sentry telemetry isn't useful for complement, disabled by default anyways - "sentry_telemetry" - "perf_measurements" - # this is non-functional on nix for some reason - "hardened_malloc" - # dont include experimental features - "experimental" - # compression isn't needed for complement - "brotli_compression" - "gzip_compression" - "zstd_compression" - # complement doesn't need hot reloading - "conduwuit_mods" - # complement doesn't have URL preview media tests - "url_preview" - ]; - }; - - start = writeShellScriptBin "start" '' - set -euxo pipefail - - ${lib.getExe' coreutils "env"} \ - CONDUWUIT_SERVER_NAME="$SERVER_NAME" \ - ${lib.getExe main'} - ''; -in - -dockerTools.buildImage { - name = "complement-conduwuit"; - tag = "main"; - - copyToRoot = buildEnv { - name = "root"; - pathsToLink = [ - "/bin" - ]; - paths = [ - bashInteractive - coreutils - main' - start - ]; - }; - - config = { - Cmd = [ - "${lib.getExe start}" - ]; - - Entrypoint = - if !stdenv.hostPlatform.isDarwin - # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT) - # are handled as expected - then [ "${lib.getExe' tini "tini"}" "--" ] - else [ ]; - - Env = [ - "CONTINUWUITY_TLS__KEY=${./private_key.key}" - "CONTINUWUITY_TLS__CERTS=${./certificate.crt}" - "CONTINUWUITY_CONFIG=${./config.toml}" - "RUST_BACKTRACE=full" - ]; - - ExposedPorts = { - "8008/tcp" = { }; - "8448/tcp" = { }; - }; - }; -} diff --git a/nix/pkgs/complement/private_key.key b/nix/pkgs/complement/private_key.key deleted file mode 100644 index 5b9d4d4f..00000000 --- a/nix/pkgs/complement/private_key.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDS/odmZivxajeb -iyT7SMuhXqnMm+hF+zEARLcbieem0wG4x7gi2S6WLf8DlifdXax6me13eYk4rBnT -LvGEvNNx0px5M54H+FVyoVa3c1tmA66WUcZjobafPGsDh5j+5qpScgWwjkMPGg1a -09CphCFswO4PpxUUORX/OTGj/rEKxximW6OtavBwaS9F7mqjXJK7lCrcZxKq5ucc -ebGMmCoO660hROSTBaFigdRTVicclk+NgYRrZyWbCiuXPjQ0jlOE2rcaDepqTUga -Qs/2tdT4kBzBH6kZOiQOIN/ddXaj032QXr1HQYfIJfJmiM6nmRob8nik5rpZdWNO -/Ncsro/fAgMBAAECggEAITCCkfv+a5I+vwvrPE/eIDso0JOxvNhfg+BLQVy3AMnu -WmeoMmshZeREWgcTrEGg8QQnk4Sdrjl8MnkO6sddJ2luza3t7OkGX+q7Hk5aETkB -DIo+f8ufU3sIhlydF3OnVSK0fGpUaBq8AQ6Soyeyrk3G5NVufmjgae5QPbDBnqUb -piOGyfcwagL4JtCbZsMk8AT7vQSynLm6zaWsVzWNd71jummLqtVV063K95J9PqVN -D8meEcP3WR5kQrvf+mgy9RVgWLRtVWN8OLZfJ9yrnl4Efj62elrldUj4jaCFezGQ -8f0W+d8jjt038qhmEdymw2MWQ+X/b0R79lJar1Up8QKBgQD1DtHxauhl+JUoI3y+ -3eboqXl7YPJt1/GTnChb4b6D1Z1hvLsOKUa7hjGEfruYGbsWXBCRMICdfzp+iWcq -/lEOp7/YU9OaW4lQMoG4sXMoBWd9uLgg0E+aH6VDJOBvxsfafqM4ufmtspzwEm90 -FU1cq6oImomFnPChSq4X+3+YpwKBgQDcalaK9llCcscWA8HAP8WVVNTjCOqiDp9q -td61E9IO/FIB/gW5y+JkaFRrA2CN1zY3s3K92uveLTNYTArecWlDcPNNFDuaYu2M -Roz4bC104HGh+zztJ0iPVzELL81Lgg6wHhLONN+eVi4gTftJxzJFXybyb+xVT25A -91ynKXB+CQKBgQC+Ub43MoI+/6pHvBfb3FbDByvz6D0flgBmVXb6tP3TQYmzKHJV -8zSd2wCGGC71V7Z3DRVIzVR1/SOetnPLbivhp+JUzfWfAcxI3pDksdvvjxLrDxTh -VycbWcxtsywjY0w/ou581eLVRcygnpC0pP6qJCAwAmUfwd0YRvmiYo6cLQKBgHIW -UIlJDdaJFmdctnLOD3VGHZMOUHRlYTqYvJe5lKbRD5mcZFZRI/OY1Ok3LEj+tj+K -kL+YizHK76KqaY3N4hBYbHbfHCLDRfWvptQHGlg+vFJ9eoG+LZ6UIPyLV5XX0cZz -KoS1dXG9Zc6uznzXsDucDsq6B/f4TzctUjXsCyARAoGAOKb4HtuNyYAW0jUlujR7 -IMHwUesOGlhSXqFtP9aTvk6qJgvV0+3CKcWEb4y02g+uYftP8BLNbJbIt9qOqLYh -tOVyzCoamAi8araAhjA0w4dXvqDCDK7k/gZFkojmKQtRijoxTHnWcDc3vAjYCgaM -9MVtdgSkuh2gwkD/mMoAJXM= ------END PRIVATE KEY----- diff --git a/nix/pkgs/complement/signing_request.csr b/nix/pkgs/complement/signing_request.csr deleted file mode 100644 index e2aa658e..00000000 --- a/nix/pkgs/complement/signing_request.csr +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIChDCCAWwCAQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQK -DAx3b29mZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjH -uCLZLpYt/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZR -xmOhtp88awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZb -o61q8HBpL0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42B -hGtnJZsKK5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBe -vUdBh8gl8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaAAMA0GCSqGSIb3DQEB -CwUAA4IBAQDR/gjfxN0IID1MidyhZB4qpdWn3m6qZnEQqoTyHHdWalbfNXcALC79 -ffS+Smx40N5hEPvqy6euR89N5YuYvt8Hs+j7aWNBn7Wus5Favixcm2JcfCTJn2R3 -r8FefuSs2xGkoyGsPFFcXE13SP/9zrZiwvOgSIuTdz/Pbh6GtEx7aV4DqHJsrXnb -XuPxpQleoBqKvQgSlmaEBsJg13TQB+Fl2foBVUtqAFDQiv+RIuircf0yesMCKJaK -MPH4Oo+r3pR8lI8ewfJPreRhCoV+XrGYMubaakz003TJ1xlOW8M+N9a6eFyMVh76 -U1nY/KP8Ua6Lgaj9PRz7JCRzNoshZID/ ------END CERTIFICATE REQUEST----- diff --git a/nix/pkgs/complement/v3.ext b/nix/pkgs/complement/v3.ext deleted file mode 100644 index 0deaa48a..00000000 --- a/nix/pkgs/complement/v3.ext +++ /dev/null @@ -1,12 +0,0 @@ -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = *.docker.internal -DNS.2 = hs1 -DNS.3 = hs2 -DNS.4 = hs3 -DNS.5 = hs4 -IP.1 = 127.0.0.1 diff --git a/nix/pkgs/oci-image/default.nix b/nix/pkgs/oci-image/default.nix deleted file mode 100644 index 3b6e3226..00000000 --- a/nix/pkgs/oci-image/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ inputs - - # Dependencies -, dockerTools -, lib -, main -, stdenv -, tini -}: - -dockerTools.buildLayeredImage { - name = main.pname; - tag = "main"; - created = "@${toString inputs.self.lastModified}"; - contents = [ - dockerTools.caCertificates - main - ]; - config = { - Entrypoint = - if !stdenv.hostPlatform.isDarwin - # Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT) - # are handled as expected - then [ "${lib.getExe' tini "tini"}" "--" ] - else [ ]; - Cmd = [ - "${lib.getExe main}" - ]; - Env = [ - "RUST_BACKTRACE=full" - ]; - Labels = { - "org.opencontainers.image.authors" = "June Clementine Strawberry and Jason Volk - "; - "org.opencontainers.image.created" = "@${toString inputs.self.lastModified}"; - "org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust"; - "org.opencontainers.image.documentation" = "https://continuwuity.org/"; - "org.opencontainers.image.licenses" = "Apache-2.0"; - "org.opencontainers.image.revision" = inputs.self.rev or inputs.self.dirtyRev or ""; - "org.opencontainers.image.source" = "https://forgejo.ellis.link/continuwuation/continuwuity"; - "org.opencontainers.image.title" = main.pname; - "org.opencontainers.image.url" = "https://continuwuity.org/"; - "org.opencontainers.image.vendor" = "continuwuation"; - "org.opencontainers.image.version" = main.version; - }; - }; -}