melody/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2025-07-08 14:20:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

ref: Remove lots of unused Nix assets

Browse source 
Also change some links to the new ones, removing reliance on June's github repos in some places
This commit is contained in:
Shuroii 2025-07-03 13:02:27 +02:00 committed by Jade Ellis
parent 09199b0ea7
commit 520a179bb0
No known key found for this signature in database
GPG key ID: 8705A2A3EBF77BD2
9 changed files with 29 additions and 621 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

350
flake.nix
View file

@ -2,10 +2,6 @@
inputs = { inputs = {
attic.url = "github:zhaofengli/attic?ref=main"; attic.url = "github:zhaofengli/attic?ref=main";
cachix.url = "github:cachix/cachix?ref=master"; cachix.url = "github:cachix/cachix?ref=master";
complement = {
url = "github:girlbossceo/complement?ref=main";
flake = false;
};
crane = { crane = {
url = "github:ipetkov/crane?ref=master"; url = "github:ipetkov/crane?ref=master";
}; };
@ -21,11 +17,7 @@
nix-filter.url = "github:numtide/nix-filter?ref=main"; nix-filter.url = "github:numtide/nix-filter?ref=main";
nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable";
rocksdb = { rocksdb = {
url = "github:girlbossceo/rocksdb?ref=v9.11.1"; url = "git+https://forgejo.ellis.link/continuwuation/rocksdb?ref=v9.11.1";
flake = false;
};
liburing = {
url = "github:axboe/liburing?ref=master";
flake = false; flake = false;
}; };
}; };
@ -38,7 +30,6 @@
pkgsHost = import inputs.nixpkgs { pkgsHost = import inputs.nixpkgs {
inherit system; inherit system;
}; };
pkgsHostStatic = pkgsHost.pkgsStatic;
# The Rust toolchain to use # The Rust toolchain to use
toolchain = inputs.fenix.packages.${system}.fromToolchainFile { toolchain = inputs.fenix.packages.${system}.fromToolchainFile {
@ -52,21 +43,9 @@
pkgs: pkgs:
pkgs.lib.makeScope pkgs.newScope (self: { pkgs.lib.makeScope pkgs.newScope (self: {
inherit pkgs; inherit pkgs;
book = self.callPackage ./nix/pkgs/book { };
complement = self.callPackage ./nix/pkgs/complement { };
craneLib = ((inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain)); craneLib = ((inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain));
inherit inputs; inherit inputs;
main = self.callPackage ./nix/pkgs/main { }; main = self.callPackage ./nix/pkgs/main { };
oci-image = self.callPackage ./nix/pkgs/oci-image { };
tini = pkgs.tini.overrideAttrs {
# newer clang/gcc is unhappy with tini-static: <https://3.dog/~strawberry/pb/c8y4>
patches = [
(pkgs.fetchpatch {
url = "https://patch-diff.githubusercontent.com/raw/krallin/tini/pull/224.patch";
hash = "sha256-4bTfAhRyIT71VALhHY13hUgbjLEUyvgkIJMt3w9ag3k=";
})
];
};
liburing = pkgs.liburing.overrideAttrs { liburing = pkgs.liburing.overrideAttrs {
# Tests weren't building # Tests weren't building
outputs = [ outputs = [
@ -75,63 +54,59 @@
"man" "man"
]; ];
buildFlags = [ "library" ]; buildFlags = [ "library" ];
src = inputs.liburing;
}; };
rocksdb = rocksdb =
(pkgs.rocksdb.override { (pkgs.rocksdb.override {
liburing = self.liburing;
}).overrideAttrs }).overrideAttrs
(old: { (old: {
src = inputs.rocksdb; src = inputs.rocksdb;
version = pkgs.lib.removePrefix "v" (builtins.fromJSON (builtins.readFile ./flake.lock)) version = "v9.11.1";
.nodes.rocksdb.original.ref;
# we have this already at https://github.com/girlbossceo/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155
# unsetting this so i don't have to revert it and make this nix exclusive
patches = [ ];
cmakeFlags = cmakeFlags =
pkgs.lib.subtractLists [ pkgs.lib.subtractLists [
# no real reason to have snappy or zlib, no one uses this # no real reason to have snappy or zlib, no one uses this
"-DWITH_SNAPPY=1" "-DWITH_SNAPPY=1"
"-DZLIB=1" "-DZLIB=1"
"-DWITH_ZLIB=1" "-DWITH_ZLIB=1"
# we dont need to use ldb or sst_dump (core_tools) # We don't need to use ldb or sst_dump (core_tools)
"-DWITH_CORE_TOOLS=1" "-DWITH_CORE_TOOLS=1"
# we dont need to build rocksdb tests # We don't need to build rocksdb tests
"-DWITH_TESTS=1" "-DWITH_TESTS=1"
# we use rust-rocksdb via C interface and dont need C++ RTTI # We use rust-rocksdb via C interface and don't need C++ RTTI
"-DUSE_RTTI=1" "-DUSE_RTTI=1"
# this doesn't exist in RocksDB, and USE_SSE is deprecated for # This doesn't exist in RocksDB, and USE_SSE is deprecated for
# PORTABLE=$(march) # PORTABLE=$(march)
"-DFORCE_SSE42=1" "-DFORCE_SSE42=1"
# PORTABLE will get set in main/default.nix # PORTABLE will get set in main/default.nix
"-DPORTABLE=1" "-DPORTABLE=1"
] old.cmakeFlags ] old.cmakeFlags
++ [ ++ [
# no real reason to have snappy, no one uses this # No real reason to have snappy, no one uses this
"-DWITH_SNAPPY=0" "-DWITH_SNAPPY=0"
"-DZLIB=0" "-DZLIB=0"
"-DWITH_ZLIB=0" "-DWITH_ZLIB=0"
# we dont need to use ldb or sst_dump (core_tools) # We don't need to use ldb or sst_dump (core_tools)
"-DWITH_CORE_TOOLS=0" "-DWITH_CORE_TOOLS=0"
# we dont need trace tools # We don't need trace tools
"-DWITH_TRACE_TOOLS=0" "-DWITH_TRACE_TOOLS=0"
# we dont need to build rocksdb tests # We don't need to build rocksdb tests
"-DWITH_TESTS=0" "-DWITH_TESTS=0"
# we use rust-rocksdb via C interface and dont need C++ RTTI # We use rust-rocksdb via C interface and don't need C++ RTTI
"-DUSE_RTTI=0" "-DUSE_RTTI=0"
]; ];
# outputs has "tools" which we dont need or use # outputs has "tools" which we don't need or use
outputs = [ "out" ]; outputs = [ "out" ];
# preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use # preInstall hooks has stuff for messing with ldb/sst_dump which we don't need or use
preInstall = ""; preInstall = "";
# We have this already at https://forgejo.ellis.link/continuwuation/rocksdb/commit/a935c0273e1ba44eacf88ce3685a9b9831486155
# Unsetting this so we don't have to revert it and make this nix exclusive
patches = [ ];
}); });
}); });
scopeHost = mkScope pkgsHost; scopeHost = mkScope pkgsHost;
scopeHostStatic = mkScope pkgsHostStatic;
scopeCrossLinux = mkScope pkgsHost.pkgsLinux.pkgsStatic;
mkCrossScope = mkCrossScope =
crossSystem: crossSystem:
let let
@ -145,92 +120,19 @@
in in
mkScope pkgsCrossStatic; mkScope pkgsCrossStatic;
mkDevShell =
scope:
scope.pkgs.mkShell {
env = scope.main.env // {
# Rust Analyzer needs to be able to find the path to default crate
# sources, and it can read this environment variable to do so. The
# `rust-src` component is required in order for this to work.
RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";
# Convenient way to access a pinned version of Complement's source
# code.
COMPLEMENT_SRC = inputs.complement.outPath;
# Needed for Complement: <https://github.com/golang/go/issues/52690>
CGO_CFLAGS = "-Wl,--no-gc-sections";
CGO_LDFLAGS = "-Wl,--no-gc-sections";
};
# Development tools
packages =
[
# Always use nightly rustfmt because most of its options are unstable
#
# This needs to come before `toolchain` in this list, otherwise
# `$PATH` will have stable rustfmt instead.
inputs.fenix.packages.${system}.latest.rustfmt
toolchain
]
++ (
with pkgsHost.pkgs;
[
# Required by hardened-malloc.rs dep
binutils
cargo-audit
cargo-auditable
# Needed for producing Debian packages
cargo-deb
# Needed for CI to check validity of produced Debian packages (dpkg-deb)
dpkg
engage
# Needed for Complement
go
# Needed for our script for Complement
jq
gotestfmt
# Needed for finding broken markdown links
lychee
# Needed for linting markdown files
markdownlint-cli
# Useful for editing the book locally
mdbook
# used for rust caching in CI to speed it up
sccache
]
# liburing is Linux-exclusive
++ lib.optional stdenv.hostPlatform.isLinux liburing
++ lib.optional stdenv.hostPlatform.isLinux numactl
)
++ scope.main.buildInputs
++ scope.main.propagatedBuildInputs
++ scope.main.nativeBuildInputs;
};
in in
{ {
packages = packages =
{ {
default = scopeHost.main.override { default = scopeHost.main.override {
disable_features = [ disable_features = [
# dont include experimental features # Don't include experimental features
"experimental" "experimental"
# jemalloc profiling/stats features are expensive and shouldn't # jemalloc profiling/stats features are expensive and shouldn't
# be expected on non-debug builds. # be expected on non-debug builds.
"jemalloc_prof" "jemalloc_prof"
"jemalloc_stats" "jemalloc_stats"
# this is non-functional on nix for some reason # This is non-functional on nix for some reason
"hardened_malloc" "hardened_malloc"
# conduwuit_mods is a development-only hot reload feature # conduwuit_mods is a development-only hot reload feature
"conduwuit_mods" "conduwuit_mods"
@ -238,23 +140,23 @@
}; };
default-debug = scopeHost.main.override { default-debug = scopeHost.main.override {
profile = "dev"; profile = "dev";
# debug build users expect full logs # Debug build users expect full logs
disable_release_max_log_level = true; disable_release_max_log_level = true;
disable_features = [ disable_features = [
# dont include experimental features # Don't include experimental features
"experimental" "experimental"
# this is non-functional on nix for some reason # This is non-functional on nix for some reason
"hardened_malloc" "hardened_malloc"
# conduwuit_mods is a development-only hot reload feature # conduwuit_mods is a development-only hot reload feature
"conduwuit_mods" "conduwuit_mods"
]; ];
}; };
# just a test profile used for things like CI and complement # Just a test profile used for things like CI and complement
default-test = scopeHost.main.override { default-test = scopeHost.main.override {
profile = "test"; profile = "test";
disable_release_max_log_level = true; disable_release_max_log_level = true;
disable_features = [ disable_features = [
# dont include experimental features # Don't include experimental features
"experimental" "experimental"
# this is non-functional on nix for some reason # this is non-functional on nix for some reason
"hardened_malloc" "hardened_malloc"
@ -265,13 +167,13 @@
all-features = scopeHost.main.override { all-features = scopeHost.main.override {
all_features = true; all_features = true;
disable_features = [ disable_features = [
# dont include experimental features # Don't include experimental features
"experimental" "experimental"
# jemalloc profiling/stats features are expensive and shouldn't # jemalloc profiling/stats features are expensive and shouldn't
# be expected on non-debug builds. # be expected on non-debug builds.
"jemalloc_prof" "jemalloc_prof"
"jemalloc_stats" "jemalloc_stats"
# this is non-functional on nix for some reason # This is non-functional on nix for some reason
"hardened_malloc" "hardened_malloc"
# conduwuit_mods is a development-only hot reload feature # conduwuit_mods is a development-only hot reload feature
"conduwuit_mods" "conduwuit_mods"
@ -280,65 +182,18 @@
all-features-debug = scopeHost.main.override { all-features-debug = scopeHost.main.override {
profile = "dev"; profile = "dev";
all_features = true; all_features = true;
# debug build users expect full logs # Debug build users expect full logs
disable_release_max_log_level = true; disable_release_max_log_level = true;
disable_features = [ disable_features = [
# dont include experimental features # Don't include experimental features
"experimental" "experimental"
# this is non-functional on nix for some reason # This is non-functional on nix for some reason
"hardened_malloc" "hardened_malloc"
# conduwuit_mods is a development-only hot reload feature # conduwuit_mods is a development-only hot reload feature
"conduwuit_mods" "conduwuit_mods"
]; ];
}; };
hmalloc = scopeHost.main.override { features = [ "hardened_malloc" ]; }; hmalloc = scopeHost.main.override { features = [ "hardened_malloc" ]; };
oci-image = scopeHost.oci-image;
oci-image-all-features = scopeHost.oci-image.override {
main = scopeHost.main.override {
all_features = true;
disable_features = [
# dont include experimental features
"experimental"
# jemalloc profiling/stats features are expensive and shouldn't
# be expected on non-debug builds.
"jemalloc_prof"
"jemalloc_stats"
# this is non-functional on nix for some reason
"hardened_malloc"
# conduwuit_mods is a development-only hot reload feature
"conduwuit_mods"
];
};
};
oci-image-all-features-debug = scopeHost.oci-image.override {
main = scopeHost.main.override {
profile = "dev";
all_features = true;
# debug build users expect full logs
disable_release_max_log_level = true;
disable_features = [
# dont include experimental features
"experimental"
# this is non-functional on nix for some reason
"hardened_malloc"
# conduwuit_mods is a development-only hot reload feature
"conduwuit_mods"
];
};
};
oci-image-hmalloc = scopeHost.oci-image.override {
main = scopeHost.main.override {
features = [ "hardened_malloc" ];
};
};
book = scopeHost.book;
complement = scopeHost.complement;
static-complement = scopeHostStatic.complement;
# macOS containers don't exist, so the complement images must be forced to linux
linux-complement = (mkCrossScope "${pkgsHost.hostPlatform.qemuArch}-linux-musl").complement;
} }
// builtins.listToAttrs ( // builtins.listToAttrs (
builtins.concatLists ( builtins.concatLists (
@ -465,122 +320,6 @@
features = [ "hardened_malloc" ]; features = [ "hardened_malloc" ];
}; };
} }
# An output for an OCI image based on that binary
{
name = "oci-image-${crossSystem}";
value = scopeCrossStatic.oci-image;
}
# An output for an OCI image based on that binary with x86_64 haswell
# target optimisations
{
name = "oci-image-${crossSystem}-x86_64-haswell-optimised";
value = scopeCrossStatic.oci-image.override {
main = scopeCrossStatic.main.override {
x86_64_haswell_target_optimised = (
if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false
);
};
};
}
# An output for an OCI image based on that unstripped debug ("dev") binary
{
name = "oci-image-${crossSystem}-debug";
value = scopeCrossStatic.oci-image.override {
main = scopeCrossStatic.main.override {
profile = "dev";
# debug build users expect full logs
disable_release_max_log_level = true;
};
};
}
# An output for an OCI image based on that binary with `--all-features`
{
name = "oci-image-${crossSystem}-all-features";
value = scopeCrossStatic.oci-image.override {
main = scopeCrossStatic.main.override {
all_features = true;
disable_features = [
# dont include experimental features
"experimental"
# jemalloc profiling/stats features are expensive and shouldn't
# be expected on non-debug builds.
"jemalloc_prof"
"jemalloc_stats"
# this is non-functional on nix for some reason
"hardened_malloc"
# conduwuit_mods is a development-only hot reload feature
"conduwuit_mods"
];
};
};
}
# An output for an OCI image based on that binary with `--all-features` and with x86_64 haswell
# target optimisations
{
name = "oci-image-${crossSystem}-all-features-x86_64-haswell-optimised";
value = scopeCrossStatic.oci-image.override {
main = scopeCrossStatic.main.override {
all_features = true;
disable_features = [
# dont include experimental features
"experimental"
# jemalloc profiling/stats features are expensive and shouldn't
# be expected on non-debug builds.
"jemalloc_prof"
"jemalloc_stats"
# this is non-functional on nix for some reason
"hardened_malloc"
# conduwuit_mods is a development-only hot reload feature
"conduwuit_mods"
];
x86_64_haswell_target_optimised = (
if (crossSystem == "x86_64-linux-gnu" || crossSystem == "x86_64-linux-musl") then true else false
);
};
};
}
# An output for an OCI image based on that unstripped debug ("dev") binary with `--all-features`
{
name = "oci-image-${crossSystem}-all-features-debug";
value = scopeCrossStatic.oci-image.override {
main = scopeCrossStatic.main.override {
profile = "dev";
all_features = true;
# debug build users expect full logs
disable_release_max_log_level = true;
disable_features = [
# dont include experimental features
"experimental"
# this is non-functional on nix for some reason
"hardened_malloc"
# conduwuit_mods is a development-only hot reload feature
"conduwuit_mods"
];
};
};
}
# An output for an OCI image based on that binary with hardened_malloc
{
name = "oci-image-${crossSystem}-hmalloc";
value = scopeCrossStatic.oci-image.override {
main = scopeCrossStatic.main.override {
features = [ "hardened_malloc" ];
};
};
}
# An output for a complement OCI image for the specified platform
{
name = "complement-${crossSystem}";
value = scopeCrossStatic.complement;
}
] ]
) )
[ [
@ -592,37 +331,6 @@
] ]
) )
); );
devShells.default = mkDevShell scopeHostStatic;
devShells.all-features = mkDevShell (
scopeHostStatic.overrideScope (
final: prev: {
main = prev.main.override {
all_features = true;
disable_features = [
# dont include experimental features
"experimental"
# jemalloc profiling/stats features are expensive and shouldn't
# be expected on non-debug builds.
"jemalloc_prof"
"jemalloc_stats"
# this is non-functional on nix for some reason
"hardened_malloc"
# conduwuit_mods is a development-only hot reload feature
"conduwuit_mods"
];
};
}
)
);
devShells.no-features = mkDevShell (
scopeHostStatic.overrideScope (
final: prev: {
main = prev.main.override { default_features = false; };
}
)
);
devShells.dynamic = mkDevShell scopeHost;
} }
); );
} }

36
nix/pkgs/book/default.nix
View file

@ -1,36 +0,0 @@
{ inputs
# Dependencies
, main
, mdbook
, stdenv
}:
stdenv.mkDerivation {
inherit (main) pname version;
src = inputs.nix-filter {
root = inputs.self;
include = [
"book.toml"
"conduwuit-example.toml"
"CODE_OF_CONDUCT.md"
"CONTRIBUTING.md"
"README.md"
"development.md"
"debian/conduwuit.service"
"debian/README.md"
"arch/conduwuit.service"
"docs"
"theme"
];
};
nativeBuildInputs = [
mdbook
];
buildPhase = ''
mdbook build -d $out
'';
}

21
nix/pkgs/complement/certificate.crt
View file

@ -1,21 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDfzCCAmegAwIBAgIUcrZdSPmCh33Evys/U6mTPpShqdcwDQYJKoZIhvcNAQEL
BQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29mZXJz
IGluYy4xDDAKBgNVBAMMA2hzMTAgFw0yNTAzMTMxMjU4NTFaGA8yMDUyMDcyODEy
NTg1MVowPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQKDAx3b29m
ZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjHuCLZLpYt
/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZRxmOhtp88
awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZbo61q8HBp
L0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42BhGtnJZsK
K5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBevUdBh8gl
8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaNxMG8wCQYDVR0TBAIwADALBgNV
HQ8EBAMCBPAwNgYDVR0RBC8wLYIRKi5kb2NrZXIuaW50ZXJuYWyCA2hzMYIDaHMy
ggNoczOCA2hzNIcEfwAAATAdBgNVHQ4EFgQUr4VYrmW1d+vjBTJewvy7fJYhLDYw
DQYJKoZIhvcNAQELBQADggEBADkYqkjNYxjWX8hUUAmFHNdCwzT1CpYe/5qzLiyJ
irDSdMlC5g6QqMUSrpu7nZxo1lRe1dXGroFVfWpoDxyCjSQhplQZgtYqtyLfOIx+
HQ7cPE/tUU/KsTGc0aL61cETB6u8fj+rQKUGdfbSlm0Rpu4v0gC8RnDj06X/hZ7e
VkWU+dOBzxlqHuLlwFFtVDgCyyTatIROx5V+GpMHrVqBPO7HcHhwqZ30k2kMM8J3
y1CWaliQM85jqtSZV+yUHKQV8EksSowCFJuguf+Ahz0i0/koaI3i8m4MRN/1j13d
jbTaX5a11Ynm3A27jioZdtMRty6AJ88oCp18jxVzqTxNNO4=
-----END CERTIFICATE-----

50
nix/pkgs/complement/config.toml
View file

@ -1,50 +0,0 @@
[global]
address = "0.0.0.0"
allow_device_name_federation = true
allow_guest_registration = true
allow_public_room_directory_over_federation = true
allow_public_room_directory_without_auth = true
allow_registration = true
database_path = "/database"
log = "trace,h2=debug,hyper=debug"
port = [8008, 8448]
trusted_servers = []
only_query_trusted_key_servers = false
query_trusted_key_servers_first = false
query_trusted_key_servers_first_on_join = false
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
ip_range_denylist = []
url_preview_domain_contains_allowlist = ["*"]
url_preview_domain_explicit_denylist = ["*"]
media_compat_file_link = false
media_startup_check = true
prune_missing_media = true
log_colors = true
admin_room_notices = false
allow_check_for_updates = false
intentionally_unknown_config_option_for_testing = true
rocksdb_log_level = "info"
rocksdb_max_log_files = 1
rocksdb_recovery_mode = 0
rocksdb_paranoid_file_checks = true
log_guest_registrations = false
allow_legacy_media = true
startup_netburst = true
startup_netburst_keep = -1
allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true
# valgrind makes things so slow
dns_timeout = 60
dns_attempts = 20
request_conn_timeout = 60
request_timeout = 120
well_known_conn_timeout = 60
well_known_timeout = 60
federation_idle_timeout = 300
sender_timeout = 300
sender_idle_timeout = 300
sender_retry_backoff_limit = 300
[global.tls]
dual_protocol = true

90
nix/pkgs/complement/default.nix
View file

@ -1,90 +0,0 @@
# Dependencies
{ bashInteractive
, buildEnv
, coreutils
, dockerTools
, lib
, main
, stdenv
, tini
, writeShellScriptBin
}:
let
main' = main.override {
profile = "test";
all_features = true;
disable_release_max_log_level = true;
disable_features = [
# console/CLI stuff isn't used or relevant for complement
"console"
"tokio_console"
# sentry telemetry isn't useful for complement, disabled by default anyways
"sentry_telemetry"
"perf_measurements"
# this is non-functional on nix for some reason
"hardened_malloc"
# dont include experimental features
"experimental"
# compression isn't needed for complement
"brotli_compression"
"gzip_compression"
"zstd_compression"
# complement doesn't need hot reloading
"conduwuit_mods"
# complement doesn't have URL preview media tests
"url_preview"
];
};
start = writeShellScriptBin "start" ''
set -euxo pipefail
${lib.getExe' coreutils "env"} \
CONDUWUIT_SERVER_NAME="$SERVER_NAME" \
${lib.getExe main'}
'';
in
dockerTools.buildImage {
name = "complement-conduwuit";
tag = "main";
copyToRoot = buildEnv {
name = "root";
pathsToLink = [
"/bin"
];
paths = [
bashInteractive
coreutils
main'
start
];
};
config = {
Cmd = [
"${lib.getExe start}"
];
Entrypoint =
if !stdenv.hostPlatform.isDarwin
# Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
# are handled as expected
then [ "${lib.getExe' tini "tini"}" "--" ]
else [ ];
Env = [
"CONTINUWUITY_TLS__KEY=${./private_key.key}"
"CONTINUWUITY_TLS__CERTS=${./certificate.crt}"
"CONTINUWUITY_CONFIG=${./config.toml}"
"RUST_BACKTRACE=full"
];
ExposedPorts = {
"8008/tcp" = { };
"8448/tcp" = { };
};
};
}

28
nix/pkgs/complement/private_key.key
View file

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDS/odmZivxajeb
iyT7SMuhXqnMm+hF+zEARLcbieem0wG4x7gi2S6WLf8DlifdXax6me13eYk4rBnT
LvGEvNNx0px5M54H+FVyoVa3c1tmA66WUcZjobafPGsDh5j+5qpScgWwjkMPGg1a
09CphCFswO4PpxUUORX/OTGj/rEKxximW6OtavBwaS9F7mqjXJK7lCrcZxKq5ucc
ebGMmCoO660hROSTBaFigdRTVicclk+NgYRrZyWbCiuXPjQ0jlOE2rcaDepqTUga
Qs/2tdT4kBzBH6kZOiQOIN/ddXaj032QXr1HQYfIJfJmiM6nmRob8nik5rpZdWNO
/Ncsro/fAgMBAAECggEAITCCkfv+a5I+vwvrPE/eIDso0JOxvNhfg+BLQVy3AMnu
WmeoMmshZeREWgcTrEGg8QQnk4Sdrjl8MnkO6sddJ2luza3t7OkGX+q7Hk5aETkB
DIo+f8ufU3sIhlydF3OnVSK0fGpUaBq8AQ6Soyeyrk3G5NVufmjgae5QPbDBnqUb
piOGyfcwagL4JtCbZsMk8AT7vQSynLm6zaWsVzWNd71jummLqtVV063K95J9PqVN
D8meEcP3WR5kQrvf+mgy9RVgWLRtVWN8OLZfJ9yrnl4Efj62elrldUj4jaCFezGQ
8f0W+d8jjt038qhmEdymw2MWQ+X/b0R79lJar1Up8QKBgQD1DtHxauhl+JUoI3y+
3eboqXl7YPJt1/GTnChb4b6D1Z1hvLsOKUa7hjGEfruYGbsWXBCRMICdfzp+iWcq
/lEOp7/YU9OaW4lQMoG4sXMoBWd9uLgg0E+aH6VDJOBvxsfafqM4ufmtspzwEm90
FU1cq6oImomFnPChSq4X+3+YpwKBgQDcalaK9llCcscWA8HAP8WVVNTjCOqiDp9q
td61E9IO/FIB/gW5y+JkaFRrA2CN1zY3s3K92uveLTNYTArecWlDcPNNFDuaYu2M
Roz4bC104HGh+zztJ0iPVzELL81Lgg6wHhLONN+eVi4gTftJxzJFXybyb+xVT25A
91ynKXB+CQKBgQC+Ub43MoI+/6pHvBfb3FbDByvz6D0flgBmVXb6tP3TQYmzKHJV
8zSd2wCGGC71V7Z3DRVIzVR1/SOetnPLbivhp+JUzfWfAcxI3pDksdvvjxLrDxTh
VycbWcxtsywjY0w/ou581eLVRcygnpC0pP6qJCAwAmUfwd0YRvmiYo6cLQKBgHIW
UIlJDdaJFmdctnLOD3VGHZMOUHRlYTqYvJe5lKbRD5mcZFZRI/OY1Ok3LEj+tj+K
kL+YizHK76KqaY3N4hBYbHbfHCLDRfWvptQHGlg+vFJ9eoG+LZ6UIPyLV5XX0cZz
KoS1dXG9Zc6uznzXsDucDsq6B/f4TzctUjXsCyARAoGAOKb4HtuNyYAW0jUlujR7
IMHwUesOGlhSXqFtP9aTvk6qJgvV0+3CKcWEb4y02g+uYftP8BLNbJbIt9qOqLYh
tOVyzCoamAi8araAhjA0w4dXvqDCDK7k/gZFkojmKQtRijoxTHnWcDc3vAjYCgaM
9MVtdgSkuh2gwkD/mMoAJXM=
-----END PRIVATE KEY-----

16
nix/pkgs/complement/signing_request.csr
View file

@ -1,16 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIChDCCAWwCAQAwPzELMAkGA1UEBhMCNjkxCzAJBgNVBAgMAjQyMRUwEwYDVQQK
DAx3b29mZXJzIGluYy4xDDAKBgNVBAMMA2hzMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANL+h2ZmK/FqN5uLJPtIy6Feqcyb6EX7MQBEtxuJ56bTAbjH
uCLZLpYt/wOWJ91drHqZ7Xd5iTisGdMu8YS803HSnHkzngf4VXKhVrdzW2YDrpZR
xmOhtp88awOHmP7mqlJyBbCOQw8aDVrT0KmEIWzA7g+nFRQ5Ff85MaP+sQrHGKZb
o61q8HBpL0XuaqNckruUKtxnEqrm5xx5sYyYKg7rrSFE5JMFoWKB1FNWJxyWT42B
hGtnJZsKK5c+NDSOU4TatxoN6mpNSBpCz/a11PiQHMEfqRk6JA4g3911dqPTfZBe
vUdBh8gl8maIzqeZGhvyeKTmull1Y0781yyuj98CAwEAAaAAMA0GCSqGSIb3DQEB
CwUAA4IBAQDR/gjfxN0IID1MidyhZB4qpdWn3m6qZnEQqoTyHHdWalbfNXcALC79
ffS+Smx40N5hEPvqy6euR89N5YuYvt8Hs+j7aWNBn7Wus5Favixcm2JcfCTJn2R3
r8FefuSs2xGkoyGsPFFcXE13SP/9zrZiwvOgSIuTdz/Pbh6GtEx7aV4DqHJsrXnb
XuPxpQleoBqKvQgSlmaEBsJg13TQB+Fl2foBVUtqAFDQiv+RIuircf0yesMCKJaK
MPH4Oo+r3pR8lI8ewfJPreRhCoV+XrGYMubaakz003TJ1xlOW8M+N9a6eFyMVh76
U1nY/KP8Ua6Lgaj9PRz7JCRzNoshZID/
-----END CERTIFICATE REQUEST-----

12
nix/pkgs/complement/v3.ext
View file

@ -1,12 +0,0 @@
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.docker.internal
DNS.2 = hs1
DNS.3 = hs2
DNS.4 = hs3
DNS.5 = hs4
IP.1 = 127.0.0.1

47
nix/pkgs/oci-image/default.nix
View file

@ -1,47 +0,0 @@
{ inputs
# Dependencies
, dockerTools
, lib
, main
, stdenv
, tini
}:
dockerTools.buildLayeredImage {
name = main.pname;
tag = "main";
created = "@${toString inputs.self.lastModified}";
contents = [
dockerTools.caCertificates
main
];
config = {
Entrypoint =
if !stdenv.hostPlatform.isDarwin
# Use the `tini` init system so that signals (e.g. ctrl+c/SIGINT)
# are handled as expected
then [ "${lib.getExe' tini "tini"}" "--" ]
else [ ];
Cmd = [
"${lib.getExe main}"
];
Env = [
"RUST_BACKTRACE=full"
];
Labels = {
"org.opencontainers.image.authors" = "June Clementine Strawberry <june@girlboss.ceo> and Jason Volk
<jason@zemos.net>";
"org.opencontainers.image.created" = "@${toString inputs.self.lastModified}";
"org.opencontainers.image.description" = "a very cool Matrix chat homeserver written in Rust";
"org.opencontainers.image.documentation" = "https://continuwuity.org/";
"org.opencontainers.image.licenses" = "Apache-2.0";
"org.opencontainers.image.revision" = inputs.self.rev or inputs.self.dirtyRev or "";
"org.opencontainers.image.source" = "https://forgejo.ellis.link/continuwuation/continuwuity";
"org.opencontainers.image.title" = main.pname;
"org.opencontainers.image.url" = "https://continuwuity.org/";
"org.opencontainers.image.vendor" = "continuwuation";
"org.opencontainers.image.version" = main.version;
};
};
}