Projects/muscl
12
3
Fork 0
Code Issues 75 Pull Requests Actions Packages Releases Activity
Files
222941509d9da21c717bad2fb30e9ee038020912
muscl/flake.nix
h7x4 b0ae6e563d
All checks were successful
Build and test / check (push) Successful in 1m55s
Details
Build and test / build (push) Successful in 4m1s
Details
Build and test / check-license (push) Successful in 4m55s
Details
Build and test / test (push) Successful in 3m26s
Details
Build and test / docs (push) Successful in 6m18s
Details
Add nix support for suid/sgid testing
2025-12-04 11:42:49 +09:00

139 lines
4.1 KiB
Nix
Raw Blame History

{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
rust-overlay.url = "github:oxalica/rust-overlay";
rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
crane.url = "github:ipetkov/crane";
};
outputs = { self, nixpkgs, rust-overlay, crane }:
let
inherit (nixpkgs) lib;
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
"armv7l-linux"
];
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [
(import rust-overlay)
];
};
rust-bin = rust-overlay.lib.mkRustBin { } pkgs.buildPackages;
toolchain = rust-bin.stable.latest.default.override {
extensions = [ "rust-src" ];
};
in f system pkgs toolchain);
in {
apps = let
mkApp = program: description: {
type = "app";
program = toString program;
meta = {
inherit description;
};
};
mkVm = name: mkApp "${self.nixosConfigurations.${name}.config.system.build.vm}/bin/run-nixos-vm";
in forAllSystems (system: pkgs: _: {
muscl = mkApp (lib.getExe self.packages.${system}.muscl) "Run muscl without any setup";
coverage = mkApp (pkgs.writeShellScript "muscl-coverage" ''
${lib.getExe pkgs.python3} -m http.server -d "${self.packages.${system}.coverage}/html"
'') "Serve code coverage report at http://localhost:8000";
vm = mkVm "vm" "Start a NixOS VM with muscl installed";
vm-suid = mkVm "vm-suid" "Start a NixOS VM with muscl as SUID/SGID installed";
});
nixosConfigurations = {
vm = import ./nix/nixos-configurations/vm.nix { inherit self nixpkgs; };
vm-suid = import ./nix/nixos-configurations/vm-suid.nix { inherit self nixpkgs; };
};
devShell = forAllSystems (system: pkgs: toolchain: pkgs.mkShell {
nativeBuildInputs = with pkgs; [
toolchain
mariadb.client
cargo-nextest
cargo-edit
cargo-deny
cargo-deb
dpkg
];
RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";
});
overlays = {
default = self.overlays.muscl;
muscl = final: prev: {
inherit (self.packages.${prev.stdenv.hostPlatform.system}) muscl;
};
muscl-crane = final: prev: {
muscl = self.packages.${prev.stdenv.hostPlatform.system}.muscl-crane;
};
muscl-suid = final: prev: {
muscl = self.packages.${prev.stdenv.hostPlatform.system}.muscl-suid;
};
muscl-suid-crane = final: prev: {
muscl = self.packages.${prev.stdenv.hostPlatform.system}.muscl-suid-crane;
};
};
nixosModules = {
default = self.nixosModules.muscl;
muscl = import ./nix/module.nix;
};
packages = forAllSystems (system: pkgs: _:
let
cargoToml = builtins.fromTOML (builtins.readFile ./Cargo.toml);
cargoLock = ./Cargo.lock;
craneLib = crane.mkLib pkgs;
src = lib.fileset.toSource {
root = ./.;
fileset = lib.fileset.unions [
(craneLib.fileset.commonCargoSources ./.)
./assets
];
};
in {
default = self.packages.${system}.muscl-crane;
muscl = pkgs.callPackage ./nix/default.nix { inherit cargoToml cargoLock src; };
muscl-crane = pkgs.callPackage ./nix/default.nix {
useCrane = true;
inherit cargoToml cargoLock src craneLib;
};
muscl-suid = pkgs.callPackage ./nix/default.nix {
suidSgidSupport = true;
inherit cargoToml cargoLock src;
};
muscl-suid-crane = pkgs.callPackage ./nix/default.nix {
useCrane = true;
suidSgidSupport = true;
inherit cargoToml cargoLock src craneLib;
};
coverage = pkgs.callPackage ./nix/coverage.nix { inherit cargoToml cargoLock src; };
filteredSource = pkgs.runCommandLocal "filtered-source" { } ''
ln -s ${src} $out
'';
});
checks = forAllSystems (system: pkgs: _: {
# NOTE: the non-crane build runs tests during checkPhase
inherit (self.packages.${system}) muscl muscl-suid;
});
};
}
Reference in New Issue View Git Blame Copy Permalink