git.delta.rocks / jrsonnet / refs/commits / 7c29776aea25

difftreelog

ci crude migration to flake-parts

Yaroslav Bolyukin2024-06-02parent: #aac7f38.patch.diff
in: trunk

12 files changed

modifiedCargo.lockdiffbeforeafterboth
before · Cargo.lock
559 packageslockfile v3
deletedcmds/fleet/src/better_nix_eval.rsdiffbeforeafterboth
--- a/cmds/fleet/src/better_nix_eval.rs
+++ /dev/null
@@ -1,24 +0,0 @@
-//! Wrapper around nix repl, which allows to work on nix code, without relying on
-//! nix libexpr. I mean, nix libexpr is good, but until it has no C bindings, this is the royal PITA.
-
-use std::{
-	collections::HashMap,
-	ffi::{OsStr, OsString},
-	fmt::{self, Display},
-	path::PathBuf,
-	process::Stdio,
-	sync::{Arc, OnceLock},
-};
-
-use anyhow::{anyhow, bail, ensure, Context, Result};
-use better_command::{ClonableHandler, Handler, NixHandler, NoopHandler};
-use futures::StreamExt;
-use itertools::Itertools;
-use serde::{de::DeserializeOwned, Deserialize, Serialize};
-use tokio::{
-	io::AsyncWriteExt,
-	process::{ChildStderr, ChildStdin, ChildStdout, Command},
-	select,
-	sync::{mpsc, oneshot, Mutex},
-};
-use tracing::{debug, error, warn, Level};
modifiedcmds/fleet/src/main.rsdiffbeforeafterboth
--- a/cmds/fleet/src/main.rs
+++ b/cmds/fleet/src/main.rs
@@ -6,7 +6,6 @@
 pub(crate) mod host;
 pub(crate) mod keys;
 
-pub(crate) mod better_nix_eval;
 pub(crate) mod extra_args;
 
 mod fleetdata;
deletedcmds/remowt-agent/Cargo.tomldiffbeforeafterboth
--- a/cmds/remowt-agent/Cargo.toml
+++ /dev/null
@@ -1,10 +0,0 @@
-[package]
-name = "remowt-agent"
-version = "0.1.0"
-edition = "2021"
-
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
-
-[dependencies]
-iroh-net = "0.17.0"
-tracing.workspace = true
deletedcmds/remowt-agent/README.adocdiffbeforeafterboth
--- a/cmds/remowt-agent/README.adoc
+++ /dev/null
@@ -1,16 +0,0 @@
-= Remowt agent
-
-Working with remote machine programmatically is not always easy.
-
-Sure, you have ssh, sftp, and that kind of fancy stuff, but what about minimal distributions, routers?
-
-Well, sftp can be replaced with FISH... But what if remote machine isn't accessible over ssh at all? What if the only communication channel you have is uart?
-
-What if remote host has not enough tools to implement the functionality you need?
-
-Remowt is intended to solve this in a way similar to how some RAT toolkits (I.e metasploit) do - you inject minimal agent, setup some communication channel to it (stdio perhaps?), and then you deploy payloads on it, and the payloads perform the actual work.
-
-== Non-targets
-
-Minimal executable size:: As long as it transferred only once, it shouldn't be a problem to keep it a reasonable size.
-Be stealthy:: As it solves the problem almost the same way as metasploit, it is possible to use it as something bad, but this is not the remowt intended purpose, and never will be.
deletedcmds/remowt-agent/src/main.rsdiffbeforeafterboth
--- a/cmds/remowt-agent/src/main.rs
+++ /dev/null
@@ -1,3 +0,0 @@
-fn main() {
-	println!("Hello, world!");
-}
modifiedcrates/nix-eval/Cargo.tomldiffbeforeafterboth
--- a/crates/nix-eval/Cargo.toml
+++ b/crates/nix-eval/Cargo.toml
@@ -2,6 +2,7 @@
 name = "nix-eval"
 edition = "2021"
 version.workspace = true
+build = "build.rs"
 
 [dependencies]
 better-command.workspace = true
@@ -16,3 +17,7 @@
 tokio-util = { version = "0.7.11", features = ["codec"] }
 tracing.workspace = true
 unindent = "0.2.3"
+
+# [build-dependencies]
+# bindgen = "0.69.4"
+# pkg-config = "0.3.30"
addedcrates/nix-eval/build.rsdiffbeforeafterboth
--- /dev/null
+++ b/crates/nix-eval/build.rs
@@ -0,0 +1,31 @@
+// use bindgen::callbacks::ParseCallbacks;
+// use std::path::PathBuf;
+//
+// #[derive(Debug)]
+// struct StripPrefix;
+// impl ParseCallbacks for StripPrefix {
+//     fn item_name(&self, name: &str) -> Option<String> {
+//         name.strip_prefix("nix_").map(ToOwned::to_owned)
+//     }
+// }
+
+
+fn main() {
+	//
+	// let mut libnix = bindgen::builder().header_contents("nix.h", "
+	// 	#define GC_THREADS
+	// 	#include <gc/gc.h>
+	// 	#include <nix_api_expr.h>
+	// 	#include <nix_api_store.h>
+	// 	#include <nix_api_util.h>
+	// 	#include <nix_api_value.h>
+	// ").parse_callbacks(Box::new(StripPrefix));
+	//
+	// for header in pkg_config::probe_library("nix-expr-c").expect("nix-expr-c").include_paths.into_iter().chain(pkg_config::probe_library("bdw-gc").expect("bdw-gc").include_paths.into_iter()) {
+	// 	libnix = libnix.clang_arg(format!("-I{}", header.to_str().expect("path is utf-8")));
+	// }
+	//
+	// let mut out = PathBuf::from(std::env::var("OUT_DIR").expect("OUT_DIR is set by cargo"));
+	// out.push("bindings.rs");
+	// libnix.generate().expect("generate bindings").write_to_file(out).expect("write bindings");
+}
modifiedcrates/nix-eval/src/lib.rsdiffbeforeafterboth
--- a/crates/nix-eval/src/lib.rs
+++ b/crates/nix-eval/src/lib.rs
@@ -17,6 +17,14 @@
 // Contains macros helpers
 #[doc(hidden)]
 pub mod macros;
+// #[allow(non_upper_case_globals, non_camel_case_types, non_snake_case)]
+// mod nix_raw {
+// 	include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
+// }
+
+// fn init() {
+// 	nix_raw::libutil_init();
+// }
 
 #[derive(Clone)]
 pub struct NixSession(pub(crate) Arc<tokio::sync::Mutex<PooledConnection<NixSessionPoolInner>>>);
modifiedflake.lockdiffbeforeafterboth
--- a/flake.lock
+++ b/flake.lock
@@ -20,6 +20,24 @@
         "type": "github"
       }
     },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1717285511,
+        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems"
@@ -54,18 +72,30 @@
         "type": "github"
       }
     },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1717284937,
+        "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
+      }
+    },
     "nixpkgs-stable-for-tests": {
       "locked": {
-        "lastModified": 1717159533,
-        "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
+        "lastModified": 1717144377,
+        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
+        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -73,7 +103,7 @@
     "root": {
       "inputs": {
         "crane": "crane",
-        "flake-utils": "flake-utils",
+        "flake-parts": "flake-parts",
         "nixpkgs": "nixpkgs",
         "nixpkgs-stable-for-tests": "nixpkgs-stable-for-tests",
         "rust-overlay": "rust-overlay"
@@ -81,9 +111,7 @@
     },
     "rust-overlay": {
       "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
+        "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
         ]
modifiedflake.nixdiffbeforeafterboth
--- a/flake.nix
+++ b/flake.nix
@@ -3,15 +3,14 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/master";
-    nixpkgs-stable-for-tests.url = "github:nixos/nixpkgs/nixos-23.11";
+    nixpkgs-stable-for-tests.url = "github:nixos/nixpkgs/nixos-24.05";
     rust-overlay = {
       url = "github:oxalica/rust-overlay";
       inputs = {
         nixpkgs.follows = "nixpkgs";
-        flake-utils.follows = "flake-utils";
       };
     };
-    flake-utils.url = "github:numtide/flake-utils";
+    flake-parts.url = "github:hercules-ci/flake-parts";
     crane = {
       url = "github:ipetkov/crane";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -20,39 +19,74 @@
   outputs = {
     self,
     rust-overlay,
-    flake-utils,
+    flake-parts,
     nixpkgs,
     nixpkgs-stable-for-tests,
     crane,
   }:
-    with nixpkgs.lib;
-      {
+    flake-parts.lib.mkFlake {
+      # Not passing inputs through inputs for better visibility.
+      inputs = {};
+    } {
+      flake = {
         lib = import ./lib {
-          inherit flake-utils;
-          fleetPkgsForPkgs = pkgs: import ./pkgs {
-            inherit (pkgs) callPackage;
-            craneLib = crane.mkLib pkgs;
-          };
+          fleetPkgsForPkgs = pkgs:
+            import ./pkgs {
+              inherit (pkgs) callPackage;
+              craneLib = crane.mkLib pkgs;
+            };
         };
-      }
-      // flake-utils.lib.eachDefaultSystem (system: let
-        pkgs =
-          import nixpkgs
-          {
-            inherit system;
-            overlays = [(import rust-overlay)];
-          };
+      };
+      # Supported and tested list of deployment targets.
+      systems = ["x86_64-linux" "aarch64-linux" "armv7l-linux" "armv6l-linux"];
+      perSystem = {
+        config,
+        system,
+        ...
+      }: let
+        # Can also be built for darwin, through it is not usual to deploy nixos systems from macos machines.
+        # I have no hardware for such testing, thus only adding machines I actually have and use.
+        #
+        # It is not possible to deploy any host from armv6/armv7 hardware, and I don't think it even makes sense.
+        deployerSystems = ["aarch64-linux" "x86_64-linux"];
+        deployerSystem = builtins.elem system deployerSystems;
+        pkgs = import nixpkgs {
+          inherit system;
+          overlays = [(rust-overlay.overlays.default)];
+        };
+        lib = pkgs.lib;
         rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
         craneLib = (crane.mkLib pkgs).overrideToolchain rust;
       in {
-        packages = let
+        # Reference fleet package should be built with nightly rust, specified in rust-toolchain.toml.
+        packages = lib.mkIf deployerSystem (let
           packages = import ./pkgs {
             inherit (pkgs) callPackage;
             inherit craneLib;
           };
         in
-          packages // {default = packages.fleet;};
+          packages // {default = packages.fleet;});
+        # TODO: It should be possible to move lib.mkIf to default attribute, instead of disabling the whole
+        # devShells block, yet nix flake check fails here, due to no default shell found. It is nix or flake-parts bug?
+        devShells = lib.mkIf deployerSystem {
+          default = craneLib.devShell {
+            packages = with pkgs; [
+              rust
+              alejandra
+              cargo-edit
+              cargo-udeps
+              cargo-fuzz
+              cargo-watch
+              cargo-outdated
 
+              pkg-config
+              openssl
+              bacon
+            ];
+          };
+        };
+        # fleet-install-secrets will not be built normally, because they are not ran directly by user most of the time.
+        # checks there build packages for default nixpkgs rustPlatform packages.
         checks = let
           packages = import ./pkgs {
             inherit (pkgs) callPackage;
@@ -74,21 +108,6 @@
           # `fleet` crate wants nightly rust, also little sense of supporting it on stable nixpkgs.
           (prefixAttrs "nixpkgs-" (removeAttrs packages ["fleet"]))
           // (prefixAttrs "nixpkgs-stable-" (removeAttrs packages-with-nixpkgs-stable ["fleet"]));
-
-        devShells.default = craneLib.devShell {
-          packages = with pkgs; [
-            alejandra
-            lld
-            cargo-edit
-            cargo-udeps
-            cargo-fuzz
-            cargo-watch
-            cargo-outdated
-
-            pkg-config
-            openssl
-            bacon
-          ];
-        };
-      });
+      };
+    };
 }
modifiedlib/default.nixdiffbeforeafterboth
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,5 +1,4 @@
 {
-  flake-utils,
   fleetPkgsForPkgs,
 }: {
   fleetConfiguration = {