summaryrefslogtreecommitdiff
path: root/nix/build.nix
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2020-04-19 16:50:36 -0700
committerBen Sima <ben@bsima.me>2020-04-19 17:51:39 -0700
commit35f0ade5ea77d17544d253f970ef94dd1c7cd9f0 (patch)
tree588c20152bc338f8ded6cba434817b2f8fdd5d1c /nix/build.nix
parent42d1fab5fd7af5682bd693d4784d9da1a2d4bfef (diff)
Switch to niv for managing third party sources
Diffstat (limited to 'nix/build.nix')
-rw-r--r--nix/build.nix121
1 files changed, 121 insertions, 0 deletions
diff --git a/nix/build.nix b/nix/build.nix
new file mode 100644
index 0000000..6f979d7
--- /dev/null
+++ b/nix/build.nix
@@ -0,0 +1,121 @@
+{ nixpkgs }:
+
+with nixpkgs;
+
+let
+ # provided by .envrc
+ root = builtins.getEnv "BIZ_ROOT";
+
+ # general functions to put in a lib
+ lines = s: lib.strings.splitString "\n" s;
+ removeNull = ls: builtins.filter (x: x != null) ls;
+
+ depsToPackageSet = packageSet: deps:
+ lib.attrsets.attrVals deps packageSet;
+
+ # returns true if a is a subset of b, where a and b are attrsets
+ subset = a: b: builtins.all
+ (x: builtins.elem x b) a;
+
+ allDeps = import ./deps.nix;
+
+ # gather data needed for compiling by analyzing the main module
+ analyze = main: rec {
+ # path to the module relative to the git root
+ relpath = builtins.replaceStrings ["${root}/"] [""]
+ (builtins.toString main);
+ # Haskell-appropriate name of the module
+ module = builtins.replaceStrings ["/" ".hs"] ["." ""] relpath;
+ # file contents
+ content = builtins.readFile main;
+ # search for the ': exe' declaration
+ exe = builtins.head (lib.lists.flatten (removeNull
+ (map (builtins.match "^-- : exe ([[:alnum:]._-]*)$")
+ (lines content))));
+ # collect all of the ': dep' declarations
+ deps = lib.lists.flatten (removeNull
+ (map (builtins.match "^-- : dep ([[:alnum:]._-]*)$")
+ (lines content)));
+ };
+
+ mkGhc = compiler: (deps: compiler (hp:
+ if (subset deps allDeps)
+ then depsToPackageSet hp deps
+ else throw ''
+ missing from deps.nix:
+ ${toString (lib.lists.subtractLists allDeps deps)}
+ ''));
+
+ ghc_ = mkGhc pkgs.haskell.packages.ghc865.ghcWithHoogle;
+ ghcjs_ = mkGhc pkgs.haskell.packages.ghcjs.ghcWithPackages;
+in {
+ ghc = main:
+ let
+ data = analyze main;
+ ghc = ghc_ data.deps;
+ in stdenv.mkDerivation {
+ name = data.module;
+ src = ../.;
+ nativeBuildInputs = [ ghc ];
+ strictDeps = true;
+ buildPhase = ''
+ mkdir -p $out/bin
+ # compile with ghc
+ ${ghc}/bin/ghc -Werror -i. \
+ --make ${main} \
+ -main-is ${data.module} \
+ -o $out/bin/${data.exe}
+ '';
+ # the install process was handled above
+ installPhase = "exit 0";
+ } // { env = ghc; };
+
+ ghcjs = main:
+ let
+ data = analyze main;
+ ghcjs = ghcjs_ data.deps;
+ in stdenv.mkDerivation {
+ name = data.module;
+ src = ../.;
+ nativeBuildInputs = [ ghcjs ];
+ strictDeps = true;
+ buildPhase = ''
+ mkdir -p $out/static
+ # compile with ghcjs
+ ${ghcjs}/bin/ghcjs -Werror -i. \
+ --make ${main} \
+ -main-is ${data.module} \
+ -o ${data.exe}
+ # optimize js output
+ ${pkgs.closurecompiler}/bin/closure-compiler \
+ ${data.exe}/all.js > $out/static/${data.exe}
+ '';
+ installPhase = "exit 0";
+ } // { env = ghcjs; };
+
+ env = ghc_ allDeps;
+
+ os = cfg: (nixos (args: lib.attrsets.recursiveUpdate cfg {
+ boot.cleanTmpDir = true;
+ networking.firewall.allowPing = true;
+ nix.binaryCaches = [ "https://cache.nixos.org" ];
+ nix.gc.automatic = true;
+ nix.gc.dates = "Sunday 02:15";
+ nix.optimise.automatic = true;
+ nix.optimise.dates = [ "Sunday 02:30" ];
+ nixpkgs.overlays = overlays;
+ programs.mosh.enable = true;
+ programs.mosh.withUtempter = true;
+ security.acme.email = "ben@bsima.me";
+ security.acme.acceptTerms = true;
+ security.sudo.wheelNeedsPassword = false;
+ services.clamav.daemon.enable = true; # security
+ services.clamav.updater.enable = true; # security
+ services.fail2ban.enable = true; # security
+ services.openssh.enable = true;
+ services.openssh.openFirewall = true;
+ services.openssh.forwardX11 = true;
+ services.openssh.passwordAuthentication = false;
+ system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
+ })).toplevel;
+}