blob: 9fea5df63652c3e01b5f7a56529f0862de0af751 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
{ nixpkgs }:
with nixpkgs;
let
# provided by .envrc
root = builtins.getEnv "BIZ_ROOT";
# general functions to put in a lib
lines = s: lib.strings.splitString "\n" s;
removeNull = ls: builtins.filter (x: x != null) ls;
depsToPackageSet = packageSet: deps:
lib.attrsets.attrVals deps packageSet;
# returns true if a is a subset of b, where a and b are attrsets
subset = a: b: builtins.all
(x: builtins.elem x b) a;
allDeps = import ./Deps.nix;
# gather data needed for compiling by analyzing the main module
analyze = main: rec {
# path to the module relative to the git root
relpath = builtins.replaceStrings ["${root}/"] [""]
(builtins.toString main);
# Haskell-appropriate name of the module
module = builtins.replaceStrings ["/" ".hs"] ["." ""] relpath;
# file contents
content = builtins.readFile main;
# search for the ': exe' declaration
exe = builtins.head (lib.lists.flatten (removeNull
(map (builtins.match "^-- : exe ([[:alnum:]._-]*)$")
(lines content))));
# collect all of the ': dep' declarations
deps = lib.lists.flatten (removeNull
(map (builtins.match "^-- : dep ([[:alnum:]._-]*)$")
(lines content)));
sysdeps = lib.lists.flatten (removeNull
(map (builtins.match "^-- : sys ([[:alum:]._-]*)$")
(lines content)));
};
mkGhc = compiler: (deps: compiler (hp:
if (subset deps allDeps)
then depsToPackageSet hp deps
else throw ''
missing from nix/haskell-deps.nix:
${toString (lib.lists.subtractLists allDeps deps)}
''));
ghc_ = mkGhc pkgs.haskell.packages.ghc865.ghcWithHoogle;
ghcjs_ = mkGhc pkgs.haskell.packages.ghcjs.ghcWithPackages;
in {
ghc = main:
let
data = analyze main;
ghc = ghc_ data.deps;
in stdenv.mkDerivation {
name = data.module;
src = ../.;
nativeBuildInputs = [ ghc ] ++ depsToPackageSet nixpkgs data.sysdeps;
strictDeps = true;
buildPhase = ''
mkdir -p $out/bin
# compile with ghc
${ghc}/bin/ghc -Werror -Weverything -i. \
--make ${main} \
-main-is ${data.module} \
-o $out/bin/${data.exe}
'';
# the install process was handled above
installPhase = "exit 0";
} // { env = ghc; };
ghcjs = main:
let
data = analyze main;
ghcjs = ghcjs_ data.deps;
in stdenv.mkDerivation {
name = data.module;
src = ../.;
nativeBuildInputs = [ ghcjs ];
strictDeps = true;
buildPhase = ''
mkdir -p $out/static
# compile with ghcjs
${ghcjs}/bin/ghcjs -Werror -Weverything -i. \
--make ${main} \
-main-is ${data.module} \
-o ${data.exe}
# optimize js output
${pkgs.closurecompiler}/bin/closure-compiler \
${data.exe}/all.js > $out/static/${data.exe}
'';
installPhase = "exit 0";
} // { env = ghcjs; };
env = mkShell {
name = "bizdev";
buildInputs = [
(ghc_ allDeps)
# ghcjs doesn't need everything, and many things fail to build
(ghcjs_ [
"aeson"
"clay"
"containers"
"miso"
"protolude"
"servant"
"split"
"string-quote"
"text"
"ghcjs-base"
])
nixpkgs.cmark
nixpkgs.figlet
nixpkgs.hlint
nixpkgs.lolcat
nixpkgs.niv.niv
nixpkgs.ormolu
nixpkgs.python37Packages.black
nixpkgs.python37Packages.pylint
nixpkgs.wemux
];
shellHook = ". ${./ShellHook.sh}";
};
os = cfg: (nixos (args: lib.attrsets.recursiveUpdate cfg {
boot.cleanTmpDir = true;
networking.firewall.allowPing = true;
nix.binaryCaches = [ "https://cache.nixos.org" ];
nix.gc.automatic = true;
nix.gc.dates = "Sunday 02:15";
nix.optimise.automatic = true;
nix.optimise.dates = [ "Sunday 02:30" ];
nixpkgs.overlays = overlays;
programs.mosh.enable = true;
programs.mosh.withUtempter = true;
security.acme.email = "ben@bsima.me";
security.acme.acceptTerms = true;
security.sudo.wheelNeedsPassword = false;
services.clamav.daemon.enable = true; # security
services.clamav.updater.enable = true; # security
services.fail2ban.enable = true; # security
services.openssh.enable = true;
services.openssh.openFirewall = true;
services.openssh.forwardX11 = true;
services.openssh.passwordAuthentication = false;
system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
})).toplevel;
}
|