blob: 6f979d7c83e91c49c33a278fd6d43406af28c42f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
{ nixpkgs }:
with nixpkgs;
let
# provided by .envrc
root = builtins.getEnv "BIZ_ROOT";
# general functions to put in a lib
lines = s: lib.strings.splitString "\n" s;
removeNull = ls: builtins.filter (x: x != null) ls;
depsToPackageSet = packageSet: deps:
lib.attrsets.attrVals deps packageSet;
# returns true if a is a subset of b, where a and b are attrsets
subset = a: b: builtins.all
(x: builtins.elem x b) a;
allDeps = import ./deps.nix;
# gather data needed for compiling by analyzing the main module
analyze = main: rec {
# path to the module relative to the git root
relpath = builtins.replaceStrings ["${root}/"] [""]
(builtins.toString main);
# Haskell-appropriate name of the module
module = builtins.replaceStrings ["/" ".hs"] ["." ""] relpath;
# file contents
content = builtins.readFile main;
# search for the ': exe' declaration
exe = builtins.head (lib.lists.flatten (removeNull
(map (builtins.match "^-- : exe ([[:alnum:]._-]*)$")
(lines content))));
# collect all of the ': dep' declarations
deps = lib.lists.flatten (removeNull
(map (builtins.match "^-- : dep ([[:alnum:]._-]*)$")
(lines content)));
};
mkGhc = compiler: (deps: compiler (hp:
if (subset deps allDeps)
then depsToPackageSet hp deps
else throw ''
missing from deps.nix:
${toString (lib.lists.subtractLists allDeps deps)}
''));
ghc_ = mkGhc pkgs.haskell.packages.ghc865.ghcWithHoogle;
ghcjs_ = mkGhc pkgs.haskell.packages.ghcjs.ghcWithPackages;
in {
ghc = main:
let
data = analyze main;
ghc = ghc_ data.deps;
in stdenv.mkDerivation {
name = data.module;
src = ../.;
nativeBuildInputs = [ ghc ];
strictDeps = true;
buildPhase = ''
mkdir -p $out/bin
# compile with ghc
${ghc}/bin/ghc -Werror -i. \
--make ${main} \
-main-is ${data.module} \
-o $out/bin/${data.exe}
'';
# the install process was handled above
installPhase = "exit 0";
} // { env = ghc; };
ghcjs = main:
let
data = analyze main;
ghcjs = ghcjs_ data.deps;
in stdenv.mkDerivation {
name = data.module;
src = ../.;
nativeBuildInputs = [ ghcjs ];
strictDeps = true;
buildPhase = ''
mkdir -p $out/static
# compile with ghcjs
${ghcjs}/bin/ghcjs -Werror -i. \
--make ${main} \
-main-is ${data.module} \
-o ${data.exe}
# optimize js output
${pkgs.closurecompiler}/bin/closure-compiler \
${data.exe}/all.js > $out/static/${data.exe}
'';
installPhase = "exit 0";
} // { env = ghcjs; };
env = ghc_ allDeps;
os = cfg: (nixos (args: lib.attrsets.recursiveUpdate cfg {
boot.cleanTmpDir = true;
networking.firewall.allowPing = true;
nix.binaryCaches = [ "https://cache.nixos.org" ];
nix.gc.automatic = true;
nix.gc.dates = "Sunday 02:15";
nix.optimise.automatic = true;
nix.optimise.dates = [ "Sunday 02:30" ];
nixpkgs.overlays = overlays;
programs.mosh.enable = true;
programs.mosh.withUtempter = true;
security.acme.email = "ben@bsima.me";
security.acme.acceptTerms = true;
security.sudo.wheelNeedsPassword = false;
services.clamav.daemon.enable = true; # security
services.clamav.updater.enable = true; # security
services.fail2ban.enable = true; # security
services.openssh.enable = true;
services.openssh.openFirewall = true;
services.openssh.forwardX11 = true;
services.openssh.passwordAuthentication = false;
system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
})).toplevel;
}
|
