nix/build.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

{ nixpkgs }:

with nixpkgs;

let
  # provided by .envrc
  root = builtins.getEnv "BIZ_ROOT";

  # general functions to put in a lib
  lines = s: lib.strings.splitString "\n" s;
  removeNull = ls: builtins.filter (x: x != null) ls;

  depsToPackageSet = packageSet: deps:
    lib.attrsets.attrVals deps packageSet;

  # returns true if a is a subset of b, where a and b are attrsets
  subset = a: b: builtins.all
    (x: builtins.elem x b) a;

  allDeps = import ./haskell-deps.nix;

  # gather data needed for compiling by analyzing the main module
  analyze = main: rec {
    # path to the module relative to the git root
    relpath = builtins.replaceStrings ["${root}/"] [""]
        (builtins.toString main);
    # Haskell-appropriate name of the module
    module = builtins.replaceStrings ["/" ".hs"] ["." ""] relpath;
    # file contents
    content = builtins.readFile main;
    # search for the ': exe' declaration
    exe = builtins.head (lib.lists.flatten (removeNull
      (map (builtins.match "^-- : exe ([[:alnum:]._-]*)$")
        (lines content))));
    # collect all of the ': dep' declarations
    deps = lib.lists.flatten (removeNull
      (map (builtins.match "^-- : dep ([[:alnum:]._-]*)$")
        (lines content)));
  };

  mkGhc = compiler: (deps: compiler (hp:
    if (subset deps allDeps)
    then depsToPackageSet hp deps
    else throw ''
      missing from nix/haskell-deps.nix:
      ${toString (lib.lists.subtractLists allDeps deps)}
    ''));

  ghc_ = mkGhc pkgs.haskell.packages.ghc865.ghcWithHoogle;
  ghcjs_ = mkGhc pkgs.haskell.packages.ghcjs.ghcWithPackages;
in {
  ghc = main:
    let
      data = analyze main;
      ghc = ghc_ data.deps;
    in stdenv.mkDerivation {
      name = data.module;
      src = ../.;
      nativeBuildInputs = [ ghc ];
      strictDeps = true;
      buildPhase = ''
        mkdir -p $out/bin
        # compile with ghc
        ${ghc}/bin/ghc -Werror -i. \
            --make ${main} \
            -main-is ${data.module} \
            -o $out/bin/${data.exe}
      '';
      # the install process was handled above
      installPhase = "exit 0";
    } // { env = ghc; };

  ghcjs = main:
    let
      data = analyze main;
      ghcjs = ghcjs_ data.deps;
    in stdenv.mkDerivation {
      name = data.module;
      src = ../.;
      nativeBuildInputs = [ ghcjs ];
      strictDeps = true;
      buildPhase = ''
        mkdir -p $out/static
        # compile with ghcjs
        ${ghcjs}/bin/ghcjs -Werror -i. \
            --make ${main} \
            -main-is ${data.module} \
            -o ${data.exe}
        # optimize js output
        ${pkgs.closurecompiler}/bin/closure-compiler \
          ${data.exe}/all.js > $out/static/${data.exe}
      '';
      installPhase = "exit 0";
    } // { env = ghcjs; };

  env = mkShell {
    name = "bizdev";
    buildInputs = [
      (ghc_ allDeps)
      # this says something about missing haskelline?
      #(ghcjs_ allDeps)

      nixpkgs.niv.niv
      nixpkgs.hlint
      nixpkgs.ormolu
      nixpkgs.python37Packages.black
      nixpkgs.python37Packages.pylint
      nixpkgs.wemux
    ];
    shellHook = ''
      echo "bizdev" | ${nixpkgs.figlet}/bin/figlet | ${nixpkgs.lolcat}/bin/lolcat
      echo "(be sure to run 'nix-shell' to get the build functions)"
      echo "-------------------------------------------------------"
      echo ""

      function repl() {
        ghci -i$BIZ_ROOT -ghci-script "$BIZ_ROOT/.ghci"
      }

      function deps() {
        niv --sources-file $BIZ_ROOT/nix/sources.json $@
      }

      alias lint=$BIZ_ROOT/Biz/lint.py
    '';
  };

  os = cfg: (nixos (args: lib.attrsets.recursiveUpdate cfg {
    boot.cleanTmpDir = true;
    networking.firewall.allowPing = true;
    nix.binaryCaches = [ "https://cache.nixos.org" ];
    nix.gc.automatic = true;
    nix.gc.dates = "Sunday 02:15";
    nix.optimise.automatic = true;
    nix.optimise.dates = [ "Sunday 02:30" ];
    nixpkgs.overlays = overlays;
    programs.mosh.enable = true;
    programs.mosh.withUtempter = true;
    security.acme.email = "ben@bsima.me";
    security.acme.acceptTerms = true;
    security.sudo.wheelNeedsPassword = false;
    services.clamav.daemon.enable = true; # security
    services.clamav.updater.enable = true; # security
    services.fail2ban.enable = true; # security
    services.openssh.enable = true;
    services.openssh.openFirewall = true;
    services.openssh.forwardX11 = true;
    services.openssh.passwordAuthentication = false;
    system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin
  })).toplevel;
}