nix: init flake

matrix-construct · May 13, 2020 · b69562b · b69562b
1 parent bcd4d41
commit b69562b
Show file tree

Hide file tree

Showing 5 changed files with 170 additions and 53 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,39 @@
+{
+  description = "A flake for the construct matrix homeserver";
+
+  outputs = { self, nixpkgs }: let
+    forAllSystems = nixpkgs.lib.genAttrs [ "x86_64-linux"  "i686-linux"  "aarch64-linux" "x86_64-darwin" ];
+  in {
+
+    overlay = final: prev: rec {
+      matrix-construct-source = let
+        inherit (prev) lib linkFarm;
+        srcFilter = n: t: (lib.hasSuffix ".cc" n || lib.hasSuffix ".h" n || lib.hasSuffix ".S" n
+        || lib.hasSuffix ".md" n || t == "directory");
+        repo = lib.cleanSourceWith { filter = srcFilter; src = lib.cleanSource "./."; };
+
+        buildFileWith = root: name: type: rec {
+          inherit name; file = "${root}/${name}";
+          path = if type == "directory" then buildFarmFrom name file else "${file}";
+        };
+        buildFarm = root: lib.mapAttrsToList (buildFileWith root) (builtins.readDir root);
+        buildFarmFrom = basename: root: linkFarm (lib.strings.sanitizeDerivationName basename) (buildFarm root);
+      in buildFarmFrom "construct" self;
+
+      matrix-construct = prev.callPackage ./nix/package {
+        rev = if self ? rev then self.rev else "development";
+        source = matrix-construct-source;
+      };
+    };
+
+    packages = forAllSystems (system: let
+      pkgs = nixpkgs.legacyPackages.${system};
+    in self.overlay pkgs pkgs);
+
+    defaultPackage = forAllSystems (system: self.packages.${system}.matrix-construct);
+
+    nixosModules = {
+      matrix-construct = import ./nix/module self;
+    };
+  };
+}
diff --git a/nix/module/default.nix b/nix/module/default.nix
@@ -0,0 +1,89 @@
+self: { config, system, pkgs, lib, ... }:
+
+let
+  cfg = config.services.matrix-construct;
+in {
+  options.services.matrix-construct = with lib; {
+    enable = mkEnableOption "the construct server";
+
+    useScreen = mkOption {
+      type = types.bool;
+      default = true;
+      example = false;
+      description = ''
+        Run construct in screen for stdio access.
+      '';
+    };
+
+    setupUnbound = mkOption {
+      type = types.bool;
+      default = true;
+      example = false;
+      description = ''
+        Setup default unbound forwardAddresses.
+      '';
+    };
+
+    extraArgs = mkOption {
+      type = with types; listOf str;
+      default = [];
+      example = [ "-6" "--debug" ];
+      description = ''
+        Extra flags to pass to construct.
+      '';
+    };
+
+    package = mkOption {
+      type = types.package;
+      default = self.packages.${system}.matrix-construct;
+      defaultText = "pkgs.matrix-construct";
+      description = ''
+        Guix package to use.
+      '';
+    };
+
+    server = mkOption {
+      type = types.str;
+      default = null;
+      example = "matrix.example.org";
+      description = ''
+        Server configuration to run construct with.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [ cfg.package ] ++ lib.optional cfg.useScreen pkgs.screen;
+
+    systemd.services.construct = {
+      description = "Matrix Construct";
+      wantedBy = [ "multi-user.target" ];
+
+      ## bin/construct host.tld [servername]
+      ## Connect to screen
+      ##  Wait for init, then press ctrl-c
+      ##  Create listener with `net listen matrix * 8448 privkey.pem cert.pem chain.pem`
+      ##   ..I used /var/lib/acme/xa0.uk/key.pem /(...)/xa0.uk/fullchain.pem /(...)/xa0.uk/fullchain.pem`
+      ##  Route and test with https://matrix.org/federationtester/api/report?server_name=host.tld
+      ##  Restart, or reload with `mod reload web_root`
+      ## Exit screen
+      script = '' cd $STATE_DIRECTORY && exec ''
+        + (if cfg.useScreen then '' ${pkgs.screen}/bin/screen -D -m '' else "")
+        + '' ${cfg.package}/bin/construct ${cfg.server} ${lib.concatStringsSep " " cfg.extraArgs} '';
+
+      serviceConfig = {
+        Restart = "on-failure";
+        ConfigurationDirectory = "construct";
+        RuntimeDirectory = "construct";
+        StateDirectory = "construct"; # Todo: bootstrap
+        LogsDirectory = "construct";
+        StandardOutput = "syslog";
+        StandardError = "syslog";
+        TimeoutStopSec = "120";
+        KillSignal = "SIGQUIT";
+      };
+    };
+
+    services.unbound.forwardAddresses = lib.mkIf cfg.setupUnbound [ "4.2.2.1" "4.2.2.2" "4.2.2.3" "4.2.2.4" "4.2.2.5" "4.2.2.6" ];
+  };
+}
diff --git a/default.nix → nix/package/default.nix b/default.nix → nix/package/default.nix
@@ -1,17 +1,10 @@
-{ rev    ? "c7e0e9ed5abd0043e50ee371129fcb8640264fc4"
-, sha256 ? "0c28mpvjhjc8kiwj2w8zcjsr2rayw989a1wnsqda71zpcyas3mq2"
-, pkgs   ? import (builtins.fetchTarball { inherit sha256;
-    url = "https://github.com/NixOS/nixpkgs/archive/${rev}.tar.gz";
-  }) { }
-
-, stdenv ? if useClang
-           then (if pkgs.stdenv.cc.isClang
-                 then pkgs.stdenv
-                 else pkgs.llvmPackages_latest.stdenv)
-           else (if pkgs.stdenv.cc.isGNU
-                 then pkgs.stdenv
-                 else pkgs.gcc.stdenv)
-, lib ? pkgs.lib
+{ source, rev, pkgs, lib, stdenv ? if useClang
+                                   then (if pkgs.stdenv.cc.isClang
+                                         then pkgs.stdenv
+                                         else pkgs.llvmPackages_latest.stdenv)
+                                   else (if pkgs.stdenv.cc.isGNU
+                                         then pkgs.stdenv
+                                         else pkgs.gcc.stdenv)
 
 , debug              ? false # Debug Build
 , useClang           ? false # Use Clang over GCC
@@ -21,34 +14,13 @@
 
 let
   pname = "matrix-construct";
-  version = "development";
-
-  source = let
-    srcFilter = n: t: (lib.hasSuffix ".cc" n || lib.hasSuffix ".h" n || lib.hasSuffix ".S" n
-                    || lib.hasSuffix ".md" n || t == "directory");
-    repo = lib.cleanSourceWith { filter = srcFilter; src = lib.cleanSource ./.; };
-
-    buildFileWith = root: name: type: rec {
-      inherit name; file = "${root}/${name}";
-      path = if type == "directory" then buildFarmFrom name file else "${file}";
-    };
-    buildFarm = root: lib.mapAttrsToList (buildFileWith root) (builtins.readDir root);
-    buildFarmFrom = basename: root: pkgs.linkFarm (lib.strings.sanitizeDerivationName basename) (buildFarm root);
-  in buildFarmFrom "construct" repo;
+  version = lib.substring 0 9 rev;
 
   buildArgs = buildInputs: nativeBuildInputs: {
     inherit buildInputs nativeBuildInputs;
     preferLocalBuild = true;
     allowSubstitutes = false;
   };
-
-  VERSION_COMMIT_CMD = "git rev-parse --short HEAD";
-  VERSION_BRANCH_CMD = "git rev-parse --abbrev-ref HEAD";
-  VERSION_TAG_CMD = "git describe --tags --abbrev=0 --dirty --always --broken";
-  VERSION_CMD = "git describe --tags --always --broken";
-  runWithGit = id: cmd: lib.removeSuffix "\n" (builtins.readFile (pkgs.runCommandNoCCLocal "construct-${id}" {
-    buildInputs = [ pkgs.git ];
-  } "cd ${./.} && ${cmd} > $out"));
 in stdenv.mkDerivation rec {
   inherit pname version;
   src = source;
@@ -528,7 +500,7 @@ in stdenv.mkDerivation rec {
       libtool --tag=CXX --mode=link g++ -std=gnu++17 -ftls-model=initial-exec -pthread ${CXXOPTS} -version-info 3:2:0 \
         -Wl,--no-undefined-version -Wl,--weak-unresolved-symbols -Wl,--unresolved-symbols=ignore-in-shared-libs \
         -Wl,--wrap=pthread_create -Wl,--wrap=pthread_join -Wl,--wrap=pthread_timedjoin_np -Wl,--wrap=pthread_self -Wl,--wrap=pthread_setname_np \
-        -Wl,-z,nodelete -Wl,-z,nodlopen -Wl,-z,lazy -L${boost.out}/lib \
+        -Wl,-z,nodelete -Wl,-z,nodlopen -Wl,-z,lazy -L${pkgs.boost.out}/lib \
         -Wl,-fuse-ld=gold -Wl,--gdb-index -Wl,--warn-common -Wl,--warn-execstack -Wl,--detect-odr-violations -Wl,--rosegment -Wl,-z,noexecstack -Wl,-z,combreloc -Wl,-z,text-unlikely-segment \
         -o $out/${laFile} ${lib.concatStringsSep " " loFiles} ${extraArgs} \
         -lrocksdb -lboost_coroutine -lboost_context -lboost_thread -lboost_filesystem -lboost_chrono -lboost_system -lssl -lcrypto -L${pkgs.libsodium.out}/lib -lsodium -lmagic -lz -lpthread -latomic -lrocksdb -ldl
@@ -570,11 +542,11 @@ in stdenv.mkDerivation rec {
 
     versionDefs = let
       versions = {
-        BRANDING_VERSION = "${runWithGit "version" VERSION_CMD}";
-        RB_VERSION = "${runWithGit "version" VERSION_CMD}";
-        RB_VERSION_BRANCH = "${runWithGit "version-branch" VERSION_BRANCH_CMD}";
-        RB_VERSION_COMMIT = "${runWithGit "version-commit" VERSION_COMMIT_CMD}";
-        RB_VERSION_TAG = "${runWithGit "version-tag" VERSION_TAG_CMD}";
+        BRANDING_VERSION = lib.substring 0 9 rev;
+        RB_VERSION = lib.substring 0 9 rev;
+        RB_VERSION_BRANCH = "master";
+        RB_VERSION_COMMIT = rev;
+        RB_VERSION_TAG = rev;
       };
     in lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "-U${k} -D'${k}=\"${v}\"'") versions);
 

diff --git a/shell.nix b/shell.nix
@@ -20,17 +20,7 @@ let
   '';
 in pkgs.mkShell {
   buildInputs = with pkgs; [
-    libsodium openssl file boost gmp llvm
-    (rocksdb.overrideAttrs (super: rec {
-      version = "5.16.6";
-      src = pkgs.fetchFromGitHub {
-        owner = "facebook";
-        repo = "rocksdb";
-        rev = "v${version}";
-        sha256 = "0yy09myzbi99qdmh2c2mxlddr12pwxzh66ym1y6raaqglrsmax66";
-      };
-      NIX_CFLAGS_COMPILE = "${super.NIX_CFLAGS_COMPILE} -Wno-error=redundant-move";
-    }))
+    libsodium openssl file boost gmp llvm rocksdb
     zlib lz4 snappy
     graphicsmagick
     jemalloc