diff --git a/.config/flakebox/id b/.config/flakebox/id index 63fae2d4cb8..7f804cb8f1c 100644 --- a/.config/flakebox/id +++ b/.config/flakebox/id @@ -1 +1 @@ -e16dff3d70bd88f72becf7d947027a8ce32956b1cd1d669ca57715992f96c48aea1110469693522ecac0d689ca0965a956d63208b33326848d205e587d298f73 +f8574bba32eb0a741153928d8ee13d4f4cfe30a91b9a0f860472fea3e85a9551ff71b39aa51852e7a46628d096219eee4ee3809f888ec88e6b99276207b86fd2 diff --git a/default.nix b/default.nix index 2cccff28d51..6466507b714 100644 --- a/default.nix +++ b/default.nix @@ -1,10 +1,9 @@ -(import - ( - let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in - fetchTarball { - url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; - sha256 = lock.nodes.flake-compat.locked.narHash; - } - ) - { src = ./.; } -).defaultNix +(import ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } +) { src = ./.; }).defaultNix diff --git a/flake.lock b/flake.lock index 82d75acc3fe..d57fcea4623 100644 --- a/flake.lock +++ b/flake.lock @@ -26,17 +26,17 @@ ] }, "locked": { - "lastModified": 1719001124, - "narHash": "sha256-JXrMwYlQarZPyjN5UkD4fS9mrHSE1PUa7P//1Z5Sqr0=", + "lastModified": 1727381935, + "narHash": "sha256-G2fOYRZM7bXK5eBb+GK3k/WmO+q5JA/GtFwSPc3kdc8=", "owner": "tadfisher", "repo": "android-nixpkgs", - "rev": "7fa1348249564e43185d3053f579f9fa923d46cc", + "rev": "522d86121cbd413aff922c54f38106ecf8740107", "type": "github" }, "original": { "owner": "tadfisher", "repo": "android-nixpkgs", - "rev": "7fa1348249564e43185d3053f579f9fa923d46cc", + "rev": "522d86121cbd413aff922c54f38106ecf8740107", "type": "github" } }, @@ -231,17 +231,17 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1719004469, - "narHash": "sha256-TZSHiEJ3qYgA46vikQKT2bwGCEF2LrJVw7cettqa+/g=", + "lastModified": 1727478500, + "narHash": "sha256-nrDYdwIAI1nskNEE/r9rhDJDaouZ4tpSyURfndRsPho=", "owner": "dpc", "repo": "flakebox", - "rev": "12d5ee4f6c47bc01f07ec6f5848a83db265902d3", + "rev": "ee39d59b2c3779e5827f8fa2d269610c556c04c8", "type": "github" }, "original": { "owner": "dpc", "repo": "flakebox", - "rev": "12d5ee4f6c47bc01f07ec6f5848a83db265902d3", + "rev": "ee39d59b2c3779e5827f8fa2d269610c556c04c8", "type": "github" } }, diff --git a/flake.nix b/flake.nix index d5821ebac41..cc3f33a4ec0 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; flakebox = { - url = "github:dpc/flakebox?rev=12d5ee4f6c47bc01f07ec6f5848a83db265902d3"; + url = "github:dpc/flakebox?rev=ee39d59b2c3779e5827f8fa2d269610c556c04c8"; inputs.nixpkgs.follows = "nixpkgs"; inputs.fenix.follows = "fenix"; }; @@ -23,21 +23,28 @@ }; }; - outputs = { self, nixpkgs, flake-utils, flakebox, advisory-db, bundlers, ... }: + outputs = + { + self, + nixpkgs, + flake-utils, + flakebox, + advisory-db, + bundlers, + ... + }: let # overlay combining all overlays we use - overlayAll = - nixpkgs.lib.composeManyExtensions - [ - (import ./nix/overlays/rocksdb.nix) - (import ./nix/overlays/wasm-bindgen.nix) - (import ./nix/overlays/cargo-nextest.nix) - (import ./nix/overlays/esplora-electrs.nix) - (import ./nix/overlays/clightning.nix) - (import ./nix/overlays/darwin-compile-fixes.nix) - (import ./nix/overlays/cargo-honggfuzz.nix) - (import ./nix/overlays/trustedcoin.nix) - ]; + overlayAll = nixpkgs.lib.composeManyExtensions [ + (import ./nix/overlays/rocksdb.nix) + (import ./nix/overlays/wasm-bindgen.nix) + (import ./nix/overlays/cargo-nextest.nix) + (import ./nix/overlays/esplora-electrs.nix) + (import ./nix/overlays/clightning.nix) + (import ./nix/overlays/darwin-compile-fixes.nix) + (import ./nix/overlays/cargo-honggfuzz.nix) + (import ./nix/overlays/trustedcoin.nix) + ]; in { overlays = { @@ -56,98 +63,96 @@ nixosModules = { fedimintd = import ./nix/modules/fedimintd.nix; }; - } // - flake-utils.lib.eachDefaultSystem - (system: - let - pkgs = import nixpkgs { - inherit system; - overlays = [ overlayAll ]; - }; - - lib = pkgs.lib; - - stdenv = pkgs.stdenv; - - flakeboxLib = flakebox.lib.${system} { - # customizations will go here in the future - config = { - direnv.enable = false; - - toolchain.components = [ - "rustc" - "cargo" - "clippy" - "rust-analyzer" - "rust-src" - "llvm-tools" - ]; - - just.rules.clippy = { - content = lib.mkForce '' - # run `cargo clippy` on everything - clippy *ARGS="--locked --offline --workspace --all-targets": - cargo clippy {{ARGS}} - - # run `cargo clippy --fix` on everything - clippy-fix *ARGS="--locked --offline --workspace --all-targets": - cargo clippy {{ARGS}} --fix - ''; - }; + } + // flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ overlayAll ]; + }; + + lib = pkgs.lib; + + stdenv = pkgs.stdenv; + + flakeboxLib = flakebox.lib.${system} { + # customizations will go here in the future + config = { + direnv.enable = false; + + toolchain.components = [ + "rustc" + "cargo" + "clippy" + "rust-analyzer" + "rust-src" + "llvm-tools" + ]; + + just.rules.clippy = { + content = lib.mkForce '' + # run `cargo clippy` on everything + clippy *ARGS="--locked --offline --workspace --all-targets": + cargo clippy {{ARGS}} + + # run `cargo clippy --fix` on everything + clippy-fix *ARGS="--locked --offline --workspace --all-targets": + cargo clippy {{ARGS}} --fix + ''; + }; - motd = { - enable = true; - command = '' - >&2 echo "🚧 In an enfort to improve documentation, we now require all structs and" - >&2 echo "🚧 and public methods to be documented with a docstring." - >&2 echo "🚧 See https://github.com/fedimint/fedimint/issues/3807" - ''; - }; - # we have our own weird CI workflows - github.ci.enable = false; - just.importPaths = [ - "justfile.fedimint.just" - ]; - # we have a custom final check - just.rules.final-check.enable = false; - git.pre-commit.trailing_newline = false; - git.pre-commit.hooks = { - check_forbidden_dependencies = builtins.readFile ./nix/check-forbidden-deps.sh; - }; - git.pre-commit.hooks = { - cargo-sort = builtins.readFile ./nix/check-cargo-sort.sh; - }; + motd = { + enable = true; + command = '' + >&2 echo "🚧 In an enfort to improve documentation, we now require all structs and" + >&2 echo "🚧 and public methods to be documented with a docstring." + >&2 echo "🚧 See https://github.com/fedimint/fedimint/issues/3807" + ''; + }; + # we have our own weird CI workflows + github.ci.enable = false; + just.importPaths = [ "justfile.fedimint.just" ]; + # we have a custom final check + just.rules.final-check.enable = false; + git.pre-commit.trailing_newline = false; + git.pre-commit.hooks = { + check_forbidden_dependencies = builtins.readFile ./nix/check-forbidden-deps.sh; + }; + git.pre-commit.hooks = { + cargo-sort = builtins.readFile ./nix/check-cargo-sort.sh; }; }; + }; - toolchainArgs = { }; - - stdTargets = flakeboxLib.mkStdTargets { }; - stdToolchains = flakeboxLib.mkStdToolchains toolchainArgs; + toolchainArgs = { }; + stdTargets = flakeboxLib.mkStdTargets { }; + stdToolchains = flakeboxLib.mkStdToolchains toolchainArgs; - # toolchains for the native build (default shell) - toolchainNative = flakeboxLib.mkFenixToolchain (toolchainArgs + # toolchains for the native build (default shell) + toolchainNative = flakeboxLib.mkFenixToolchain ( + toolchainArgs // { - targets = (pkgs.lib.getAttrs - [ + targets = ( + pkgs.lib.getAttrs [ "default" "wasm32-unknown" - ] - stdTargets + ] stdTargets ); - }); + } + ); - # toolchains for the native + wasm build - toolchainWasm = flakeboxLib.mkFenixToolchain (toolchainArgs + # toolchains for the native + wasm build + toolchainWasm = flakeboxLib.mkFenixToolchain ( + toolchainArgs // { defaultTarget = "wasm32-unknown-unknown"; - targets = (pkgs.lib.getAttrs - [ + targets = ( + pkgs.lib.getAttrs [ "default" "wasm32-unknown" - ] - stdTargets + ] stdTargets ); args = { @@ -155,130 +160,157 @@ pkgs.wasm-bindgen-cli pkgs.geckodriver pkgs.wasm-pack - ] ++ lib.optionals (stdenv.isLinux) [ - pkgs.firefox - ]; + ] ++ lib.optionals (stdenv.isLinux) [ pkgs.firefox ]; }; - }); + } + ); - # toolchains for the native + wasm build - toolchainAll = flakeboxLib.mkFenixToolchain (toolchainArgs + # toolchains for the native + wasm build + toolchainAll = flakeboxLib.mkFenixToolchain ( + toolchainArgs // { - targets = (pkgs.lib.getAttrs - ([ - "default" - "aarch64-android" - "x86_64-android" - "arm-android" - "armv7-android" - "wasm32-unknown" - ] ++ lib.optionals pkgs.stdenv.isDarwin [ - "aarch64-ios" - "aarch64-ios-sim" - "x86_64-ios" - ]) - stdTargets); - }); - # Replace placeholder git hash in a binary - # - # To avoid impurity, we use a git hash placeholder when building binaries - # and then replace them with the real git hash in the binaries themselves. - replaceGitHash = - let - # the hash we will set if the tree is dirty; - dirtyHashPrefix = builtins.substring 0 16 self.dirtyRev; - dirtyHashSuffix = builtins.substring (40 - 16) 16 self.dirtyRev; - # the string needs to be 40 characters, like the original, - # so to denote `-dirty` we replace the middle with zeros - dirtyHash = "${dirtyHashPrefix}00000000${dirtyHashSuffix}"; - in - { package, name, placeholder, gitHash ? if (self ? rev) then self.rev else dirtyHash }: - stdenv.mkDerivation { - inherit system; - inherit name; - - dontUnpack = true; - dontStrip = !pkgs.stdenv.isDarwin; - - installPhase = '' - cp -a ${package} $out - for path in `find $out -type f -executable`; do - # need to use a temporary file not to overwrite source as we are reading it - bbe -e 's/${placeholder}/${gitHash}/' $path -o ./tmp || exit 1 - chmod +w $path - # use cat to keep all the original permissions etc as they were - cat ./tmp > "$path" - chmod -w $path - done - ''; - - buildInputs = [ pkgs.bbe ]; - }; - + targets = ( + pkgs.lib.getAttrs ( + [ + "default" + "aarch64-android" + "x86_64-android" + "arm-android" + "armv7-android" + "wasm32-unknown" + ] + ++ lib.optionals pkgs.stdenv.isDarwin [ + "aarch64-ios" + "aarch64-ios-sim" + "x86_64-ios" + ] + ) stdTargets + ); + } + ); + # Replace placeholder git hash in a binary + # + # To avoid impurity, we use a git hash placeholder when building binaries + # and then replace them with the real git hash in the binaries themselves. + replaceGitHash = + let + # the hash we will set if the tree is dirty; + dirtyHashPrefix = builtins.substring 0 16 self.dirtyRev; + dirtyHashSuffix = builtins.substring (40 - 16) 16 self.dirtyRev; + # the string needs to be 40 characters, like the original, + # so to denote `-dirty` we replace the middle with zeros + dirtyHash = "${dirtyHashPrefix}00000000${dirtyHashSuffix}"; + in + { + package, + name, + placeholder, + gitHash ? if (self ? rev) then self.rev else dirtyHash, + }: + stdenv.mkDerivation { + inherit system; + inherit name; + + dontUnpack = true; + dontStrip = !pkgs.stdenv.isDarwin; + + installPhase = '' + cp -a ${package} $out + for path in `find $out -type f -executable`; do + # need to use a temporary file not to overwrite source as we are reading it + bbe -e 's/${placeholder}/${gitHash}/' $path -o ./tmp || exit 1 + chmod +w $path + # use cat to keep all the original permissions etc as they were + cat ./tmp > "$path" + chmod -w $path + done + ''; + + buildInputs = [ pkgs.bbe ]; + }; - craneMultiBuild = import nix/flakebox.nix { - inherit pkgs flakeboxLib advisory-db replaceGitHash; + craneMultiBuild = import nix/flakebox.nix { + inherit + pkgs + flakeboxLib + advisory-db + replaceGitHash + ; - # Yes, you're seeing right. We're passing result of this call as an argument - # to it. - inherit craneMultiBuild; + # Yes, you're seeing right. We're passing result of this call as an argument + # to it. + inherit craneMultiBuild; - toolchains = stdToolchains // { "wasm32-unknown" = toolchainWasm; }; - profiles = [ "dev" "ci" "test" "release" ]; + toolchains = stdToolchains // { + "wasm32-unknown" = toolchainWasm; }; + profiles = [ + "dev" + "ci" + "test" + "release" + ]; + }; - devShells = + devShells = - let - commonShellArgs = craneMultiBuild.commonEnvsShell // craneMultiBuild.commonArgs // { + let + commonShellArgs = + craneMultiBuild.commonEnvsShell + // craneMultiBuild.commonArgs + // { toolchain = toolchainNative; buildInputs = craneMultiBuild.commonArgs.buildInputs; - nativeBuildInputs = craneMultiBuild.commonArgs.nativeBuildInputs ++ [ - pkgs.cargo-udeps - pkgs.cargo-audit - pkgs.cargo-deny - pkgs.cargo-sort - pkgs.parallel - pkgs.just - pkgs.time - pkgs.gawk - - (pkgs.writeShellScriptBin "git-recommit" "exec git commit --edit -F <(cat \"$(git rev-parse --git-path COMMIT_EDITMSG)\" | grep -v -E '^#.*') \"$@\"") - - # This is required to prevent a mangled bash shell in nix develop - # see: https://discourse.nixos.org/t/interactive-bash-with-nix-develop-flake/15486 - (pkgs.hiPrio pkgs.bashInteractive) - pkgs.tmux - pkgs.tmuxinator - (pkgs.mprocs.overrideAttrs (final: prev: { - patches = prev.patches ++ [ - (pkgs.fetchurl { - url = "https://github.com/pvolok/mprocs/pull/88.patch"; - name = "clipboard-fix.patch"; - sha256 = "sha256-9dx1vaEQ6kD66M+vsJLIq1FK+nEObuXSi3cmpSZuQWk="; - }) - ]; - })) - pkgs.docker-compose - pkgs.tokio-console - pkgs.git - - # Nix - pkgs.nixpkgs-fmt - pkgs.shellcheck - pkgs.nil - pkgs.convco - pkgs.nodePackages.bash-language-server - pkgs.sccache - ] ++ lib.optionals (!stdenv.isAarch64 && !stdenv.isDarwin) [ - pkgs.semgrep - ] ++ lib.optionals (!stdenv.isDarwin) [ - # broken on MacOS? - pkgs.cargo-workspaces - - # marked as broken on MacOS - pkgs.cargo-llvm-cov - ]; + nativeBuildInputs = + craneMultiBuild.commonArgs.nativeBuildInputs + ++ [ + pkgs.cargo-udeps + pkgs.cargo-audit + pkgs.cargo-deny + pkgs.cargo-sort + pkgs.parallel + pkgs.just + pkgs.time + pkgs.gawk + + (pkgs.writeShellScriptBin "git-recommit" "exec git commit --edit -F <(cat \"$(git rev-parse --git-path COMMIT_EDITMSG)\" | grep -v -E '^#.*') \"$@\"") + + # This is required to prevent a mangled bash shell in nix develop + # see: https://discourse.nixos.org/t/interactive-bash-with-nix-develop-flake/15486 + (pkgs.hiPrio pkgs.bashInteractive) + pkgs.tmux + pkgs.tmuxinator + (pkgs.mprocs.overrideAttrs ( + final: prev: { + patches = prev.patches ++ [ + (pkgs.fetchurl { + url = "https://github.com/pvolok/mprocs/pull/88.patch"; + name = "clipboard-fix.patch"; + sha256 = "sha256-9dx1vaEQ6kD66M+vsJLIq1FK+nEObuXSi3cmpSZuQWk="; + }) + ]; + } + )) + pkgs.docker-compose + pkgs.tokio-console + pkgs.git + + # Nix + pkgs.nixfmt-rfc-style + pkgs.shellcheck + pkgs.nil + pkgs.convco + pkgs.nodePackages.bash-language-server + pkgs.sccache + ] + ++ lib.optionals (!stdenv.isAarch64 && !stdenv.isDarwin) [ pkgs.semgrep ] + ++ lib.optionals (!stdenv.isDarwin) [ + # broken on MacOS? + pkgs.cargo-workspaces + + # marked as broken on MacOS + pkgs.cargo-llvm-cov + ]; shellHook = '' export REPO_ROOT="$(git rev-parse --show-toplevel)" @@ -321,36 +353,41 @@ fi ''; }; - in - { - # The default shell - meant to developers working on the project, - # so notably not building any project binaries, but including all - # the settings and tools necessary to build and work with the codebase. - default = flakeboxLib.mkDevShell (commonShellArgs // { }); - - fuzz = flakeboxLib.mkDevShell (commonShellArgs // { - nativeBuildInputs = with pkgs; commonShellArgs.nativeBuildInputs ++ [ - cargo-hongfuzz - libbfd_2_38 - libunwind.dev - libopcodes_2_38 - libblocksruntime - lldb - clang - ]; - }); - - lint = flakeboxLib.mkLintShell { - nativeBuildInputs = [ - pkgs.cargo-sort - ]; - }; + in + { + # The default shell - meant to developers working on the project, + # so notably not building any project binaries, but including all + # the settings and tools necessary to build and work with the codebase. + default = flakeboxLib.mkDevShell (commonShellArgs // { }); + + fuzz = flakeboxLib.mkDevShell ( + commonShellArgs + // { + nativeBuildInputs = + with pkgs; + commonShellArgs.nativeBuildInputs + ++ [ + cargo-hongfuzz + libbfd_2_38 + libunwind.dev + libopcodes_2_38 + libblocksruntime + lldb + clang + ]; + } + ); + + lint = flakeboxLib.mkLintShell { nativeBuildInputs = [ pkgs.cargo-sort ]; }; - # Shell with extra stuff to support cross-compilation with `cargo build --target ` - # - # This will pull extra stuff so to save time and download time to most common developers, - # was moved into another shell. - cross = flakeboxLib.mkDevShell (commonShellArgs // craneMultiBuild.commonEnvsShellRocksdbLinkCross // { + # Shell with extra stuff to support cross-compilation with `cargo build --target ` + # + # This will pull extra stuff so to save time and download time to most common developers, + # was moved into another shell. + cross = flakeboxLib.mkDevShell ( + commonShellArgs + // craneMultiBuild.commonEnvsShellRocksdbLinkCross + // { toolchain = toolchainAll; shellHook = '' # hijack cargo for our evil purposes @@ -359,55 +396,71 @@ export PATH="$REPO_ROOT/bin:$PATH" export PATH="''${REPO_ROOT}/nix/cargo-wrapper/:$PATH" ''; - }); + } + ); - # Like `cross` but only with wasm - crossWasm = flakeboxLib.mkDevShell (commonShellArgs // { + # Like `cross` but only with wasm + crossWasm = flakeboxLib.mkDevShell ( + commonShellArgs + // { toolchain = toolchainWasm; - nativeBuildInputs = commonShellArgs.nativeBuildInputs or [ ] ++ [ - pkgs.wasm-pack - pkgs.wasm-bindgen-cli - pkgs.geckodriver - ] ++ lib.optionals (stdenv.isLinux) [ - pkgs.firefox - ]; - }); - - replit = pkgs.mkShell { - nativeBuildInputs = with pkgs; [ - pkg-config - openssl - ]; - }; + nativeBuildInputs = + commonShellArgs.nativeBuildInputs or [ ] + ++ [ + pkgs.wasm-pack + pkgs.wasm-bindgen-cli + pkgs.geckodriver + ] + ++ lib.optionals (stdenv.isLinux) [ pkgs.firefox ]; + } + ); - bootstrap = pkgs.mkShell { - nativeBuildInputs = with pkgs; [ - cachix - ]; - }; + replit = pkgs.mkShell { + nativeBuildInputs = with pkgs; [ + pkg-config + openssl + ]; }; - in - { - inherit devShells; - - # Technically nested sets are not allowed in `packages`, so we can - # dump the nested things here. They'll work the same way for most - # purposes (like `nix build`). - legacyPackages = craneMultiBuild; - - packages = { - inherit (craneMultiBuild) gatewayd fedimint-dbtool gateway-cli fedimint-cli fedimintd fedimint-load-test-tool; - inherit (craneMultiBuild) client-pkgs gateway-pkgs fedimint-pkgs devimint; - }; - lib = { - inherit replaceGitHash devShells; + bootstrap = pkgs.mkShell { nativeBuildInputs = with pkgs; [ cachix ]; }; }; - }); + in + { + inherit devShells; + + # Technically nested sets are not allowed in `packages`, so we can + # dump the nested things here. They'll work the same way for most + # purposes (like `nix build`). + legacyPackages = craneMultiBuild; + + packages = { + inherit (craneMultiBuild) + gatewayd + fedimint-dbtool + gateway-cli + fedimint-cli + fedimintd + fedimint-load-test-tool + ; + inherit (craneMultiBuild) + client-pkgs + gateway-pkgs + fedimint-pkgs + devimint + ; + }; + + lib = { + inherit replaceGitHash devShells; + }; + } + ); nixConfig = { extra-substituters = [ "https://fedimint.cachix.org" ]; - extra-trusted-public-keys = [ "fedimint.cachix.org-1:FpJJjy1iPVlvyv4OMiN5y9+/arFLPcnZhZVVCHCDYTs=" ]; + extra-trusted-public-keys = [ + "fedimint.cachix.org-1:FpJJjy1iPVlvyv4OMiN5y9+/arFLPcnZhZVVCHCDYTs=" + ]; }; } diff --git a/justfile b/justfile index 0808a71ac00..8e3064d02b3 100644 --- a/justfile +++ b/justfile @@ -39,7 +39,7 @@ format: cd {{invocation_directory()}} fi cargo fmt --all - nixpkgs-fmt $(echo **.nix) + nixfmt $(git ls-files | grep "\.nix$") # run lints (git pre-commit hook) diff --git a/misc/git-hooks/commit-msg b/misc/git-hooks/commit-msg index b4fe09a0cc9..922aa4c1899 100755 --- a/misc/git-hooks/commit-msg +++ b/misc/git-hooks/commit-msg @@ -18,6 +18,6 @@ MESSAGE="$( MESSAGE="${MESSAGE#fixup! }" if ! convco check --from-stdin <<<"$MESSAGE" ; then >&2 echo "Please follow conventional commits(https://www.conventionalcommits.org)" - >&2 echo "Use git recommit to fix your commit" + >&2 echo "Use git commit to fix your commit" exit 1 fi diff --git a/misc/git-hooks/pre-commit b/misc/git-hooks/pre-commit index 2a1971fc1bc..025ba14d4d2 100755 --- a/misc/git-hooks/pre-commit +++ b/misc/git-hooks/pre-commit @@ -55,7 +55,7 @@ function check_cargo_lock() { set -euo pipefail # https://users.rust-lang.org/t/check-if-the-cargo-lock-is-up-to-date-without-building-anything/91048/5 - flakebox-in-each-cargo-workspace cargo update --workspace --locked + flakebox-in-each-cargo-workspace cargo update --workspace --locked |& while read -r note ; do echo "$note (cargo)"; done } export -f check_cargo_lock @@ -87,7 +87,6 @@ function check_check_forbidden_dependencies() { return 1 fi done - # FIXME: (@leonardo) temporally allow the `openssl`, it's currently being brought by tor-proto -...-> native-tls. find ./ -name Cargo.lock | while read -r cargo_lock ; do if grep -E "openssl" "$cargo_lock" >&2 ; then >&2 echo "$cargo_lock must not depend on openssl" diff --git a/nix/flakebox.nix b/nix/flakebox.nix index 39c8e6af61d..47265e222d7 100644 --- a/nix/flakebox.nix +++ b/nix/flakebox.nix @@ -1,4 +1,12 @@ -{ pkgs, flakeboxLib, toolchains, advisory-db, profiles, craneMultiBuild, replaceGitHash }: +{ + pkgs, + flakeboxLib, + toolchains, + advisory-db, + profiles, + craneMultiBuild, + replaceGitHash, +}: let lib = pkgs.lib; @@ -11,26 +19,36 @@ let # rest randomized to avoid accidentally overwriting innocent bytes in the binary gitHashPlaceholderValue = "01234569abcdef7afa1d2683a099c7af48a523c1"; - filterWorkspaceDepsBuildFilesRegex = [ "Cargo.lock" "Cargo.toml" ".cargo" ".cargo/.*" ".config" ".config/.*" ".*/Cargo.toml" ".*/proto/.*" ]; + filterWorkspaceDepsBuildFilesRegex = [ + "Cargo.lock" + "Cargo.toml" + ".cargo" + ".cargo/.*" + ".config" + ".config/.*" + ".*/Cargo.toml" + ".*/proto/.*" + ]; - commonSrc = builtins.path { path = ./..; name = "fedimint"; }; + commonSrc = builtins.path { + path = ./..; + name = "fedimint"; + }; - filterSrcWithRegexes = regexes: src: + filterSrcWithRegexes = + regexes: src: let basePath = toString src + "/"; in lib.cleanSourceWith { - filter = (path: type: + filter = ( + path: type: let relPath = lib.removePrefix basePath (toString path); - includePath = - (type == "directory") || - lib.any - (re: builtins.match re relPath != null) - regexes; + includePath = (type == "directory") || lib.any (re: builtins.match re relPath != null) regexes; in # uncomment to debug: - # builtins.trace "${relPath}: ${lib.boolToString includePath}" + # builtins.trace "${relPath}: ${lib.boolToString includePath}" includePath ); inherit src; @@ -51,12 +69,38 @@ let filterWorkspaceDepsBuildFiles = src: filterSrcWithRegexes filterWorkspaceDepsBuildFilesRegex src; # Filter only files relevant to building the workspace - filterWorkspaceBuildFiles = src: filterSrcWithRegexes (filterWorkspaceDepsBuildFilesRegex ++ [ ".*\.rs" ".*\.html" ".*/proto/.*" "db/migrations/.*" "devimint/src/cfg/.*" "docs/.*\.md" ]) src; + filterWorkspaceBuildFiles = + src: + filterSrcWithRegexes ( + filterWorkspaceDepsBuildFilesRegex + ++ [ + ".*\.rs" + ".*\.html" + ".*/proto/.*" + "db/migrations/.*" + "devimint/src/cfg/.*" + "docs/.*\.md" + ] + ) src; # Like `filterWorkspaceFiles` but with `./scripts/` included - filterWorkspaceTestFiles = src: filterSrcWithRegexes (filterWorkspaceDepsBuildFilesRegex ++ [ ".*\.rs" ".*\.html" ".*/proto/.*" "db/migrations/.*" "devimint/src/cfg/.*" "scripts/.*" "docs/.*\.md" ]) src; - - filterWorkspaceAuditFiles = src: filterSrcWithRegexes (filterWorkspaceDepsBuildFilesRegex ++ [ "deny.toml" ]) src; + filterWorkspaceTestFiles = + src: + filterSrcWithRegexes ( + filterWorkspaceDepsBuildFilesRegex + ++ [ + ".*\.rs" + ".*\.html" + ".*/proto/.*" + "db/migrations/.*" + "devimint/src/cfg/.*" + "scripts/.*" + "docs/.*\.md" + ] + ) src; + + filterWorkspaceAuditFiles = + src: filterSrcWithRegexes (filterWorkspaceDepsBuildFilesRegex ++ [ "deny.toml" ]) src; # env vars for linking rocksdb commonEnvsShellRocksdbLink = @@ -69,47 +113,52 @@ let "ROCKSDB_${target_underscores}_STATIC" = "true"; "ROCKSDB_${target_underscores}_LIB_DIR" = "${pkgs.rocksdb}/lib/"; - } // pkgs.lib.optionalAttrs (!(pkgs.stdenv.isDarwin && pkgs.stdenv.isx86_64)) { + } + // pkgs.lib.optionalAttrs (!(pkgs.stdenv.isDarwin && pkgs.stdenv.isx86_64)) { # FIX: error: don't yet have a `targetPackages.darwin.LibsystemCross for x86_64-apple-darwin` SNAPPY_LIB_DIR = "${pkgs.pkgsStatic.snappy}/lib/"; "SNAPPY_${target_underscores}_LIB_DIR" = "${pkgs.pkgsStatic.snappy}/lib/"; - } // pkgs.lib.optionalAttrs (!pkgs.stdenv.isDarwin) { + } + // pkgs.lib.optionalAttrs (!pkgs.stdenv.isDarwin) { # macos can't static libraries SNAPPY_STATIC = "true"; "SNAPPY_${target_underscores}_STATIC" = "true"; }; - commonEnvsShellRocksdbLinkCross = commonEnvsShellRocksdbLink // pkgs.lib.optionalAttrs (!pkgs.stdenv.isDarwin) { - # TODO: could we used the android-nixpkgs toolchain instead of another one? - # ROCKSDB_aarch64_linux_android_STATIC = "true"; - # SNAPPY_aarch64_linux_android_STATIC = "true"; - # ROCKSDB_aarch64_linux_android_LIB_DIR = "${pkgs-unstable.pkgsCross.aarch64-android-prebuilt.rocksdb}/lib/"; - # SNAPPY_aarch64_linux_android_LIB_DIR = "${pkgs-unstable.pkgsCross.aarch64-android-prebuilt.pkgsStatic.snappy}/lib/"; - - # BROKEN - # error: "No timer implementation for this platform" - # ROCKSDB_armv7_linux_androideabi_STATIC = "true"; - # SNAPPY_armv7_linux_androideabi_STATIC = "true"; - # ROCKSDB_armv7_linux_androideabi_LIB_DIR = "${pkgs-unstable.pkgsCross.armv7a-android-prebuilt.rocksdb}/lib/"; - # SNAPPY_armv7_linux_androideabi_LIB_DIR = "${pkgs-unstable.pkgsCross.armv7a-android-prebuilt.pkgsStatic.snappy}/lib/"; - - # x86-64-linux-android doesn't have a toolchain in nixpkgs - } // pkgs.lib.optionalAttrs pkgs.stdenv.isDarwin { - # broken: fails to compile with: - # `linux-headers-android-common> sh: line 1: gcc: command not found` - # ROCKSDB_aarch64_linux_android_STATIC = "true"; - # SNAPPY_aarch64_linux_android_STATIC = "true"; - # ROCKSDB_aarch64_linux_android_LIB_DIR = "${pkgs-unstable.pkgsCross.aarch64-android.rocksdb}/lib/"; - # SNAPPY_aarch64_linux_android_LIB_DIR = "${pkgs-unstable.pkgsCross.aarch64-android.pkgsStatic.snappy}/lib/"; - - # requires downloading Xcode manually and adding to /nix/store - # then running with `env NIXPKGS_ALLOW_UNFREE=1 nix develop -L --impure` - # maybe we could live with it? - # ROCKSDB_aarch64_apple_ios_STATIC = "true"; - # SNAPPY_aarch64_apple_ios_STATIC = "true"; - # ROCKSDB_aarch64_apple_ios_LIB_DIR = "${pkgs-unstable.pkgsCross.iphone64.rocksdb}/lib/"; - # SNAPPY_aarch64_apple_ios_LIB_DIR = "${pkgs-unstable.pkgsCross.iphone64.pkgsStatic.snappy}/lib/"; - }; + commonEnvsShellRocksdbLinkCross = + commonEnvsShellRocksdbLink + // pkgs.lib.optionalAttrs (!pkgs.stdenv.isDarwin) { + # TODO: could we used the android-nixpkgs toolchain instead of another one? + # ROCKSDB_aarch64_linux_android_STATIC = "true"; + # SNAPPY_aarch64_linux_android_STATIC = "true"; + # ROCKSDB_aarch64_linux_android_LIB_DIR = "${pkgs-unstable.pkgsCross.aarch64-android-prebuilt.rocksdb}/lib/"; + # SNAPPY_aarch64_linux_android_LIB_DIR = "${pkgs-unstable.pkgsCross.aarch64-android-prebuilt.pkgsStatic.snappy}/lib/"; + + # BROKEN + # error: "No timer implementation for this platform" + # ROCKSDB_armv7_linux_androideabi_STATIC = "true"; + # SNAPPY_armv7_linux_androideabi_STATIC = "true"; + # ROCKSDB_armv7_linux_androideabi_LIB_DIR = "${pkgs-unstable.pkgsCross.armv7a-android-prebuilt.rocksdb}/lib/"; + # SNAPPY_armv7_linux_androideabi_LIB_DIR = "${pkgs-unstable.pkgsCross.armv7a-android-prebuilt.pkgsStatic.snappy}/lib/"; + + # x86-64-linux-android doesn't have a toolchain in nixpkgs + } + // pkgs.lib.optionalAttrs pkgs.stdenv.isDarwin { + # broken: fails to compile with: + # `linux-headers-android-common> sh: line 1: gcc: command not found` + # ROCKSDB_aarch64_linux_android_STATIC = "true"; + # SNAPPY_aarch64_linux_android_STATIC = "true"; + # ROCKSDB_aarch64_linux_android_LIB_DIR = "${pkgs-unstable.pkgsCross.aarch64-android.rocksdb}/lib/"; + # SNAPPY_aarch64_linux_android_LIB_DIR = "${pkgs-unstable.pkgsCross.aarch64-android.pkgsStatic.snappy}/lib/"; + + # requires downloading Xcode manually and adding to /nix/store + # then running with `env NIXPKGS_ALLOW_UNFREE=1 nix develop -L --impure` + # maybe we could live with it? + # ROCKSDB_aarch64_apple_ios_STATIC = "true"; + # SNAPPY_aarch64_apple_ios_STATIC = "true"; + # ROCKSDB_aarch64_apple_ios_LIB_DIR = "${pkgs-unstable.pkgsCross.iphone64.rocksdb}/lib/"; + # SNAPPY_aarch64_apple_ios_LIB_DIR = "${pkgs-unstable.pkgsCross.iphone64.pkgsStatic.snappy}/lib/"; + }; # env variables we want to set in all nix derivations & nix develop shell commonEnvsShell = commonEnvsShellRocksdbLink // { @@ -127,73 +176,82 @@ let commonArgs = { pname = "fedimint"; - buildInputs = with pkgs; [ - openssl - pkg-config - protobuf - sqlite - ] ++ lib.optionals (!stdenv.isDarwin) [ - util-linux - iproute2 - ] ++ lib.optionals stdenv.isDarwin [ - libiconv - darwin.apple_sdk.frameworks.Security - darwin.apple_sdk.frameworks.SystemConfiguration - ]; - - nativeBuildInputs = with pkgs; [ - pkg-config - moreutils-ts - - # tests - (hiPrio pkgs.bashInteractive) - bc - bitcoind - clightning - electrs - jq - lnd - netcat - perl - esplora-electrs - procps - which - cargo-nextest - moreutils-ts - parallel - time - ] ++ builtins.attrValues { - inherit (pkgs) cargo-nextest; - } ++ [ - # add a command that can be used to lower both CPU and IO priority - # of a command to help make it more friendly to other things - # potentially sharing the CI or dev machine - (if pkgs.stdenv.isLinux then [ - pkgs.util-linux - - (pkgs.writeShellScriptBin "runLowPrio" '' - set -euo pipefail - - cmd=() - if ${pkgs.which}/bin/which chrt 1>/dev/null 2>/dev/null ; then - cmd+=(chrt -i 0) - fi - if ${pkgs.which}/bin/which ionice 1>/dev/null 2>/dev/null ; then - cmd+=(ionice -c 3) - fi - - >&2 echo "Lowering IO priority with ''${cmd[@]}" - exec "''${cmd[@]}" "$@" - '' - ) - ] else [ - - (pkgs.writeShellScriptBin "runLowPrio" '' - exec "$@" - '' + buildInputs = + with pkgs; + [ + openssl + pkg-config + protobuf + sqlite + ] + ++ lib.optionals (!stdenv.isDarwin) [ + util-linux + iproute2 + ] + ++ lib.optionals stdenv.isDarwin [ + libiconv + darwin.apple_sdk.frameworks.Security + darwin.apple_sdk.frameworks.SystemConfiguration + ]; + + nativeBuildInputs = + with pkgs; + [ + pkg-config + moreutils-ts + + # tests + (hiPrio pkgs.bashInteractive) + bc + bitcoind + clightning + electrs + jq + lnd + netcat + perl + esplora-electrs + procps + which + cargo-nextest + moreutils-ts + parallel + time + ] + ++ builtins.attrValues { inherit (pkgs) cargo-nextest; } + ++ [ + # add a command that can be used to lower both CPU and IO priority + # of a command to help make it more friendly to other things + # potentially sharing the CI or dev machine + ( + if pkgs.stdenv.isLinux then + [ + pkgs.util-linux + + (pkgs.writeShellScriptBin "runLowPrio" '' + set -euo pipefail + + cmd=() + if ${pkgs.which}/bin/which chrt 1>/dev/null 2>/dev/null ; then + cmd+=(chrt -i 0) + fi + if ${pkgs.which}/bin/which ionice 1>/dev/null 2>/dev/null ; then + cmd+=(ionice -c 3) + fi + + >&2 echo "Lowering IO priority with ''${cmd[@]}" + exec "''${cmd[@]}" "$@" + '') + ] + else + [ + + (pkgs.writeShellScriptBin "runLowPrio" '' + exec "$@" + '') + ] ) - ]) - ] + ] ; @@ -212,503 +270,534 @@ let }; in -(flakeboxLib.craneMultiBuild { inherit toolchains profiles; }) (craneLib': -let - craneLib = - (craneLib'.overrideArgs (commonEnvsBuild // commonArgs // { - src = filterWorkspaceBuildFiles commonSrc; - })).overrideArgs'' (craneLib: args: - pkgs.lib.optionalAttrs (!(builtins.elem (craneLib.toolchainName or null) [ null "default" "stable" "nightly" ])) commonEnvsShellRocksdbLinkCross +(flakeboxLib.craneMultiBuild { inherit toolchains profiles; }) ( + craneLib': + let + craneLib = + (craneLib'.overrideArgs ( + commonEnvsBuild // commonArgs // { src = filterWorkspaceBuildFiles commonSrc; } + )).overrideArgs'' + ( + craneLib: args: + pkgs.lib.optionalAttrs ( + !(builtins.elem (craneLib.toolchainName or null) [ + null + "default" + "stable" + "nightly" + ]) + ) commonEnvsShellRocksdbLinkCross + ); + + craneLibTests = craneLib.overrideArgs ( + commonEnvsBuild + // commonCliTestArgs + // { + src = filterWorkspaceTestFiles commonSrc; + # there's no point saving the `./target/` dir + doInstallCargoArtifacts = false; + } ); + # copied and modified from flakebox, to add `runLowPrio`, due to mistake in flakebox + rawBuildPackageGroup = + { + pname ? null, + packages, + mainProgram ? null, + ... + }@origArgs: + let + args = builtins.removeAttrs origArgs [ + "mainProgram" + "pname" + "packages" + ]; + pname = + if builtins.hasAttr "pname" origArgs then + "${origArgs.pname}-group" + else if builtins.hasAttr "pname" craneLib.args then + "${craneLib.args.pname}-group" + else + null; + # "--package x --package y" args passed to cargo + pkgsArgs = lib.strings.concatStringsSep " " (builtins.map (name: "--package ${name}") packages); + + deps = craneLib.buildDepsOnly ( + args + // (lib.optionalAttrs (pname != null) { inherit pname; }) + // { + buildPhaseCargoCommand = "runLowPrio cargo build --profile $CARGO_PROFILE ${pkgsArgs}"; + } + ); + in + craneLib.buildPackage ( + args + // (lib.optionalAttrs (pname != null) { inherit pname; }) + // { + cargoArtifacts = deps; + meta = { + inherit mainProgram; + }; + cargoBuildCommand = "runLowPrio cargo build --profile $CARGO_PROFILE"; + cargoExtraArgs = "${pkgsArgs}"; + } + ); - craneLibTests = craneLib.overrideArgs (commonEnvsBuild // commonCliTestArgs // { - src = filterWorkspaceTestFiles commonSrc; - # there's no point saving the `./target/` dir - doInstallCargoArtifacts = false; - }); - - - # copied and modified from flakebox, to add `runLowPrio`, due to mistake in flakebox - rawBuildPackageGroup = { pname ? null, packages, mainProgram ? null, ... }@origArgs: - let - args = builtins.removeAttrs origArgs [ "mainProgram" "pname" "packages" ]; - pname = if builtins.hasAttr "pname" origArgs then "${origArgs.pname}-group" else if builtins.hasAttr "pname" craneLib.args then "${craneLib.args.pname}-group" else null; - # "--package x --package y" args passed to cargo - pkgsArgs = lib.strings.concatStringsSep " " (builtins.map (name: "--package ${name}") packages); - - deps = craneLib.buildDepsOnly (args // (lib.optionalAttrs (pname != null) { - inherit pname; - }) // { - buildPhaseCargoCommand = "runLowPrio cargo build --profile $CARGO_PROFILE ${pkgsArgs}"; - }); - in - craneLib.buildPackage (args // (lib.optionalAttrs (pname != null) { - inherit pname; - }) // { - cargoArtifacts = deps; - meta = { inherit mainProgram; }; - cargoBuildCommand = "runLowPrio cargo build --profile $CARGO_PROFILE"; - cargoExtraArgs = "${pkgsArgs}"; - }); - - fedimintBuildPackageGroup = args: replaceGitHash { - name = args.pname; - package = - # ideally this should work: - # craneLib.buildPackageGroup (args // { cargoBuildCommand = "runLowPrio cargo build --profile $CARGO_PROFILE"; }); - rawBuildPackageGroup args; - placeholder = gitHashPlaceholderValue; - }; -in -rec { - inherit commonArgs; - inherit commonEnvsShell; - inherit commonEnvsShellRocksdbLink; - inherit commonEnvsShellRocksdbLinkCross; - inherit gitHashPlaceholderValue; - commonArgsBase = commonArgs; - - workspaceDeps = craneLib.buildWorkspaceDepsOnly { - buildPhaseCargoCommand = "runLowPrio cargo doc --profile $CARGO_PROFILE --locked ; runLowPrio cargo check --profile $CARGO_PROFILE --all-targets --locked ; runLowPrio cargo build --profile $CARGO_PROFILE --locked --all-targets"; - }; + fedimintBuildPackageGroup = + args: + replaceGitHash { + name = args.pname; + package = + # ideally this should work: + # craneLib.buildPackageGroup (args // { cargoBuildCommand = "runLowPrio cargo build --profile $CARGO_PROFILE"; }); + rawBuildPackageGroup args; + placeholder = gitHashPlaceholderValue; + }; + in + rec { + inherit commonArgs; + inherit commonEnvsShell; + inherit commonEnvsShellRocksdbLink; + inherit commonEnvsShellRocksdbLinkCross; + inherit gitHashPlaceholderValue; + commonArgsBase = commonArgs; + + workspaceDeps = craneLib.buildWorkspaceDepsOnly { + buildPhaseCargoCommand = "runLowPrio cargo doc --profile $CARGO_PROFILE --locked ; runLowPrio cargo check --profile $CARGO_PROFILE --all-targets --locked ; runLowPrio cargo build --profile $CARGO_PROFILE --locked --all-targets"; + }; - # like `workspaceDeps` but don't run `cargo doc` - workspaceDepsNoDocs = craneLib.buildWorkspaceDepsOnly { - buildPhaseCargoCommand = "runLowPrio cargo check --profile $CARGO_PROFILE --all-targets --locked ; runLowPrio cargo build --profile $CARGO_PROFILE --locked --all-targets"; - }; + # like `workspaceDeps` but don't run `cargo doc` + workspaceDepsNoDocs = craneLib.buildWorkspaceDepsOnly { + buildPhaseCargoCommand = "runLowPrio cargo check --profile $CARGO_PROFILE --all-targets --locked ; runLowPrio cargo build --profile $CARGO_PROFILE --locked --all-targets"; + }; - workspaceBuild = craneLib.buildWorkspace { - cargoArtifacts = workspaceDeps; - buildPhaseCargoCommand = "runLowPrio cargo doc --profile $CARGO_PROFILE --locked ; runLowPrio cargo check --profile $CARGO_PROFILE --all-targets --locked ; runLowPrio cargo build --profile $CARGO_PROFILE --locked --all-targets"; - }; + workspaceBuild = craneLib.buildWorkspace { + cargoArtifacts = workspaceDeps; + buildPhaseCargoCommand = "runLowPrio cargo doc --profile $CARGO_PROFILE --locked ; runLowPrio cargo check --profile $CARGO_PROFILE --all-targets --locked ; runLowPrio cargo build --profile $CARGO_PROFILE --locked --all-targets"; + }; - workspaceDepsWasmTest = craneLib.buildWorkspaceDepsOnly { - pname = "${commonArgs.pname}-wasm-test"; - buildPhaseCargoCommand = "runLowPrio cargo build --profile $CARGO_PROFILE --locked --tests -p fedimint-wasm-tests"; - }; + workspaceDepsWasmTest = craneLib.buildWorkspaceDepsOnly { + pname = "${commonArgs.pname}-wasm-test"; + buildPhaseCargoCommand = "runLowPrio cargo build --profile $CARGO_PROFILE --locked --tests -p fedimint-wasm-tests"; + }; - workspaceBuildWasmTest = craneLib.buildWorkspace { - pnameSuffix = "-workspace-wasm-test"; - cargoArtifacts = workspaceDepsWasmTest; - buildPhaseCargoCommand = "runLowPrio cargo build --profile $CARGO_PROFILE --locked --tests -p fedimint-wasm-tests"; - }; + workspaceBuildWasmTest = craneLib.buildWorkspace { + pnameSuffix = "-workspace-wasm-test"; + cargoArtifacts = workspaceDepsWasmTest; + buildPhaseCargoCommand = "runLowPrio cargo build --profile $CARGO_PROFILE --locked --tests -p fedimint-wasm-tests"; + }; - workspaceTest = craneLib.cargoNextest { - cargoArtifacts = workspaceBuild; - cargoExtraArgs = "--workspace --all-targets --locked"; + workspaceTest = craneLib.cargoNextest { + cargoArtifacts = workspaceBuild; + cargoExtraArgs = "--workspace --all-targets --locked"; - FM_DISCOVER_API_VERSION_TIMEOUT = "10"; - FM_CARGO_DENY_COMPILATION = "1"; - }; - - workspaceTestDoc = craneLib.cargoTest { - # can't use nextest due to: https://github.com/nextest-rs/nextest/issues/16 - cargoTestExtraArgs = "--doc"; - cargoArtifacts = workspaceBuild; + FM_DISCOVER_API_VERSION_TIMEOUT = "10"; + FM_CARGO_DENY_COMPILATION = "1"; + }; - # workaround: `cargo test --doc` started to ignore CARGO_TARGET__RUSTFLAGS - # out of the blue - stdenv = pkgs.clangStdenv; - }; + workspaceTestDoc = craneLib.cargoTest { + # can't use nextest due to: https://github.com/nextest-rs/nextest/issues/16 + cargoTestExtraArgs = "--doc"; + cargoArtifacts = workspaceBuild; - workspaceClippy = craneLib.cargoClippy { - cargoArtifacts = workspaceDeps; + # workaround: `cargo test --doc` started to ignore CARGO_TARGET__RUSTFLAGS + # out of the blue + stdenv = pkgs.clangStdenv; + }; - cargoClippyExtraArgs = "--workspace --all-targets --no-deps"; - doInstallCargoArtifacts = false; - }; + workspaceClippy = craneLib.cargoClippy { + cargoArtifacts = workspaceDeps; - workspaceDoc = craneLibTests.mkCargoDerivation { - pnameSuffix = "-workspace-docs"; - cargoArtifacts = workspaceDeps; - buildPhaseCargoCommand = '' - patchShebangs ./scripts - export FM_RUSTDOC_INDEX_MD=${../docs/rustdoc-index.md} - ./scripts/dev/build-docs.sh - ''; - doInstallCargoArtifacts = false; - postInstall = '' - mkdir $out/share - cp -a target/doc $out/share/doc - ''; - doCheck = false; - dontFixup = true; - dontStrip = true; - }; + cargoClippyExtraArgs = "--workspace --all-targets --no-deps"; + doInstallCargoArtifacts = false; + }; - # version of `workspaceDocs` for public consumption (uploaded to https://docs.fedimint.org/) - workspaceDocExport = workspaceDoc.overrideAttrs (final: prev: { - # we actually don't want to have docs for dependencies in exported documentation - cargoArtifacts = workspaceDepsNoDocs; - nativeBuildInputs = prev.nativeBuildInputs or [ ] ++ [ pkgs.pandoc ]; - }); - - workspaceCargoUdepsDeps = craneLib.buildDepsOnly { - pname = "${commonArgs.pname}-udeps-deps"; - nativeBuildInputs = commonArgs.nativeBuildInputs ++ [ pkgs.cargo-udeps ]; - # since we filtered all the actual project source, everything will definitely fail - # but we only run this step to cache the build artifacts, so we ignore failure with `|| true` - buildPhaseCargoCommand = "cargo udeps --workspace --all-targets --profile $CARGO_PROFILE || true"; - doCheck = false; - }; + workspaceDoc = craneLibTests.mkCargoDerivation { + pnameSuffix = "-workspace-docs"; + cargoArtifacts = workspaceDeps; + buildPhaseCargoCommand = '' + patchShebangs ./scripts + export FM_RUSTDOC_INDEX_MD=${../docs/rustdoc-index.md} + ./scripts/dev/build-docs.sh + ''; + doInstallCargoArtifacts = false; + postInstall = '' + mkdir $out/share + cp -a target/doc $out/share/doc + ''; + doCheck = false; + dontFixup = true; + dontStrip = true; + }; - workspaceCargoUdeps = craneLib.mkCargoDerivation { - pname = "fedimint-udeps"; - cargoArtifacts = workspaceCargoUdepsDeps; - nativeBuildInputs = commonArgs.nativeBuildInputs ++ [ pkgs.cargo-udeps ]; - buildPhaseCargoCommand = "cargo udeps --workspace --all-targets --profile $CARGO_PROFILE"; - doInstallCargoArtifacts = false; - doCheck = false; - }; + # version of `workspaceDocs` for public consumption (uploaded to https://docs.fedimint.org/) + workspaceDocExport = workspaceDoc.overrideAttrs ( + final: prev: { + # we actually don't want to have docs for dependencies in exported documentation + cargoArtifacts = workspaceDepsNoDocs; + nativeBuildInputs = prev.nativeBuildInputs or [ ] ++ [ pkgs.pandoc ]; + } + ); - cargoAudit = craneLib.cargoAudit { - inherit advisory-db; - src = filterWorkspaceAuditFiles commonSrc; - }; + workspaceCargoUdepsDeps = craneLib.buildDepsOnly { + pname = "${commonArgs.pname}-udeps-deps"; + nativeBuildInputs = commonArgs.nativeBuildInputs ++ [ pkgs.cargo-udeps ]; + # since we filtered all the actual project source, everything will definitely fail + # but we only run this step to cache the build artifacts, so we ignore failure with `|| true` + buildPhaseCargoCommand = "cargo udeps --workspace --all-targets --profile $CARGO_PROFILE || true"; + doCheck = false; + }; - cargoDeny = craneLib.cargoDeny { - src = filterWorkspaceAuditFiles commonSrc; - }; + workspaceCargoUdeps = craneLib.mkCargoDerivation { + pname = "fedimint-udeps"; + cargoArtifacts = workspaceCargoUdepsDeps; + nativeBuildInputs = commonArgs.nativeBuildInputs ++ [ pkgs.cargo-udeps ]; + buildPhaseCargoCommand = "cargo udeps --workspace --all-targets --profile $CARGO_PROFILE"; + doInstallCargoArtifacts = false; + doCheck = false; + }; - # Build only deps, but with llvm-cov so `workspaceCov` can reuse them cached - workspaceDepsCov = craneLib.buildDepsOnly { - pname = "fedimint-workspace-lcov"; - buildPhaseCargoCommand = "source <(cargo llvm-cov show-env --export-prefix); runLowPrio cargo build --locked --workspace --all-targets --profile $CARGO_PROFILE"; - cargoBuildCommand = "dontuse"; - cargoCheckCommand = "dontuse"; - nativeBuildInputs = [ pkgs.cargo-llvm-cov ]; - doCheck = false; - }; + cargoAudit = craneLib.cargoAudit { + inherit advisory-db; + src = filterWorkspaceAuditFiles commonSrc; + }; - workspaceCov = craneLib.buildWorkspace { - pname = "fedimint-workspace-lcov"; - cargoArtifacts = workspaceDepsCov; - buildPhaseCargoCommand = "source <(cargo llvm-cov show-env --export-prefix); runLowPrio cargo build --locked --workspace --all-targets --profile $CARGO_PROFILE;"; - nativeBuildInputs = [ pkgs.cargo-llvm-cov ]; - doCheck = false; - }; + cargoDeny = craneLib.cargoDeny { src = filterWorkspaceAuditFiles commonSrc; }; - workspaceTestCovBase = { times }: craneLib.buildPackage { - pname = "fedimint-workspace-lcov"; - cargoArtifacts = workspaceCov; - - FM_DISCOVER_API_VERSION_TIMEOUT = "10"; - - buildPhaseCargoCommand = ('' - source <(cargo llvm-cov show-env --export-prefix) - '' + - lib.concatStringsSep "\n" - ( - lib.replicate times '' - env RUST_BACKTRACE=1 RUST_LOG=info cargo nextest run --locked --workspace --all-targets --cargo-profile $CARGO_PROFILE --profile nix-ccov --test-threads=$(($(nproc) * 2)) - '' - ) + '' - mkdir -p $out - cargo llvm-cov report --profile $CARGO_PROFILE --lcov --output-path $out/lcov.info - '' - ); - installPhaseCommand = "true"; - nativeBuildInputs = [ pkgs.cargo-llvm-cov ]; - doCheck = false; - }; + # Build only deps, but with llvm-cov so `workspaceCov` can reuse them cached + workspaceDepsCov = craneLib.buildDepsOnly { + pname = "fedimint-workspace-lcov"; + buildPhaseCargoCommand = "source <(cargo llvm-cov show-env --export-prefix); runLowPrio cargo build --locked --workspace --all-targets --profile $CARGO_PROFILE"; + cargoBuildCommand = "dontuse"; + cargoCheckCommand = "dontuse"; + nativeBuildInputs = [ pkgs.cargo-llvm-cov ]; + doCheck = false; + }; - workspaceTestCov = workspaceTestCovBase { times = 1; }; - workspaceTest5TimesCov = workspaceTestCovBase { times = 5; }; - workspaceTest10TimesCov = workspaceTestCovBase { times = 10; }; + workspaceCov = craneLib.buildWorkspace { + pname = "fedimint-workspace-lcov"; + cargoArtifacts = workspaceDepsCov; + buildPhaseCargoCommand = "source <(cargo llvm-cov show-env --export-prefix); runLowPrio cargo build --locked --workspace --all-targets --profile $CARGO_PROFILE;"; + nativeBuildInputs = [ pkgs.cargo-llvm-cov ]; + doCheck = false; + }; - reconnectTest = craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-reconnect"; - cargoArtifacts = workspaceBuild; - buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/reconnect-test.sh"; - }; + workspaceTestCovBase = + { times }: + craneLib.buildPackage { + pname = "fedimint-workspace-lcov"; + cargoArtifacts = workspaceCov; + + FM_DISCOVER_API_VERSION_TIMEOUT = "10"; + + buildPhaseCargoCommand = ( + '' + source <(cargo llvm-cov show-env --export-prefix) + '' + + lib.concatStringsSep "\n" ( + lib.replicate times '' + env RUST_BACKTRACE=1 RUST_LOG=info cargo nextest run --locked --workspace --all-targets --cargo-profile $CARGO_PROFILE --profile nix-ccov --test-threads=$(($(nproc) * 2)) + '' + ) + + '' + mkdir -p $out + cargo llvm-cov report --profile $CARGO_PROFILE --lcov --output-path $out/lcov.info + '' + ); + installPhaseCommand = "true"; + nativeBuildInputs = [ pkgs.cargo-llvm-cov ]; + doCheck = false; + }; - latencyTest = craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-latency"; - cargoArtifacts = workspaceBuild; - buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/latency-test.sh"; - }; + workspaceTestCov = workspaceTestCovBase { times = 1; }; + workspaceTest5TimesCov = workspaceTestCovBase { times = 5; }; + workspaceTest10TimesCov = workspaceTestCovBase { times = 10; }; - guardianBackupTest = craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-guardian-backp"; - cargoArtifacts = workspaceBuild; - buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/guardian-backup.sh"; - }; + reconnectTest = craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-reconnect"; + cargoArtifacts = workspaceBuild; + buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/reconnect-test.sh"; + }; - devimintCliTest = craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-cli"; - cargoArtifacts = workspaceBuild; - buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/devimint-cli-test.sh"; - }; + latencyTest = craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-latency"; + cargoArtifacts = workspaceBuild; + buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/latency-test.sh"; + }; - devimintCliTestSingle = craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-cli"; - cargoArtifacts = workspaceBuild; - buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/devimint-cli-test-single.sh"; - }; + guardianBackupTest = craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-guardian-backp"; + cargoArtifacts = workspaceBuild; + buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/guardian-backup.sh"; + }; - cliLoadTestToolTest = craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-cli"; - cargoArtifacts = workspaceBuild; - buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/load-test-tool-test.sh"; - }; + devimintCliTest = craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-cli"; + cargoArtifacts = workspaceBuild; + buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/devimint-cli-test.sh"; + }; - backendTest = craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-backend-test"; - cargoArtifacts = workspaceBuild; - buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/test/backend-test.sh"; - }; + devimintCliTestSingle = craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-cli"; + cargoArtifacts = workspaceBuild; + buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/devimint-cli-test-single.sh"; + }; - ciTestAllBase = { times }: craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-all"; - cargoArtifacts = craneMultiBuild.default.${craneLib.cargoProfile or "release"}.workspaceBuild; - - FM_DISCOVER_API_VERSION_TIMEOUT = "10"; - - # One normal run, then if succeeded, modify the "always success test" to fail, - # and make sure we detect it (happened too many times that we didn't). - # Thanks to early termination, this should be all very quick, as we actually - # won't start other tests. - buildPhaseCargoCommand = '' - # when running on a wasm32-unknown toolchain... - if [ "$CARGO_BUILD_TARGET" == "wasm32-unknown-unknown" ]; then - # import pre-built wasm32-unknown wasm test artifacts - # notably, they are extracted to target's sub-directory, where wasm-test.sh expects them - inheritCargoArtifacts ${craneMultiBuild.wasm32-unknown.${craneLib.cargoProfile or "release"}.workspaceBuildWasmTest} "target/pkgs/fedimint-wasm-tests" - fi - # default to building for native; running test for cross-compilation targets - # here doesn't make any sense, and `wasm32-unknown-unknown` toolchain is used - # mostly to opt-in into wasm tests - unset CARGO_BUILD_TARGET - - patchShebangs ./scripts - export FM_CARGO_DENY_COMPILATION=1 - export FM_TEST_CI_ALL_TIMES=${builtins.toString times} - export FM_TEST_CI_ALL_DISABLE_ETA=1 - ./scripts/tests/test-ci-all.sh || exit 1 - cp scripts/tests/always-success-test.sh scripts/tests/always-success-test.sh.bck - sed -i -e 's/exit 0/exit 1/g' scripts/tests/always-success-test.sh - echo "Verifying failure detection..." - ./scripts/tests/test-ci-all.sh 1>/dev/null 2>/dev/null && exit 1 - cp -f scripts/tests/always-success-test.sh.bck scripts/tests/always-success-test.sh - ''; - }; + cliLoadTestToolTest = craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-cli"; + cargoArtifacts = workspaceBuild; + buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/load-test-tool-test.sh"; + }; - ciTestAll = ciTestAllBase { times = 1; }; - ciTestAll5Times = ciTestAllBase { times = 5; }; + backendTest = craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-backend-test"; + cargoArtifacts = workspaceBuild; + buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/test/backend-test.sh"; + }; - alwaysFailTest = craneLibTests.mkCargoDerivation { - pname = "${commonCliTestArgs.pname}-always-fail"; - cargoArtifacts = workspaceBuild; - buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/always-fail-test.sh"; - }; + ciTestAllBase = + { times }: + craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-all"; + cargoArtifacts = craneMultiBuild.default.${craneLib.cargoProfile or "release"}.workspaceBuild; + + FM_DISCOVER_API_VERSION_TIMEOUT = "10"; + + # One normal run, then if succeeded, modify the "always success test" to fail, + # and make sure we detect it (happened too many times that we didn't). + # Thanks to early termination, this should be all very quick, as we actually + # won't start other tests. + buildPhaseCargoCommand = '' + # when running on a wasm32-unknown toolchain... + if [ "$CARGO_BUILD_TARGET" == "wasm32-unknown-unknown" ]; then + # import pre-built wasm32-unknown wasm test artifacts + # notably, they are extracted to target's sub-directory, where wasm-test.sh expects them + inheritCargoArtifacts ${ + craneMultiBuild.wasm32-unknown.${craneLib.cargoProfile or "release"}.workspaceBuildWasmTest + } "target/pkgs/fedimint-wasm-tests" + fi + # default to building for native; running test for cross-compilation targets + # here doesn't make any sense, and `wasm32-unknown-unknown` toolchain is used + # mostly to opt-in into wasm tests + unset CARGO_BUILD_TARGET + + patchShebangs ./scripts + export FM_CARGO_DENY_COMPILATION=1 + export FM_TEST_CI_ALL_TIMES=${builtins.toString times} + export FM_TEST_CI_ALL_DISABLE_ETA=1 + ./scripts/tests/test-ci-all.sh || exit 1 + cp scripts/tests/always-success-test.sh scripts/tests/always-success-test.sh.bck + sed -i -e 's/exit 0/exit 1/g' scripts/tests/always-success-test.sh + echo "Verifying failure detection..." + ./scripts/tests/test-ci-all.sh 1>/dev/null 2>/dev/null && exit 1 + cp -f scripts/tests/always-success-test.sh.bck scripts/tests/always-success-test.sh + ''; + }; + ciTestAll = ciTestAllBase { times = 1; }; + ciTestAll5Times = ciTestAllBase { times = 5; }; - wasmTest = craneLibTests.mkCargoDerivation { - pname = "wasm-test"; - # TODO: https://github.com/ipetkov/crane/issues/416 - cargoArtifacts = craneMultiBuild.default.${craneLib.cargoProfile or "release"}.workspaceBuild; - nativeBuildInputs = commonCliTestArgs.nativeBuildInputs ++ [ pkgs.firefox pkgs.wasm-bindgen-cli pkgs.geckodriver pkgs.wasm-pack ]; - buildPhaseCargoCommand = '' - inheritCargoArtifacts ${craneMultiBuild.wasm32-unknown.${craneLib.cargoProfile or "release"}.workspaceBuildWasmTest} "target/pkgs/fedimint-wasm-tests" - patchShebangs ./scripts; SKIP_CARGO_BUILD=1 ./scripts/tests/wasm-test.sh''; - }; + alwaysFailTest = craneLibTests.mkCargoDerivation { + pname = "${commonCliTestArgs.pname}-always-fail"; + cargoArtifacts = workspaceBuild; + buildPhaseCargoCommand = "patchShebangs ./scripts ; ./scripts/tests/always-fail-test.sh"; + }; - fedimint-pkgs = fedimintBuildPackageGroup { - pname = "fedimint-pkgs"; + wasmTest = craneLibTests.mkCargoDerivation { + pname = "wasm-test"; + # TODO: https://github.com/ipetkov/crane/issues/416 + cargoArtifacts = craneMultiBuild.default.${craneLib.cargoProfile or "release"}.workspaceBuild; + nativeBuildInputs = commonCliTestArgs.nativeBuildInputs ++ [ + pkgs.firefox + pkgs.wasm-bindgen-cli + pkgs.geckodriver + pkgs.wasm-pack + ]; + buildPhaseCargoCommand = '' + inheritCargoArtifacts ${ + craneMultiBuild.wasm32-unknown.${craneLib.cargoProfile or "release"}.workspaceBuildWasmTest + } "target/pkgs/fedimint-wasm-tests" + patchShebangs ./scripts; SKIP_CARGO_BUILD=1 ./scripts/tests/wasm-test.sh''; + }; - packages = [ - "fedimintd" - "fedimint-cli" - "fedimint-dbtool" - "fedimint-recoverytool" - ]; - }; + fedimint-pkgs = fedimintBuildPackageGroup { + pname = "fedimint-pkgs"; - gateway-pkgs = fedimintBuildPackageGroup { - pname = "gateway-pkgs"; + packages = [ + "fedimintd" + "fedimint-cli" + "fedimint-dbtool" + "fedimint-recoverytool" + ]; + }; - packages = [ - "fedimint-ln-gateway" - "fedimint-gateway-cli" - ]; - }; + gateway-pkgs = fedimintBuildPackageGroup { + pname = "gateway-pkgs"; - client-pkgs = fedimintBuildPackageGroup { - pname = "client-pkgs"; + packages = [ + "fedimint-ln-gateway" + "fedimint-gateway-cli" + ]; + }; - packages = [ - "fedimint-client" - ]; - }; + client-pkgs = fedimintBuildPackageGroup { + pname = "client-pkgs"; - fedimint-client-wasm = fedimintBuildPackageGroup { - pname = "fedimint-client-wasm"; + packages = [ "fedimint-client" ]; + }; - packages = [ - "fedimint-client-wasm" - ]; - }; + fedimint-client-wasm = fedimintBuildPackageGroup { + pname = "fedimint-client-wasm"; - devimint = fedimintBuildPackageGroup { - pname = "devimint"; - packages = [ - "devimint" - ]; - }; + packages = [ "fedimint-client-wasm" ]; + }; - fedimint-load-test-tool = fedimintBuildPackageGroup { - pname = "fedimint-load-test-tool"; - packages = [ "fedimint-load-test-tool" ]; - }; + devimint = fedimintBuildPackageGroup { + pname = "devimint"; + packages = [ "devimint" ]; + }; + fedimint-load-test-tool = fedimintBuildPackageGroup { + pname = "fedimint-load-test-tool"; + packages = [ "fedimint-load-test-tool" ]; + }; - fedimintd = flakeboxLib.pickBinary - { + fedimintd = flakeboxLib.pickBinary { pkg = fedimint-pkgs; bin = "fedimintd"; }; - fedimint-cli = flakeboxLib.pickBinary - { + fedimint-cli = flakeboxLib.pickBinary { pkg = fedimint-pkgs; bin = "fedimint-cli"; }; - fedimint-dbtool = flakeboxLib.pickBinary - { + fedimint-dbtool = flakeboxLib.pickBinary { pkg = fedimint-pkgs; bin = "fedimint-dbtool"; }; - gatewayd = flakeboxLib.pickBinary - { + gatewayd = flakeboxLib.pickBinary { pkg = gateway-pkgs; bin = "gatewayd"; }; - gateway-cli = flakeboxLib.pickBinary - { + gateway-cli = flakeboxLib.pickBinary { pkg = gateway-pkgs; bin = "gateway-cli"; }; - gateway-cln-extension = flakeboxLib.pickBinary - { + gateway-cln-extension = flakeboxLib.pickBinary { pkg = gateway-pkgs; bin = "gateway-cln-extension"; }; - fedimint-recoverytool = flakeboxLib.pickBinary - { + fedimint-recoverytool = flakeboxLib.pickBinary { pkg = fedimint-pkgs; bin = "fedimint-recoverytool"; }; - container = - let - entrypointScript = - pkgs.writeShellScriptBin "entrypoint" '' + container = + let + entrypointScript = pkgs.writeShellScriptBin "entrypoint" '' exec bash "${../misc/fedimintd-container-entrypoint.sh}" "$@" ''; - defaultPackages = [ pkgs.bash pkgs.coreutils pkgs.fakeNss pkgs.busybox pkgs.curl pkgs.rsync ]; - in - { - fedimintd = pkgs.dockerTools.buildLayeredImage { - name = "fedimintd"; - contents = [ fedimint-pkgs ] ++ defaultPackages; - config = { - Cmd = [ ]; # entrypoint will handle empty vs non-empty cmd - Env = [ - "FM_DATA_DIR=/data" - ]; - Entrypoint = [ - "${entrypointScript}/bin/entrypoint" - ]; - WorkDir = "/data"; - Volumes = { - "/data" = { }; - }; - ExposedPorts = { - "${builtins.toString 8173}/tcp" = { }; - "${builtins.toString 8174}/tcp" = { }; + defaultPackages = [ + pkgs.bash + pkgs.coreutils + pkgs.fakeNss + pkgs.busybox + pkgs.curl + pkgs.rsync + ]; + in + { + fedimintd = pkgs.dockerTools.buildLayeredImage { + name = "fedimintd"; + contents = [ fedimint-pkgs ] ++ defaultPackages; + config = { + Cmd = [ ]; # entrypoint will handle empty vs non-empty cmd + Env = [ "FM_DATA_DIR=/data" ]; + Entrypoint = [ "${entrypointScript}/bin/entrypoint" ]; + WorkDir = "/data"; + Volumes = { + "/data" = { }; + }; + ExposedPorts = { + "${builtins.toString 8173}/tcp" = { }; + "${builtins.toString 8174}/tcp" = { }; + }; }; }; - }; - - fedimint-cli = pkgs.dockerTools.buildLayeredImage { - name = "fedimint-cli"; - contents = [ fedimint-pkgs ] ++ defaultPackages; - config = { - Cmd = [ - "${fedimint-pkgs}/bin/fedimint-cli" - ]; - }; - }; - gatewayd = pkgs.dockerTools.buildLayeredImage { - name = "gatewayd"; - contents = [ gateway-pkgs ] ++ defaultPackages; - config = { - Cmd = [ - "${gateway-pkgs}/bin/gatewayd" - ]; - }; - }; - - cln-light-gateway = let - entrypoint = pkgs.writeShellScriptBin "entrypoint.sh" '' - ${pkgs.clightning}/bin/lightningd \ - --lightning-dir=/lightning \ - --disable-plugin=bcli \ - --network=$NETWORK \ - --plugin=${pkgs.trustedcoin}/bin/trustedcoin \ - --plugin=${gateway-pkgs}/bin/gateway-cln-extension \ - --fm-gateway-listen=0.0.0.0:3301 \ - $@ - ''; - in pkgs.dockerTools.buildLayeredImage { - name = "cln-light-gateway"; - contents = [ gateway-pkgs pkgs.clightning pkgs.trustedcoin pkgs.cacert ] ++ defaultPackages; - config = { - Cmd = [ - "${entrypoint}/bin/entrypoint.sh" - ]; - Volumes = { - "/lightning" = {}; - }; - ExposedPorts = { - "9735/tcp" = {}; - "3301/tcp" = {}; + fedimint-cli = pkgs.dockerTools.buildLayeredImage { + name = "fedimint-cli"; + contents = [ fedimint-pkgs ] ++ defaultPackages; + config = { + Cmd = [ "${fedimint-pkgs}/bin/fedimint-cli" ]; }; - Env = [ - "NETWORK=bitcoin" - ]; }; - }; - gateway-cli = pkgs.dockerTools.buildLayeredImage { - name = "gateway-cli"; - contents = [ gateway-pkgs ] ++ defaultPackages; - config = { - Cmd = [ - "${gateway-pkgs}/bin/gateway-cli" - ]; + gatewayd = pkgs.dockerTools.buildLayeredImage { + name = "gatewayd"; + contents = [ gateway-pkgs ] ++ defaultPackages; + config = { + Cmd = [ "${gateway-pkgs}/bin/gatewayd" ]; + }; }; - }; - devtools = - pkgs.dockerTools.buildLayeredImage - { - name = "fedimint-devtools"; + cln-light-gateway = + let + entrypoint = pkgs.writeShellScriptBin "entrypoint.sh" '' + ${pkgs.clightning}/bin/lightningd \ + --lightning-dir=/lightning \ + --disable-plugin=bcli \ + --network=$NETWORK \ + --plugin=${pkgs.trustedcoin}/bin/trustedcoin \ + --plugin=${gateway-pkgs}/bin/gateway-cln-extension \ + --fm-gateway-listen=0.0.0.0:3301 \ + $@ + ''; + in + pkgs.dockerTools.buildLayeredImage { + name = "cln-light-gateway"; contents = [ - devimint - fedimint-dbtool - fedimint-load-test-tool - fedimint-recoverytool + gateway-pkgs + pkgs.clightning + pkgs.trustedcoin + pkgs.cacert ] ++ defaultPackages; config = { - Cmd = [ - "${pkgs.bash}/bin/bash" - ]; + Cmd = [ "${entrypoint}/bin/entrypoint.sh" ]; + Volumes = { + "/lightning" = { }; + }; + ExposedPorts = { + "9735/tcp" = { }; + "3301/tcp" = { }; + }; + Env = [ "NETWORK=bitcoin" ]; }; }; - }; -}) + + gateway-cli = pkgs.dockerTools.buildLayeredImage { + name = "gateway-cli"; + contents = [ gateway-pkgs ] ++ defaultPackages; + config = { + Cmd = [ "${gateway-pkgs}/bin/gateway-cli" ]; + }; + }; + + devtools = pkgs.dockerTools.buildLayeredImage { + name = "fedimint-devtools"; + contents = [ + devimint + fedimint-dbtool + fedimint-load-test-tool + fedimint-recoverytool + ] ++ defaultPackages; + config = { + Cmd = [ "${pkgs.bash}/bin/bash" ]; + }; + }; + }; + } +) diff --git a/nix/modules/fedimintd.nix b/nix/modules/fedimintd.nix index b991656b90e..9ed5f064a08 100644 --- a/nix/modules/fedimintd.nix +++ b/nix/modules/fedimintd.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) filterAttrs @@ -11,171 +16,179 @@ let mkOption mkPackageOption nameValuePair - types; + types + ; eachFedimintd = filterAttrs (fedimintdName: cfg: cfg.enable) config.services.fedimintd; eachFedimintdNginx = filterAttrs (fedimintdName: cfg: cfg.nginx.enable) eachFedimintd; - fedimintdOpts = { config, lib, name, ... }: { - options = { - enable = mkEnableOption "fedimintd"; - - package = mkPackageOption pkgs "fedimintd" { }; - - user = mkOption { - type = types.str; - default = "fedimintd-${name}"; - description = "The user as which to run fedimintd."; - }; + fedimintdOpts = + { + config, + lib, + name, + ... + }: + { + options = { + enable = mkEnableOption "fedimintd"; - group = mkOption { - type = types.str; - default = config.user; - description = "The group as which to run fedimintd."; - }; + package = mkPackageOption pkgs "fedimintd" { }; - extraEnvironment = mkOption { - type = types.attrsOf types.str; - description = lib.mdDoc "Extra Environment variables to pass to the fedimintd."; - default = { - RUST_BACKTRACE = "1"; - }; - example = { - RUST_LOG = "info,fm=debug"; - RUST_BACKTRACE = "1"; - }; - }; - - p2p = { - openFirewall = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Opens port in firewall for fedimintd's p2p port"; - }; - port = mkOption { - type = types.port; - default = 8173; - description = lib.mdDoc "Port to bind on for p2p connections from peers"; - }; - bind = mkOption { + user = mkOption { type = types.str; - default = "0.0.0.0"; - description = lib.mdDoc "Address to bind on for p2p connections from peers"; + default = "fedimintd-${name}"; + description = "The user as which to run fedimintd."; }; - fqdn = mkOption { - type = types.nullOr types.str; - default = null; - example = "p2p.myfedimint.com"; - description = lib.mdDoc "Domain to host p2p over"; - }; - address = mkOption { - type = types.nullOr types.str; - default = "fedimint://${config.p2p.fqdn}"; - example = "fedimint://p2p.myfedimint.com"; - description = lib.mdDoc '' - Public address for p2p connections from peers - Typically you want to set `fqdn` instead. - ''; - }; - }; - api = { - openFirewall = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Opens port in firewall for fedimintd's api port"; - }; - port = mkOption { - type = types.port; - default = 8174; - description = lib.mdDoc "Port to bind on for API connections relied by the reverse proxy/tls terminator."; - }; - bind = mkOption { + group = mkOption { type = types.str; - default = "127.0.0.1"; - description = lib.mdDoc "Address to bind on for API connections relied by the reverse proxy/tls terminator. Usually starting with `fedimint://`"; - }; - fqdn = mkOption { - type = types.nullOr types.str; - default = null; - example = "api.myfedimint.com"; - description = lib.mdDoc "Domain to host API on"; + default = config.user; + description = "The group as which to run fedimintd."; }; - address = mkOption { - type = types.nullOr types.str; - default = "wss://${config.api.fqdn}"; - description = lib.mdDoc '' - Public URL of the API address of the reverse proxy/tls terminator. Usually starting with `wss://`. - Typically you want to override `fqdn` instead. - ''; - }; - }; - bitcoin = { - network = mkOption { - type = types.str; - default = "signet"; - example = "bitcoin"; - description = lib.mdDoc "Bitcoin network to participate in."; + extraEnvironment = mkOption { + type = types.attrsOf types.str; + description = lib.mdDoc "Extra Environment variables to pass to the fedimintd."; + default = { + RUST_BACKTRACE = "1"; + }; + example = { + RUST_LOG = "info,fm=debug"; + RUST_BACKTRACE = "1"; + }; }; - rpc = { - address = mkOption { + + p2p = { + openFirewall = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Opens port in firewall for fedimintd's p2p port"; + }; + port = mkOption { + type = types.port; + default = 8173; + description = lib.mdDoc "Port to bind on for p2p connections from peers"; + }; + bind = mkOption { type = types.str; - default = "http://127.0.0.1:38332"; - example = "signet"; - description = lib.mdDoc "Bitcoin node (bitcoind/electrum/esplora) address to connect to"; + default = "0.0.0.0"; + description = lib.mdDoc "Address to bind on for p2p connections from peers"; + }; + fqdn = mkOption { + type = types.nullOr types.str; + default = null; + example = "p2p.myfedimint.com"; + description = lib.mdDoc "Domain to host p2p over"; }; + address = mkOption { + type = types.nullOr types.str; + default = "fedimint://${config.p2p.fqdn}"; + example = "fedimint://p2p.myfedimint.com"; + description = lib.mdDoc '' + Public address for p2p connections from peers - kind = mkOption { + Typically you want to set `fqdn` instead. + ''; + }; + }; + api = { + openFirewall = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Opens port in firewall for fedimintd's api port"; + }; + port = mkOption { + type = types.port; + default = 8174; + description = lib.mdDoc "Port to bind on for API connections relied by the reverse proxy/tls terminator."; + }; + bind = mkOption { type = types.str; - default = "bitcoind"; - example = "electrum"; - description = lib.mdDoc "Kind of a bitcoin node."; + default = "127.0.0.1"; + description = lib.mdDoc "Address to bind on for API connections relied by the reverse proxy/tls terminator. Usually starting with `fedimint://`"; }; - - secretFile = mkOption { + fqdn = mkOption { type = types.nullOr types.str; default = null; + example = "api.myfedimint.com"; + description = lib.mdDoc "Domain to host API on"; + }; + address = mkOption { + type = types.nullOr types.str; + default = "wss://${config.api.fqdn}"; description = lib.mdDoc '' - If set the URL specified in `bitcoin.rpc.address` will get the content of this file added - as an URL password, so `http://user@example.com` will turn into `http://user:SOMESECRET@example.com`. - - Example: + Public URL of the API address of the reverse proxy/tls terminator. Usually starting with `wss://`. - `/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public` (for nix-bitcoin default) + Typically you want to override `fqdn` instead. ''; }; }; - }; + bitcoin = { + network = mkOption { + type = types.str; + default = "signet"; + example = "bitcoin"; + description = lib.mdDoc "Bitcoin network to participate in."; + }; + rpc = { + address = mkOption { + type = types.str; + default = "http://127.0.0.1:38332"; + example = "signet"; + description = lib.mdDoc "Bitcoin node (bitcoind/electrum/esplora) address to connect to"; + }; - consensus.finalityDelay = mkOption { - type = types.number; - default = 10; - description = lib.mdDoc "Consensus peg-in finality delay."; - }; + kind = mkOption { + type = types.str; + default = "bitcoind"; + example = "electrum"; + description = lib.mdDoc "Kind of a bitcoin node."; + }; - dataDir = mkOption { - type = types.str; - default = "/var/lib/fedimintd-${name}/"; - readOnly = true; - description = lib.mdDoc '' - Path to the data dir fedimintd will use to store its data. - Note that due to using the DynamicUser feature of systemd, this value should not be changed - and is set to be read only. - ''; - }; + secretFile = mkOption { + type = types.nullOr types.str; + default = null; + description = lib.mdDoc '' + If set the URL specified in `bitcoin.rpc.address` will get the content of this file added + as an URL password, so `http://user@example.com` will turn into `http://user:SOMESECRET@example.com`. + + Example: + + `/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public` (for nix-bitcoin default) + ''; + }; + }; + }; + + consensus.finalityDelay = mkOption { + type = types.number; + default = 10; + description = lib.mdDoc "Consensus peg-in finality delay."; + }; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/fedimintd-${name}/"; + readOnly = true; + description = lib.mdDoc '' + Path to the data dir fedimintd will use to store its data. + Note that due to using the DynamicUser feature of systemd, this value should not be changed + and is set to be read only. + ''; + }; - nginx = { - enable = mkEnableOption "fedimint"; - config = mkOption { - # TODO: change to something like https://github.com/NixOS/nixpkgs/pull/314440/files#diff-47ed1acddaad94538b9ee7995ffa8d7cc1376f9667350acee9cec912cec6a3bfR201 - type = types.attrs; - default = { }; - description = lib.mdDoc "Overrides to the nginx vhost section for api"; + nginx = { + enable = mkEnableOption "fedimint"; + config = mkOption { + # TODO: change to something like https://github.com/NixOS/nixpkgs/pull/314440/files#diff-47ed1acddaad94538b9ee7995ffa8d7cc1376f9667350acee9cec912cec6a3bfR201 + type = types.attrs; + default = { }; + description = lib.mdDoc "Overrides to the nginx vhost section for api"; + }; }; }; }; - }; in { options = { @@ -188,148 +201,138 @@ in config = mkIf (eachFedimintd != { }) { - assertions = flatten - (mapAttrsToList - (fedimintdName: cfg: [ - { - assertion = cfg.p2p.address != null; - message = '' - `services.fedimintd.${fedimintdName}.p2p.address` must be set to address reachable by other peers. + assertions = flatten ( + mapAttrsToList (fedimintdName: cfg: [ + { + assertion = cfg.p2p.address != null; + message = '' + `services.fedimintd.${fedimintdName}.p2p.address` must be set to address reachable by other peers. - Example: `fedimint://p2p.mymint.org`. - ''; - } - { - assertion = cfg.api.address != null; - message = '' - `services.fedimintd.${fedimintdName}.api.address` must be set to address reachable by the clients, with TLS terminated by external service (typically nginx), and relayed to the fedimintd bind address. + Example: `fedimint://p2p.mymint.org`. + ''; + } + { + assertion = cfg.api.address != null; + message = '' + `services.fedimintd.${fedimintdName}.api.address` must be set to address reachable by the clients, with TLS terminated by external service (typically nginx), and relayed to the fedimintd bind address. - Example: `wss://api.mymint.org`. - ''; - } - ]) - eachFedimintd); - - networking.firewall.allowedTCPPorts = flatten - (mapAttrsToList - (fedimintdName: cfg: - ( - if cfg.api.openFirewall then [ - cfg.api.port - ] else [ ] - ) ++ ( - if cfg.p2p.openFirewall then [ - cfg.p2p.port - ] else [ ] - ) - ) - eachFedimintd); - - - systemd.services = - mapAttrs' - (fedimintdName: cfg: ( - nameValuePair "fedimintd-${fedimintdName}" ( - let - startScript = pkgs.writeShellScript "fedimintd-start" ( - (if cfg.bitcoin.rpc.secretFile != null then - '' - secret=$(${pkgs.coreutils}/bin/head -n 1 "${cfg.bitcoin.rpc.secretFile}") - prefix="''${FM_DEFAULT_BITCOIN_RPC_URL%*@*}" # Everything before the last '@' - suffix="''${FM_DEFAULT_BITCOIN_RPC_URL##*@}" # Everything after the last '@' - FM_DEFAULT_BITCOIN_RPC_URL="''${prefix}:''${secret}@''${suffix}" - '' - else - "") + + Example: `wss://api.mymint.org`. + ''; + } + ]) eachFedimintd + ); + + networking.firewall.allowedTCPPorts = flatten ( + mapAttrsToList ( + fedimintdName: cfg: + (if cfg.api.openFirewall then [ cfg.api.port ] else [ ]) + ++ (if cfg.p2p.openFirewall then [ cfg.p2p.port ] else [ ]) + ) eachFedimintd + ); + + systemd.services = mapAttrs' ( + fedimintdName: cfg: + (nameValuePair "fedimintd-${fedimintdName}" ( + let + startScript = pkgs.writeShellScript "fedimintd-start" ( + ( + if cfg.bitcoin.rpc.secretFile != null then '' - exec ${cfg.package}/bin/fedimintd + secret=$(${pkgs.coreutils}/bin/head -n 1 "${cfg.bitcoin.rpc.secretFile}") + prefix="''${FM_DEFAULT_BITCOIN_RPC_URL%*@*}" # Everything before the last '@' + suffix="''${FM_DEFAULT_BITCOIN_RPC_URL##*@}" # Everything after the last '@' + FM_DEFAULT_BITCOIN_RPC_URL="''${prefix}:''${secret}@''${suffix}" '' - ); - in + else + "" + ) + + '' + exec ${cfg.package}/bin/fedimintd + '' + ); + in + { + description = "Fedimint Server"; + documentation = [ "https://github.com/fedimint/fedimint/" ]; + wantedBy = [ "multi-user.target" ]; + environment = lib.mkMerge ([ { - description = "Fedimint Server"; - documentation = [ "https://github.com/fedimint/fedimint/" ]; - wantedBy = [ "multi-user.target" ]; - environment = lib.mkMerge ([ - { - FM_BIND_P2P = "${cfg.p2p.bind}:${builtins.toString cfg.p2p.port}"; - FM_BIND_API = "${cfg.api.bind}:${builtins.toString cfg.api.port}"; - FM_P2P_URL = cfg.p2p.address; - FM_API_URL = cfg.api.address; - FM_DATA_DIR = cfg.dataDir; - FM_BITCOIN_NETWORK = cfg.bitcoin.network; - FM_DEFAULT_BITCOIN_RPC_URL = cfg.bitcoin.rpc.address; - FM_DEFAULT_BITCOIN_RPC_KIND = cfg.bitcoin.rpc.kind; - - # Deprecated envvars, for backward compatibility - FM_BITCOIN_RPC_URL = cfg.bitcoin.rpc.address; - FM_BITCOIN_RPC_KIND = cfg.bitcoin.rpc.kind; - } - cfg.extraEnvironment - ]); - serviceConfig = { - User = cfg.user; - Group = cfg.group; - - Restart = "always"; - RestartSec = 10; - StartLimitBurst = 5; - UMask = "077"; - LimitNOFILE = "100000"; - - LockPersonality = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateMounts = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - ]; - StateDirectory = "fedimintd-${fedimintdName}"; - StateDirectoryMode = "0700"; - ExecStart = startScript; - - # Hardening measures - PrivateTmp = "true"; - ProtectSystem = "full"; - NoNewPrivileges = "true"; - PrivateDevices = "true"; - MemoryDenyWriteExecute = "true"; - }; + FM_BIND_P2P = "${cfg.p2p.bind}:${builtins.toString cfg.p2p.port}"; + FM_BIND_API = "${cfg.api.bind}:${builtins.toString cfg.api.port}"; + FM_P2P_URL = cfg.p2p.address; + FM_API_URL = cfg.api.address; + FM_DATA_DIR = cfg.dataDir; + FM_BITCOIN_NETWORK = cfg.bitcoin.network; + FM_DEFAULT_BITCOIN_RPC_URL = cfg.bitcoin.rpc.address; + FM_DEFAULT_BITCOIN_RPC_KIND = cfg.bitcoin.rpc.kind; + + # Deprecated envvars, for backward compatibility + FM_BITCOIN_RPC_URL = cfg.bitcoin.rpc.address; + FM_BITCOIN_RPC_KIND = cfg.bitcoin.rpc.kind; } - ) - )) - eachFedimintd; - - users.users = mapAttrs' - (fedimintdName: cfg: ( - nameValuePair "fedimintd-${fedimintdName}" { - name = cfg.user; - group = cfg.group; - description = "Fedimint daemon user"; - home = cfg.dataDir; - isSystemUser = true; + cfg.extraEnvironment + ]); + serviceConfig = { + User = cfg.user; + Group = cfg.group; + + Restart = "always"; + RestartSec = 10; + StartLimitBurst = 5; + UMask = "077"; + LimitNOFILE = "100000"; + + LockPersonality = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + PrivateMounts = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + StateDirectory = "fedimintd-${fedimintdName}"; + StateDirectoryMode = "0700"; + ExecStart = startScript; + + # Hardening measures + PrivateTmp = "true"; + ProtectSystem = "full"; + NoNewPrivileges = "true"; + PrivateDevices = "true"; + MemoryDenyWriteExecute = "true"; + }; } )) - eachFedimintd; - - users.groups = mapAttrs' - (fedimintdName: cfg: ( - nameValuePair "${cfg.group}" { } - )) - eachFedimintd; - - services.nginx.virtualHosts = mapAttrs' - (fedimintdName: cfg: ( - nameValuePair cfg.api.fqdn (lib.mkMerge [ + ) eachFedimintd; + + users.users = mapAttrs' ( + fedimintdName: cfg: + (nameValuePair "fedimintd-${fedimintdName}" { + name = cfg.user; + group = cfg.group; + description = "Fedimint daemon user"; + home = cfg.dataDir; + isSystemUser = true; + }) + ) eachFedimintd; + + users.groups = mapAttrs' (fedimintdName: cfg: (nameValuePair "${cfg.group}" { })) eachFedimintd; + + services.nginx.virtualHosts = mapAttrs' ( + fedimintdName: cfg: + (nameValuePair cfg.api.fqdn ( + lib.mkMerge [ cfg.nginx.config @@ -343,9 +346,9 @@ in }; } - ]) + ] )) - eachFedimintdNginx; + ) eachFedimintdNginx; }; } diff --git a/nix/overlays/clightning.nix b/nix/overlays/clightning.nix index 7f5f6346499..5c4fcdf51cd 100644 --- a/nix/overlays/clightning.nix +++ b/nix/overlays/clightning.nix @@ -10,7 +10,10 @@ final: prev: { sha256 = "sha256-Tj5ybVaxpk5wmOw85LkeU4pgM9NYl6SnmDG2gyXrTHw="; }; makeFlags = [ "VERSION=v${version}" ]; - configureFlags = [ "--enable-developer" "--disable-valgrind" ]; + configureFlags = [ + "--enable-developer" + "--disable-valgrind" + ]; env = { NIX_CFLAGS_COMPILE = "-w"; }; diff --git a/nix/overlays/darwin-compile-fixes.nix b/nix/overlays/darwin-compile-fixes.nix index 482322ea4f5..1b42787c366 100644 --- a/nix/overlays/darwin-compile-fixes.nix +++ b/nix/overlays/darwin-compile-fixes.nix @@ -1,20 +1,25 @@ final: prev: { - rocksdb_7_10 = prev.rocksdb_7_10.overrideAttrs (oldAttrs: + rocksdb_7_10 = prev.rocksdb_7_10.overrideAttrs ( + oldAttrs: final.lib.optionalAttrs final.stdenv.isDarwin { # C++ and its damn super-fragie compilation env = oldAttrs.env // { NIX_CFLAGS_COMPILE = oldAttrs.env.NIX_CFLAGS_COMPILE + " -Wno-error=unused-but-set-variable"; }; - }); + } + ); - rocksdb_6_23 = prev.rocksdb_6_23.overrideAttrs (oldAttrs: + rocksdb_6_23 = prev.rocksdb_6_23.overrideAttrs ( + oldAttrs: final.lib.optionalAttrs final.stdenv.isDarwin { # C++ and its damn super-fragie compilation env = oldAttrs.env // { - NIX_CFLAGS_COMPILE = oldAttrs.env.NIX_CFLAGS_COMPILE + " -Wno-error=unused-but-set-variable -Wno-error=deprecated-copy"; + NIX_CFLAGS_COMPILE = + oldAttrs.env.NIX_CFLAGS_COMPILE + " -Wno-error=unused-but-set-variable -Wno-error=deprecated-copy"; }; - }); + } + ); bitcoind = prev.bitcoind.overrideAttrs (oldAttrs: { # tests broken on Mac for some reason diff --git a/nix/overlays/trustedcoin.nix b/nix/overlays/trustedcoin.nix index aed37270d81..bcb485cde86 100644 --- a/nix/overlays/trustedcoin.nix +++ b/nix/overlays/trustedcoin.nix @@ -1,3 +1 @@ -final: prev: { - trustedcoin = prev.callPackage ../pkgs/trustedcoin.nix { }; -} +final: prev: { trustedcoin = prev.callPackage ../pkgs/trustedcoin.nix { }; } diff --git a/nix/overlays/wasm-bindgen.nix b/nix/overlays/wasm-bindgen.nix index 3907ece2c30..be3a06f86fe 100644 --- a/nix/overlays/wasm-bindgen.nix +++ b/nix/overlays/wasm-bindgen.nix @@ -6,16 +6,16 @@ final: prev: { hash = "sha256-1VwY8vQy7soKEgbki4LD+v259751kKxSxmo/gqE6yV0="; cargoHash = "sha256-aACJ+lYNEU8FFBs158G1/JG8sc6Rq080PeKCMnwdpH0="; - src = final.fetchCrate { - inherit pname version hash; - }; + src = final.fetchCrate { inherit pname version hash; }; nativeBuildInputs = [ final.pkg-config ]; - buildInputs = [ final.openssl ] ++ final.lib.optionals final.stdenv.isDarwin [ - final.curl - final.darwin.apple_sdk.frameworks.Security - ]; + buildInputs = + [ final.openssl ] + ++ final.lib.optionals final.stdenv.isDarwin [ + final.curl + final.darwin.apple_sdk.frameworks.Security + ]; nativeCheckInputs = [ final.nodejs ]; diff --git a/nix/pkgs/cargo-honggfuzz.nix b/nix/pkgs/cargo-honggfuzz.nix index 5649583c508..92f2bd4649f 100644 --- a/nix/pkgs/cargo-honggfuzz.nix +++ b/nix/pkgs/cargo-honggfuzz.nix @@ -1,8 +1,9 @@ -{ lib -, stdenv -, fetchCrate -, Security -, rustPlatform +{ + lib, + stdenv, + fetchCrate, + Security, + rustPlatform, }: rustPlatform.buildRustPackage rec { pname = "honggfuzz"; @@ -14,7 +15,6 @@ rustPlatform.buildRustPackage rec { sha256 = "sha256-ICBhvcv4SqeY9Y34EQmxTTxlo4LA4hsBLa2QK73pu38="; }; - cargoHash = "sha256-NoO/ivfHLYeFlm/qUx32Fa2G+G/zob793XIqXQBFNws="; buildInputs = lib.optionals stdenv.isDarwin [ Security ]; diff --git a/nix/pkgs/esplora-electrs.nix b/nix/pkgs/esplora-electrs.nix index cf4b79a6950..1902a85a9e0 100644 --- a/nix/pkgs/esplora-electrs.nix +++ b/nix/pkgs/esplora-electrs.nix @@ -1,10 +1,11 @@ -{ lib -, stdenv -, llvmPackages_12 -, fetchFromGitHub -, rocksdb_8_3 -, Security -, rustPlatform +{ + lib, + stdenv, + llvmPackages_12, + fetchFromGitHub, + rocksdb_8_3, + Security, + rustPlatform, }: let rocksdb = rocksdb_8_3; diff --git a/nix/pkgs/trustedcoin.nix b/nix/pkgs/trustedcoin.nix index 66ba973527e..8d7a7f59760 100644 --- a/nix/pkgs/trustedcoin.nix +++ b/nix/pkgs/trustedcoin.nix @@ -1,5 +1,9 @@ # Copied from: https://github.com/fort-nix/nix-bitcoin/blob/548f17d8680c26b429c086d68c98184bc6f6e840/pkgs/trustedcoin/default.nix#L4 -{ lib, buildGoModule, fetchFromGitHub }: +{ + lib, + buildGoModule, + fetchFromGitHub, +}: buildGoModule rec { pname = "trustedcoin"; @@ -19,7 +23,10 @@ buildGoModule rec { meta = with lib; { description = "Light bitcoin node implementation"; homepage = "https://github.com/nbd-wtf/trustedcoin"; - maintainers = with maintainers; [ seberm fort-nix ]; + maintainers = with maintainers; [ + seberm + fort-nix + ]; platforms = platforms.linux; }; } diff --git a/replit.nix b/replit.nix index 383fb8693fc..bf62ab885f8 100644 --- a/replit.nix +++ b/replit.nix @@ -1,4 +1,5 @@ -{ pkgs }: { +{ pkgs }: +{ env = { OPENSSL_DIR = "${pkgs.openssl.dev}"; LIBCLANG_PATH = "${pkgs.libclang.lib}/lib"; diff --git a/shell.nix b/shell.nix index c7af7fa8d7f..db4d954e518 100644 --- a/shell.nix +++ b/shell.nix @@ -1,12 +1,12 @@ -(import - ( - let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in - fetchTarball { - url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; - sha256 = lock.nodes.flake-compat.locked.narHash; - } - ) - { src = ./.; } +(import ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } +) { src = ./.; } # Since a lot of existing CI tests is based on `shell.nix` # we forward to the integrationTests shell, instead of the # default (developer) shell.