-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathflake.nix
121 lines (98 loc) · 3.05 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
advisory-db.url = "github:rustsec/advisory-db";
advisory-db.flake = false;
crane.url = "github:ipetkov/crane";
treefmt.url = "github:numtide/treefmt-nix";
treefmt.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
self,
nixpkgs,
advisory-db,
crane,
treefmt,
}: let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
craneLib = crane.mkLib pkgs;
commonArgs = let
htmlFilter = path: _type: builtins.match ".*html$" path != null;
htmlOrCargo = path: type:
(htmlFilter path type) || (craneLib.filterCargoSources path type);
in {
src = nixpkgs.lib.cleanSourceWith {
src = self;
filter = htmlOrCargo;
name = "source";
};
nativeBuildInputs = with pkgs; [
pkg-config
];
buildInputs = with pkgs; [
openssl
];
strictDeps = true;
postInstall = ''
mkdir -p $out/share/oidc_pages/assets
cp -r ${./assets}/* $out/share/oidc_pages/assets
'';
preCheck = ''
export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
'';
meta = {
description = "Serve static HTML with OIDC for authorization and authentication";
repository = "https://github.com/newAM/oidc_pages";
license = [nixpkgs.lib.licenses.agpl3Plus];
maintainers = [nixpkgs.lib.maintainers.newam];
mainProgram = "oidc_pages";
};
};
cargoArtifacts = craneLib.buildDepsOnly commonArgs;
treefmtEval = treefmt.lib.evalModule pkgs {
projectRootFile = "flake.nix";
programs = {
alejandra.enable = true;
prettier.enable = true;
rustfmt.enable = true;
taplo.enable = true;
};
};
in {
devShells.x86_64-linux.default = pkgs.mkShell {
inherit (commonArgs) nativeBuildInputs buildInputs;
shellHook = let
libPath = nixpkgs.lib.makeLibraryPath commonArgs.buildInputs;
in ''
export PKG_CONFIG_PATH="${pkgs.openssl.dev}/lib/pkgconfig"
export LD_LIBRARY_PATH="${libPath}";
'';
};
packages.x86_64-linux.default = craneLib.buildPackage (
nixpkgs.lib.recursiveUpdate
commonArgs
{
inherit cargoArtifacts;
}
);
formatter.x86_64-linux = treefmtEval.config.build.wrapper;
checks.x86_64-linux = {
pkgs = self.packages.x86_64-linux.default;
formatting = treefmtEval.config.build.check self;
audit = craneLib.cargoAudit (nixpkgs.lib.recursiveUpdate commonArgs {
inherit advisory-db;
});
clippy = craneLib.cargoClippy (nixpkgs.lib.recursiveUpdate
commonArgs
{
cargoClippyExtraArgs = "--all-targets -- --deny warnings";
inherit cargoArtifacts;
});
keycloak = pkgs.callPackage ./nixos/tests/keycloak.nix {inherit self;};
};
overlays.default = final: prev: {
oidc_pages = self.packages.${prev.system}.default;
};
nixosModules.default = import ./nixos/module.nix;
};
}