From 03140593e85bfbf2d663a29c697df81c4a1a17d0 Mon Sep 17 00:00:00 2001 From: Yifei Sun Date: Fri, 10 Jan 2025 20:30:39 -0500 Subject: [PATCH] flake.nix: refactor and correctly propagate tailscale version when deploying with nix - use flake-parts instead of flake-utils - fix wrong version info by setting ldflags and , where is matched from using regex - originally, is set to by default (which is fine), however, the module does not apply the defined overlay, causing the module to use [the outdated golink from nixpkgs](https://search.nixos.org/packages?channel=unstable&show=golink&from=0&size=50&sort=relevance&type=packages&query=golink) - update the dev shell go from 1.21 to 1.23 Signed-off-by: Yifei Sun --- flake.lock | 59 +++++++----- flake.nix | 268 +++++++++++++++++++++++++---------------------------- 2 files changed, 162 insertions(+), 165 deletions(-) diff --git a/flake.lock b/flake.lock index 355a680..b18a35c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,30 +1,12 @@ { "nodes": { - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1731890469, - "narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=", + "lastModified": 1735268880, + "narHash": "sha256-7QEFnKkzD13SPxs+UFR5bUFN2fRw+GlL0am72ZjNre4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5083ec887760adfe12af64830a66807423a859a7", + "rev": "7cc0bff31a3a705d3ac4fdceb030a17239412210", "type": "github" }, "original": { @@ -33,10 +15,41 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" + } + }, + "parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "root": { "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "parts": "parts", + "systems": "systems" } }, "systems": { diff --git a/flake.nix b/flake.nix index 5c18d91..2b7e456 100644 --- a/flake.nix +++ b/flake.nix @@ -3,159 +3,143 @@ inputs = { nixpkgs.url = "nixpkgs/nixpkgs-unstable"; - flake-utils.url = "github:numtide/flake-utils"; + parts.url = "github:hercules-ci/flake-parts"; + systems.url = "github:nix-systems/default"; }; - outputs = - { self - , nixpkgs - , flake-utils - , ... - }: - let - golinkVersion = - if (self ? shortRev) - then self.shortRev - else "dev"; - in - { - overlay = final: prev: - let - pkgs = nixpkgs.legacyPackages.${prev.system}; - in - rec { - golink = pkgs.buildGo123Module rec { - pname = "golink"; - version = golinkVersion; - src = pkgs.nix-gitignore.gitignoreSource [ ] ./.; - - vendorHash = "sha256-myGEAOCJkeKGTzyLD6yBC10yHULxcbOnzseGVtYD7qM="; # SHA based on vendoring go.mod - }; + outputs = inputs @ { self, parts, ... }: parts.lib.mkFlake { inherit inputs; } { + systems = import inputs.systems; + + perSystem = { pkgs, ... }: { + formatter = pkgs.nixpkgs-fmt; + + devShells.default = pkgs.mkShell { buildInputs = [ pkgs.go_1_23 ]; }; + + packages.default = + pkgs.buildGo123Module { + pname = "golink"; + version = + if (self ? shortRev) + then self.shortRev + else "dev"; + src = pkgs.nix-gitignore.gitignoreSource [ ] ./.; + ldflags = + let + tsVersion = with builtins; head (match + ".*tailscale.com v([0-9]+\.[0-9]+\.[0-9]+-[a-zA-Z]+).*" + (readFile ./go.mod)); + in + [ + "-w" + "-s" + "-X tailscale.com/version.longStamp=${tsVersion}" + "-X tailscale.com/version.shortStamp=${tsVersion}" + ]; + vendorHash = "sha256-myGEAOCJkeKGTzyLD6yBC10yHULxcbOnzseGVtYD7qM="; # SHA based on vendoring go.mod }; - } - // flake-utils.lib.eachDefaultSystem - (system: + }; + + flake.overlays.default = final: prev: { + golink = self.packages.${prev.system}.default; + }; + + flake.nixosModules.default = { config, lib, pkgs, ... }: let - pkgs = import nixpkgs { - overlays = [ self.overlay ]; - inherit system; - }; + cfg = config.services.golink; + inherit (lib) + concatStringsSep + escapeShellArg + mkEnableOption + mkIf + mkOption + optionalString + optionals + types + ; in - rec { - # `nix develop` - devShell = pkgs.mkShell { buildInputs = [ pkgs.go_1_21 ]; }; + { + options.services.golink = { + enable = mkEnableOption "Enable golink"; + + package = mkOption { + type = types.package; + description = '' + golink package to use + ''; + default = pkgs.golink; + }; - # `nix build` - packages = with pkgs; { - inherit golink; - }; + dataDir = mkOption { + type = types.path; + default = "/var/lib/golink"; + description = "Path to data dir"; + }; - defaultPackage = pkgs.golink; + user = mkOption { + type = types.str; + default = "golink"; + description = "User account under which golink runs."; + }; + + group = mkOption { + type = types.str; + default = "golink"; + description = "Group account under which golink runs."; + }; - # `nix run` - apps.golink = flake-utils.lib.mkApp { - drv = packages.golink; + databaseFile = mkOption { + type = types.path; + default = "/var/lib/golink/golink.db"; + description = "Path to SQLite database"; + }; + + tailscaleAuthKeyFile = mkOption { + type = types.path; + description = "Path to file containing the Tailscale Auth Key"; + }; + + verbose = mkOption { + type = types.bool; + default = false; + }; }; - defaultApp = apps.golink; - - overlays.default = self.overlay; - }) - // { - nixosModules.default = - { pkgs - , lib - , config - , ... - }: - let - cfg = config.services.golink; - in - { - options = with lib; { - services.golink = { - enable = mkEnableOption "Enable golink"; - - package = mkOption { - type = types.package; - description = '' - golink package to use - ''; - default = pkgs.golink; - }; - - dataDir = mkOption { - type = types.path; - default = "/var/lib/golink"; - description = "Path to data dir"; - }; - - user = mkOption { - type = types.str; - default = "golink"; - description = "User account under which golink runs."; - }; - - group = mkOption { - type = types.str; - default = "golink"; - description = "Group account under which golink runs."; - }; - - databaseFile = mkOption { - type = types.path; - default = "/var/lib/golink/golink.db"; - description = "Path to SQLite database"; - }; - - tailscaleAuthKeyFile = mkOption { - type = types.path; - description = "Path to file containing the Tailscale Auth Key"; - }; - - verbose = mkOption { - type = types.bool; - default = false; - }; - }; + + config = mkIf cfg.enable { + nixpkgs.overlays = [ self.overlays.default ]; + + users.groups."${cfg.group}" = { }; + users.users."${cfg.user}" = { + home = cfg.dataDir; + createHome = true; + group = "${cfg.group}"; + isSystemUser = true; + isNormalUser = false; + description = "user for golink service"; }; - config = lib.mkIf cfg.enable { - users.users."${cfg.user}" = { - home = cfg.dataDir; - createHome = true; - group = "${cfg.group}"; - isSystemUser = true; - isNormalUser = false; - description = "user for golink service"; - }; - users.groups."${cfg.group}" = { }; - - systemd.services.golink = { - enable = true; - script = - let - args = - [ - "--sqlitedb ${cfg.databaseFile}" - ] - ++ lib.optionals cfg.verbose [ "--verbose" ]; - in - '' - ${lib.optionalString (cfg.tailscaleAuthKeyFile != null) '' - export TS_AUTHKEY="$(head -n1 ${lib.escapeShellArg cfg.tailscaleAuthKeyFile})" - ''} - - ${cfg.package}/bin/golink ${builtins.concatStringsSep " " args} - ''; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = cfg.user; - Group = cfg.group; - Restart = "always"; - RestartSec = "15"; - WorkingDirectory = "${cfg.dataDir}"; - }; + + systemd.services.golink = { + enable = true; + script = + let + args = [ "--sqlitedb ${cfg.databaseFile}" ] ++ optionals cfg.verbose [ "--verbose" ]; + in + '' + ${optionalString (cfg.tailscaleAuthKeyFile != null) '' + export TS_AUTHKEY="$(head -n1 ${escapeShellArg cfg.tailscaleAuthKeyFile})" + ''} + + ${cfg.package}/bin/golink ${concatStringsSep " " args} + ''; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = cfg.user; + Group = cfg.group; + Restart = "always"; + RestartSec = "15"; + WorkingDirectory = "${cfg.dataDir}"; }; }; }; - }; + }; + }; }