Re: [PATCH 1/2] Add flakes support

[Alyssa Ross <alyssa.ross@unikie.com>]

[-- Attachment #1: Type: text/plain, Size: 5859 bytes --]

On Wed, Dec 14, 2022 at 01:09:53PM +0200, Valentin Kharin wrote:
> Signed-off-by: Valentin Kharin <valentin.kharin@unikie.com>

Thanks!  I've been ill so just getting around to looking at this now.
I've left some comments below, but it looks on the right track.

> ---
>  flake.lock | 43 +++++++++++++++++++++++++++++++++
>  flake.nix  | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 114 insertions(+)
>  create mode 100644 flake.lock
>  create mode 100644 flake.nix

Both files need license information attached.

Following existing conventions in Spectrum, this should be:
 - MIT for flake.nix
 - CC0-1.0 for flake.lock

Since flake.lock is a generated file, you can put the license
information in a flake.lock.license file — there are other examples of
this in the tree you can refer to.

You can do a basic check that the license information looks right by
running `reuse lint`.

> diff --git a/flake.lock b/flake.lock
> new file mode 100644
> index 0000000..aa4ee5e
> --- /dev/null
> +++ b/flake.lock
> @@ -0,0 +1,43 @@
> +{
> +  "nodes": {
> +    "flake-utils": {
> +      "locked": {
> +        "lastModified": 1667395993,
> +        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
> +        "owner": "numtide",
> +        "repo": "flake-utils",
> +        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
> +        "type": "github"
> +      },
> +      "original": {
> +        "owner": "numtide",
> +        "repo": "flake-utils",
> +        "type": "github"
> +      }
> +    },
> +    "nixpkgs": {
> +      "locked": {
> +        "lastModified": 1669635185,
> +        "narHash": "sha256-vYg6GjnsEWNWt/4TmfFN9WtQmSXb4S796J2UOfyTcW0=",
> +        "ref": "refs/heads/rootfs",
> +        "rev": "3176ddef4b4cec85faa2f49d29ce74816d452dc0",
> +        "revCount": 429673,
> +        "type": "git",
> +        "url": "https://spectrum-os.org/git/nixpkgs/"
> +      },
> +      "original": {
> +        "ref": "refs/heads/rootfs",
> +        "type": "git",
> +        "url": "https://spectrum-os.org/git/nixpkgs/"
> +      }
> +    },
> +    "root": {
> +      "inputs": {
> +        "flake-utils": "flake-utils",
> +        "nixpkgs": "nixpkgs"
> +      }
> +    }
> +  },
> +  "root": "root",
> +  "version": 7
> +}
> diff --git a/flake.nix b/flake.nix
> new file mode 100644
> index 0000000..6e77006
> --- /dev/null
> +++ b/flake.nix
> @@ -0,0 +1,71 @@
> +{
> +  description = "A compartmentalized operating system";
> +
> +  # NOTE: Revision specification format is ?ref=refs%2fheads%2f<BRANCH>&rev=<COMMIT_REVISION>
> +  inputs.nixpkgs.url =
> +    "git+https://spectrum-os.org/git/nixpkgs/?ref=refs%2fheads%2frootfs";
> +  inputs.flake-utils.url = "github:numtide/flake-utils";
> +
> +  outputs = { self, nixpkgs, flake-utils }:
> +    flake-utils.lib.eachDefaultSystem (system:

We should probably list only supported platforms here, right?
(And then maybe we wouldn't need the flake-utils dependency?)

> +      let
> +        pkgs = nixpkgs.legacyPackages.${system};
> +        config = { inherit pkgs; };
> +        lib = pkgs.lib;
> +
> +        mkEntryPoint = { name ? builtins.baseNameOf path, path
> +          , enableShell ? true, enablePackage ? true }:
> +          let
> +            shell = {
> +              # NOTE: https://stackoverflow.com/a/43850372
> +              devShells.${name} =
> +                import (path + "/shell.nix") { inherit config; };
> +            };
> +            package = { packages.${name} = import path { inherit config; }; };
> +          in (if enableShell then shell else { })
> +          // (if enablePackage then package else { });
> +
> +        # Entry point is a directory with shell.nix and default.nix
> +        # This function maps every entry point to corresponding devShell and package
> +        mapEntryPoints = epoints:
> +          builtins.foldl' lib.recursiveUpdate { } (map mkEntryPoint epoints);
> +      in lib.recursiveUpdate (mapEntryPoints [
> +        {
> +          path = ./.;
> +          enablePackage = false;
> +        }
> +        { path = ./host/initramfs; }
> +        { path = ./host/rootfs; }
> +        { path = ./host/start-vm; }
> +        { path = ./img/app; }
> +        { path = ./release/live; }
> +        { path = ./vm/sys/net; }
> +      ]) {
> +        # Add some other flake schema related stuff here.
> +        # NOTE: flake-utils.lib.eachDefaultSystem automagically adds ${system}.
> +        devShells.documentation = import ./Documentation { inherit config; };
> +        packages.documentation = import ./Documentation { inherit config; };
> +
> +        nixosModules = let
> +          substituters = [ "https://cache.dataaturservice.se/spectrum/" ];
> +          trusted-public-keys = [
> +            "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
> +            "spectrum-os.org-1:rnnSumz3+Dbs5uewPlwZSTP0k3g/5SRG4hD7Wbr9YuQ="
> +          ];
> +        in {
> +          # NOTE: See https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-substituters
> +          # and https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-trusted-substituters
> +          # to understand difference between these two modules.
> +          binary-cache = { ... }: {
> +            nix.settings = { inherit trusted-public-keys substituters; };
> +          };
> +          # Doesn't enabled by

This comment looks unfinished?

> +          trusted-binary-cache = { ... }: {
> +            nix.settings = {
> +              inherit trusted-public-keys;
> +              trusted-substituters = substituters;
> +            };
> +          };
> +        };
> +      });
> +}
> --
> 2.38.1
>
>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]