-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy pathflake.nix
More file actions
124 lines (120 loc) · 3.87 KB
/
flake.nix
File metadata and controls
124 lines (120 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
outputs = {
self,
nixpkgs,
}: let
system = "x86_64-linux";
pkgs = import nixpkgs {inherit system;};
reprepro = pkgs.stdenv.mkDerivation rec {
name = "reprepro-${version}";
version = "4.16.0";
src = pkgs.fetchurl {
url =
"https://alioth.debian.org/frs/download.php/file/"
+ "4109/reprepro_${version}.orig.tar.gz";
sha256 = "14gmk16k9n04xda4446ydfj8cr5pmzsmm4il8ysf69ivybiwmlpx";
};
nativeBuildInputs = [pkgs.makeWrapper];
buildInputs =
pkgs.lib.singleton (pkgs.gpgme.override {gnupg = pkgs.gnupg;})
++ (with pkgs; [db libarchive bzip2 xz zlib]);
postInstall = ''
wrapProgram "$out/bin/reprepro" --prefix PATH : "${pkgs.gnupg}/bin"
'';
};
measured-boot = pkgs.buildGoModule {
pname = "measured-boot";
version = "main";
src = pkgs.fetchFromGitHub {
owner = "flashbots";
repo = "measured-boot";
rev = "v1.2.0";
sha256 = "sha256-FjzJ6UQYyrM+U3OCMBpzd1wTxlikA5LI+NKrylGlG3c=";
};
vendorHash = "sha256-NrZjORe/MjfbRDcuYVOGjNMCo1JGWvJDNVEPojI3L/g=";
};
measured-boot-gcp = pkgs.buildGoModule {
pname = "measured-boot-gcp";
version = "main";
src = pkgs.fetchFromGitHub {
owner = "flashbots";
repo = "dstack-mr-gcp";
rev = "503e7c506f89f9d81be04025c90921778b26f0a4";
sha256 = "sha256-z6STTgcOXatiqA2rlpzwRyvAwnXrK30oNDCJqtIp7/8=";
};
vendorHash = "sha256-glOyRTrIF/zP78XGV+v58a1Bec6C3Fvc5c8G3PglzPM=";
};
mkosi = system: let
pkgsForSystem = import nixpkgs {inherit system;};
mkosi-unwrapped = (pkgsForSystem.mkosi.override {
extraDeps = with pkgsForSystem;
[
apt
dpkg
gnupg
debootstrap
squashfsTools
dosfstools
e2fsprogs
mtools
mustache-go
cryptsetup
gptfdisk
util-linux
zstd
which
qemu-utils
parted
unzip
jq
]
++ [reprepro];
}).overrideAttrs (old: {
src = pkgsForSystem.fetchFromGitHub {
owner = "systemd";
repo = "mkosi";
rev = "df51194bc2d890d4c267af644a1832d2d53339ac";
hash = "sha256-rGGzE9xIR8WvK07GBnaAmeLpmnM3Uy51wqyrmuHuWXo=";
};
# TODO: remove these patch hunks from upstream nixpkgs next time mkosi has a release
# The latest mkosi doesn't need them
patches = pkgs.lib.drop 2 old.patches;
postPatch = let fd = "${pkgs.patchutils}/bin/filterdiff"; in ''
{ ${fd} -x '*/run.py' --hunks=x2 ${builtins.elemAt old.patches 0}
${fd} -i '*/run.py' --hunks=x1-2 ${builtins.elemAt old.patches 0}
${fd} --hunks=x1 ${builtins.elemAt old.patches 1}
} | patch -p1
'';
});
in
# Create a wrapper script that runs mkosi with unshare
# Unshare is needed to create files owned by multiple uids/gids
pkgsForSystem.writeShellScriptBin "mkosi" ''
exec ${pkgsForSystem.util-linux}/bin/unshare \
--map-auto --map-root-user \
--setuid=0 --setgid=0 \
-- \
env PATH="$PATH" \
${mkosi-unwrapped}/bin/mkosi "$@"
'';
in {
devShells = builtins.listToAttrs (map (system: {
name = system;
value.default = pkgs.mkShell {
nativeBuildInputs = with pkgs; [
(mkosi system)
measured-boot
measured-boot-gcp
bash
curl
git
];
shellHook = ''
mkdir -p mkosi.packages mkosi.cache mkosi.builddir ~/.cache/mkosi
touch mkosi.builddir/mkosi.sources
'';
};
}) ["x86_64-linux" "aarch64-linux"]);
};
}