kyouma-net/flake.nix

{
  description = "kyouma.net website";

  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
  inputs.flake-utils.url = "github:numtide/flake-utils";
   
  nixConfig = {
    extra-substituters = [
      "https://cache.kyouma.net"
    ];
    extra-trusted-public-keys = [
      "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="
    ];
  };

  outputs = { self, nixpkgs, flake-utils }: {
    overlays.default = final: prev: rec {
      vid = final.stdenv.mkDerivation {
        name = "kyouma-www-vid";
        src = ./.;
        buildInputs = [ final.yt-dlp ];
        buildPhase = ''
          yt-dlp -f 136+251 C4oApBlw7Gc --merge-output-format mp4 -o "media/sunnyday-avc.mp4"
          yt-dlp -f 398+251 C4oApBlw7Gc --merge-output-format mp4 -o "media/sunnyday-av1.mp4"
        '';
        installPhase = ''cp -r media $out'';
        outputHashMode = "recursive";
        outputHashAlgo = "sha256";
        outputHash = "UnX6az6x8vJR2MJ+Fti7BftZaXFdg91++CGSFkF++e4=";
      };
      kyouma-www = final.stdenv.mkDerivation {
        pname = "kyouma-www";
        version = self.shortRev or (toString self.lastModifiedDate); 
        src = ./.;
        buildPhase = '''';
        installPhase = ''cp -r src $out'';
      };
    };
    nixosModules.default = 
      { config, options, pkgs, lib, ... }: with lib; 
      let 
        cfg = config.services.vyosBld;
        bldFlags = (attrsets.mapAttrsToList (flag: opt: "--" + flag + " " + opt) cfg.buildFlags);
        vyosBuildScript = pkgs.writeShellScript "build-vyos" ''
          cleanup() {
            rmdir "$root"
          }
          root="$(mktemp -d)"
          trap cleanup EXIT
          iso_name="vyos-${cfg.buildFlags.version}-${cfg.buildFlags.architecture}.iso"
          bld_dir="$root/vyos-build"
          docker_cmd="${pkgs.docker}/bin/docker run --rm -it --privileged -v $bld_dir:/vyos -w /vyos vyos/vyos-build:current"

          git clone -b current --single-branch https://github.com/vyos/vyos-build $root
          $docker_cmd sudo ./build-vyos-image ${cfg.flavor} ${builtins.concatStringsSep " " bldFlags}
          $docker_cmd sudo chown -R ${builtins.toString config.users.users.vyos-bld.uid}:${builtins.toString config.users.groups.vyos-bld.gid} /vyos

          cp $bld_dir/build/$iso_name ${cfg.output}
          mapfile -t old_isos < <(ls ${cfg.output} | head -n -${builtins.toString cfg.keep})
          for i in ''${old_isos[@]}; do
            rm -r ${cfg.output}/''${old_iso[$i]}
          done
        '';
      in {
        options.services.vyosBld = {
          enable = mkEnableOption "VyOS automatic build";

          output = mkOption {
            type = types.str;
            default = "/nix/var/vyos-build";
            description = "Where the iso should be copied";
          };

          keep = mkOption {
            type = types.number;
            default = 5;
            description = "Amount of versions to keep";
          };

          buildFreq = mkOption {
            type = types.str;
            default = "*-*-* 4:20:00";
            description = "How often a new Image should be build. See {manpage}`systemd.timer(5)`";
          };

          flavor = mkOption {
            type = types.str;
            default = "iso";
            description = "See VyOS build docs";
          };

          buildFlags = mkOption {
            type = types.attrs;
            default = "";
            description = "Build Flags see https://docs.vyos.io/en/latest/contributing/build-vyos.html
              example:
              { build-by = 'mail@server.tld' }";
          };
        };
        config = with lib; mkIf cfg.enable {
          users = { 
            users.vyos-bld = {
              isSystemUser = true;
              group = "vyos-bld";
            };
            groups.vyos-bld = {};
          };
          virtualisation.docker = {
            daemon.settings = {
              ipv6 = true;
              fixed-cidr-v6 = "fd00::/80";
            };
            autoPrune = {
              enable = true;
              flags = [ "--all" "--filter until=24h" ];
            };
            rootless = {
              enable = true;
              setSocketVariable = true;
            };
          };
          networking.firewall.extraCommands = ''ip6tables -t nat -A POSTROUTING -s fd00::/80 ! -o docker0 -j MASQUERADE'';

          systemd = {
            services.docker.after = [ "firewall.service" ];
            services.vyosBld = {
              serviceConfig = {
                User = "vyos-bld";
                Group = "vyos-bld";
                ExecStart = vyosBuildScript;

                PrivateTmp = true;
                ProtectHome = true;
              };
            };
            timers.vyosBld = {
              wantedBy = [ "timers.target" ];
              timerConfig = {
                OnCalendar = cfg.buildFreq;
              };
            };
          };
        };
      }
    ;
    hydraJobs = {
      inherit (self) packages;
    };
  } // flake-utils.lib.eachDefaultSystem (system: let
    pkgs = import nixpkgs {
      inherit system;
      overlays = [ self.overlays.default ];
    };
  in rec {
    packages = {
      inherit (pkgs) vid kyouma-www;
      default = packages.kyouma-www;
    };
  });
}
added flake 2024-01-12 14:04:38 +01:00			`{`
			`description = "kyouma.net website";`

			`inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";`
			`inputs.flake-utils.url = "github:numtide/flake-utils";`
added hydraJobs 2024-05-13 12:10:35 +02:00
			`nixConfig = {`
			`extra-substituters = [`
			`"https://cache.kyouma.net"`
			`];`
			`extra-trusted-public-keys = [`
			`"cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg="`
			`];`
			`};`
added flake 2024-01-12 14:04:38 +01:00
added overlay 2024-01-16 14:07:14 +01:00			`outputs = { self, nixpkgs, flake-utils }: {`
			`overlays.default = final: prev: rec {`
fixes 2024-03-24 19:49:11 +01:00			`vid = final.stdenv.mkDerivation {`
dl vid on build 2024-01-12 16:53:30 +01:00			`name = "kyouma-www-vid";`
			`src = ./.;`
fixes 2024-03-24 19:49:11 +01:00			`buildInputs = [ final.yt-dlp ];`
dl vid on build 2024-01-12 16:53:30 +01:00			`buildPhase = ''`
			`yt-dlp -f 136+251 C4oApBlw7Gc --merge-output-format mp4 -o "media/sunnyday-avc.mp4"`
			`yt-dlp -f 398+251 C4oApBlw7Gc --merge-output-format mp4 -o "media/sunnyday-av1.mp4"`
			`'';`
			`installPhase = ''cp -r media $out'';`
			`outputHashMode = "recursive";`
			`outputHashAlgo = "sha256";`
updated hash 2024-05-10 14:18:25 +02:00			`outputHash = "UnX6az6x8vJR2MJ+Fti7BftZaXFdg91++CGSFkF++e4=";`
dl vid on build 2024-01-12 16:53:30 +01:00			`};`
fixes 2024-03-24 19:49:11 +01:00			`kyouma-www = final.stdenv.mkDerivation {`
added flake 2024-01-12 14:04:38 +01:00			`pname = "kyouma-www";`
			`version = self.shortRev or (toString self.lastModifiedDate);`
			`src = ./.;`
added vyosbld options 2024-01-15 16:57:10 +01:00			`buildPhase = '''';`
added flake 2024-01-12 14:04:38 +01:00			`installPhase = ''cp -r src $out'';`
			`};`
added overlay 2024-01-16 14:07:14 +01:00			`};`
			`nixosModules.default =`
			`{ config, options, pkgs, lib, ... }: with lib;`
			`let`
			`cfg = config.services.vyosBld;`
			`bldFlags = (attrsets.mapAttrsToList (flag: opt: "--" + flag + " " + opt) cfg.buildFlags);`
			`vyosBuildScript = pkgs.writeShellScript "build-vyos" ''`
			`cleanup() {`
			`rmdir "$root"`
			`}`
			`root="$(mktemp -d)"`
			`trap cleanup EXIT`
			`iso_name="vyos-${cfg.buildFlags.version}-${cfg.buildFlags.architecture}.iso"`
			`bld_dir="$root/vyos-build"`
			`docker_cmd="${pkgs.docker}/bin/docker run --rm -it --privileged -v $bld_dir:/vyos -w /vyos vyos/vyos-build:current"`
added vyosbld options 2024-01-15 16:57:10 +01:00
added overlay 2024-01-16 14:07:14 +01:00			`git clone -b current --single-branch https://github.com/vyos/vyos-build $root`
			`$docker_cmd sudo ./build-vyos-image ${cfg.flavor} ${builtins.concatStringsSep " " bldFlags}`
			`$docker_cmd sudo chown -R ${builtins.toString config.users.users.vyos-bld.uid}:${builtins.toString config.users.groups.vyos-bld.gid} /vyos`
added vyosbld options 2024-01-15 16:57:10 +01:00
added overlay 2024-01-16 14:07:14 +01:00			`cp $bld_dir/build/$iso_name ${cfg.output}`
			`mapfile -t old_isos < <(ls ${cfg.output} \| head -n -${builtins.toString cfg.keep})`
			`for i in ''${old_isos[@]}; do`
			`rm -r ${cfg.output}/''${old_iso[$i]}`
			`done`
			`'';`
			`in {`
			`options.services.vyosBld = {`
			`enable = mkEnableOption "VyOS automatic build";`
added vyosbld options 2024-01-15 16:57:10 +01:00
added overlay 2024-01-16 14:07:14 +01:00			`output = mkOption {`
			`type = types.str;`
			`default = "/nix/var/vyos-build";`
			`description = "Where the iso should be copied";`
			`};`
added vyosbld options 2024-01-15 16:57:10 +01:00
added overlay 2024-01-16 14:07:14 +01:00			`keep = mkOption {`
			`type = types.number;`
			`default = 5;`
			`description = "Amount of versions to keep";`
			`};`

			`buildFreq = mkOption {`
			`type = types.str;`
			`default = "--* 4:20:00";`
			description = "How often a new Image should be build. See {manpage}`systemd.timer(5)`";
			`};`

			`flavor = mkOption {`
			`type = types.str;`
			`default = "iso";`
			`description = "See VyOS build docs";`
			`};`
added vyosbld options 2024-01-15 16:57:10 +01:00
added overlay 2024-01-16 14:07:14 +01:00			`buildFlags = mkOption {`
			`type = types.attrs;`
			`default = "";`
			`description = "Build Flags see https://docs.vyos.io/en/latest/contributing/build-vyos.html`
			`example:`
			`{ build-by = 'mail@server.tld' }";`
			`};`
			`};`
			`config = with lib; mkIf cfg.enable {`
			`users = {`
			`users.vyos-bld = {`
			`isSystemUser = true;`
			`group = "vyos-bld";`
added vyosbld options 2024-01-15 16:57:10 +01:00			`};`
added overlay 2024-01-16 14:07:14 +01:00			`groups.vyos-bld = {};`
added vyosbld options 2024-01-15 16:57:10 +01:00			`};`
added overlay 2024-01-16 14:07:14 +01:00			`virtualisation.docker = {`
			`daemon.settings = {`
			`ipv6 = true;`
			`fixed-cidr-v6 = "fd00::/80";`
build should work now 2024-01-16 12:58:23 +01:00			`};`
added overlay 2024-01-16 14:07:14 +01:00			`autoPrune = {`
			`enable = true;`
			`flags = [ "--all" "--filter until=24h" ];`
build should work now 2024-01-16 12:58:23 +01:00			`};`
added overlay 2024-01-16 14:07:14 +01:00			`rootless = {`
			`enable = true;`
			`setSocketVariable = true;`
			`};`
			`};`
			`networking.firewall.extraCommands = ''ip6tables -t nat -A POSTROUTING -s fd00::/80 ! -o docker0 -j MASQUERADE'';`
added build script 2024-01-15 21:00:21 +01:00
added overlay 2024-01-16 14:07:14 +01:00			`systemd = {`
			`services.docker.after = [ "firewall.service" ];`
			`services.vyosBld = {`
			`serviceConfig = {`
			`User = "vyos-bld";`
			`Group = "vyos-bld";`
			`ExecStart = vyosBuildScript;`
added build script 2024-01-15 21:00:21 +01:00
added overlay 2024-01-16 14:07:14 +01:00			`PrivateTmp = true;`
			`ProtectHome = true;`
added vyosbld options 2024-01-15 16:57:10 +01:00			`};`
added overlay 2024-01-16 14:07:14 +01:00			`};`
			`timers.vyosBld = {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
			`OnCalendar = cfg.buildFreq;`
added vyosbld options 2024-01-15 16:57:10 +01:00			`};`
			`};`
			`};`
added overlay 2024-01-16 14:07:14 +01:00			`};`
			`}`
			`;`
added hydraJobs 2024-05-13 12:10:35 +02:00			`hydraJobs = {`
			`inherit (self) packages;`
			`};`
added overlay 2024-01-16 14:07:14 +01:00			`} // flake-utils.lib.eachDefaultSystem (system: let`
			`pkgs = import nixpkgs {`
			`inherit system;`
			`overlays = [ self.overlays.default ];`
			`};`
			`in rec {`
			`packages = {`
			`inherit (pkgs) vid kyouma-www;`
			`default = packages.kyouma-www;`
			`};`
			`});`
added flake 2024-01-12 14:04:38 +01:00			`}`