From 2d716e96dd00545c86a53be1570c33d3aae183ab Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 16 Nov 2024 21:05:58 +0100 Subject: [PATCH] Initial import --- .gitignore | 7 ++ configuration.nix | 48 ++++++++ flake.lock | 114 +++++++++++++++++++ flake.nix | 96 ++++++++++++++++ module.nix | 24 ++++ overlay.nix | 284 ++++++++++++++++++++++++++++++++++++++++++++++ stdenv.nix | 50 ++++++++ xvfb-run.nix | 20 ++++ zlib.nix | 31 +++++ 9 files changed, 674 insertions(+) create mode 100644 .gitignore create mode 100644 configuration.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 module.nix create mode 100644 overlay.nix create mode 100644 stdenv.nix create mode 100644 xvfb-run.nix create mode 100644 zlib.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a3d6222 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +# Hidden files +.* +!.git* + +# Nix +/result +/result-* diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..b056aa0 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: { + system.stateVersion = "25.05"; + + boot = { + enableContainers = false; + loader.grub.enable = false; + }; + + documentation = { + enable = false; + doc.enable = false; + info.enable = false; + man.enable = false; + nixos.enable = false; + }; + + environment.defaultPackages = lib.mkForce [ ]; + environment.systemPackages = lib.mkForce [ ]; + fileSystems."/".device = "nodev"; + + networking = { + nftables = { + enable = true; + checkRuleset = false; + }; + + useNetworkd = true; + }; + + programs = { + command-not-found.enable = false; + less.lessopen = null; + }; + + security = { + sudo.enable = false; + sudo-rs.enable = true; + }; + + services.dbus.implementation = "broker"; + + xdg = { + autostart.enable = false; + icons.enable = false; + mime.enable = false; + sounds.enable = false; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1c62452 --- /dev/null +++ b/flake.lock @@ -0,0 +1,114 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1731992627, + "narHash": "sha256-OjrXEVD8LtZB5X7LtPCdNx4n5iZOQ2nJmpDlM/foEkI=", + "rev": "f116608a20430b8484814300cdf22eebeb75a59f", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/f116608a20430b8484814300cdf22eebeb75a59f.tar.gz?rev=f116608a20430b8484814300cdf22eebeb75a59f" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": [ + "lix" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731967274, + "narHash": "sha256-n6dPGRlMGdL8X5gviA6ZuRfUdbdD5KiNN/BpABA5YT0=", + "rev": "aa2846680fa9a2032939d720487942567fd9eb63", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/aa2846680fa9a2032939d720487942567fd9eb63.tar.gz?rev=aa2846680fa9a2032939d720487942567fd9eb63" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1731890469, + "narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5083ec887760adfe12af64830a66807423a859a7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "lix": "lix", + "lix-module": "lix-module", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..8d70995 --- /dev/null +++ b/flake.nix @@ -0,0 +1,96 @@ +{ + description = "I do not have to explain myself"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + + lix = { + url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; + flake = false; + }; + + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.lix.follows = "lix"; + }; + }; + + nixConfig = { + extra-experimental-features = [ "pipe-operator" "pipe-operators" ]; + extra-substituters = [ "https://cache.kyouma.net" ]; + extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ]; + }; + + outputs = { self, nixpkgs, lix-module, ... }: let + lib = nixpkgs.lib.extend (final: prev: { + neoidiosyn = { + systems = { + riscv64 = "rv64gc"; + aarch64 = "armv8.2-a"; + x86_64 = "x86-64-v3"; + } |> final.mapAttrs' (cpu: arch: { + name = "${cpu}-linux"; + value = { + config = "${cpu}-unknown-linux-musl"; + useLLVM = true; + linker = "lld"; + gcc = { inherit arch; }; + }; + }); + }; + }); + in { + inherit lib; + + overlays.default = lib.composeExtensions + lix-module.overlays.default + (import ./overlay.nix { inherit lib; }); + + legacyPackages = lib.neoidiosyn.systems + |> lib.mapAttrs (system: crossSystem: let + pkgs = import nixpkgs { + localSystem.config = { + riscv64-linux = "riscv64-unknown-linux-gnu"; + aarch64-linux = "aarch64-unknown-linux-musl"; + x86_64-linux = "x86_64-unknown-linux-musl"; + }.${system}; + + inherit crossSystem; + overlays = [ self.overlays.default ]; + }; + in pkgs // { + config = let + stdenv = import ./stdenv.nix { inherit lib pkgs; }; + in pkgs.config or { } // { + replaceStdenv = stdenv; + replaceCrossStdenv = stdenv; + }; + }); + + nixosModules = { + default = import ./module.nix; + } // lib.mapAttrs (system: pkgs: { + nixpkgs = { + inherit (pkgs) + buildPlatform + hostPlatform + overlays + config; + }; + }) self.legacyPackages; + + hydraJobs = lib.mapAttrs (system: pkgs: { + inherit (pkgs) stdenv; + nixos = let + nixos = lib.nixosSystem { + modules = [ + self.nixosModules.default + self.nixosModules.${system} + ./configuration.nix + ]; + }; + in nixos.config.system.build.toplevel; + }) self.legacyPackages; + }; +} diff --git a/module.nix b/module.nix new file mode 100644 index 0000000..6d47c64 --- /dev/null +++ b/module.nix @@ -0,0 +1,24 @@ +{ modulesPath, config, lib, pkgs, ... }: { + disabledModules = map (path: modulesPath + path) [ + "/config/ldso.nix" + "/config/stub-ld.nix" + "/programs/nix-ld.nix" + ]; + + config = { + i18n.glibcLocales = pkgs.stdenvNoCC.mkDerivation { + pname = "locale-archive-stub"; + version = "0"; + + buildCommand = '' + mkdir -p "$out/lib/locale" + touch "$out/lib/locale/locale-archive" + ''; + } |> lib.mkDefault; + + i18n.supportedLocales = lib.mkDefault [ ]; + security.pam.services.login.updateWtmp = lib.mkForce false; + services.nscd.enable = lib.mkForce false; + system.nssModules = lib.mkForce [ ]; + }; +} diff --git a/overlay.nix b/overlay.nix new file mode 100644 index 0000000..ae683bd --- /dev/null +++ b/overlay.nix @@ -0,0 +1,284 @@ +{ lib, ... }: final: prev: let + final' = final; + prev' = prev; + + alias = target: pkg: final.runCommand target { } '' + mkdir -p "$out/bin" + ln -s "${lib.getExe pkg}" "$out/bin/${target}" + ''; + + fetchFromGitHub = let + fetchzip = final.buildPackages.fetchzip.override { withUnzip = false; }; + in lib.makeOverridable ({ owner, repo, rev, hash, ... }: fetchzip { + url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; + inherit hash; + }); +in { + # compilers + llvmPackages = final.llvmPackages_latest; + gcc = final.gcc_latest; + + # memory allocation + mimalloc = prev.mimalloc.override { secureBuild = true; }; + + jemalloc = throw "jemalloc is not supported"; + bind = prev.bind.override { jemalloc = null; }; + + # Package replacements + jq = alias "jq" final.jaq; + zlib = final.callPackage ./zlib.nix { }; + + # cURL + curl = prev.curl.override { + gssSupport = false; + http3Support = true; + scpSupport = false; + zstdSupport = true; + + openssl = final.quictls; + }; + + # cURL HTTP3 dependencies + ngtcp2 = prev.ngtcp2.override { inherit fetchFromGitHub; }; + nghttp3 = prev.nghttp3.override { inherit fetchFromGitHub; }; + + # scopes + netbsd = prev.netbsd.overrideScope (final: prev: { + compatIfNeeded = [ final.compat ]; + + compat = prev.compat.overrideAttrs (prevAttrs: { + makeFlags = prevAttrs.makeFlags ++ [ "OBJCOPY=:" ]; + }); + }); + + # Perl + perlPackages = prev.perlPackages.overrideScope (final: prev: { + DBI = prev.DBI.overrideAttrs (prevAttrs: { + nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ + final'.stdenv.cc + final'.stdenv.cc.bintools + ]; + + makeMakerFlags = prevAttrs.makeMakerFlags or [ ] ++ [ + "CC=${final'.stdenv.cc.targetPrefix}cc" + "LD=${final'.stdenv.cc.targetPrefix}cc" + "CCFLAGS=-Doff64_t=off_t" + ]; + }); + }); + + # Python + python313 = (prev.python313.overrideAttrs (prevAttrs: { + nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ final.stdenv.cc.bintools ]; + })).override { + packageOverrides = final: prev: { + pyflakes = prev.pyflakes.overrideAttrs { + doCheck = false; + doInstallCheck = false; + }; + }; + }; + + python313Packages = final.python313.pkgs; + + python3 = final.python313; + python3Packages = final.python313Packages; + + # individual packages + beam = prev.beam_nox; + + cairo = prev.cairo.override { x11Support = false; }; + + cups = prev.cups.overrideAttrs { + autoVarInit = "zero"; + boundsCheck = true; + }; + + dbus = prev.dbus.override { x11Support = false; }; + + diffutils = prev.diffutils.overrideAttrs (prevAttrs: { + configureFlags = prevAttrs.configureFlags or [ ] ++ [ "--disable-nls" ]; + + postPatch = '' + sed -E -i 's/test-(getopt-(gnu|posix)|(c|m|re)alloc-gnu)//g' gnulib-tests/Makefile.in + ''; + }); + + electron = prev.electron.override { + electron-unwrapped = prev.electron.unwrapped.overrideAttrs (prevAttrs: { + autoVarInit = true; + boundsCheck = true; + + gnFlags = prevAttrs.gnFlags or "" + '' + # Disable X11 + ozone_platform_x11 = false + + # Disable internal memory allocator + use_partition_alloc_as_malloc = false + enable_backup_ref_ptr_support = false + enable_pointer_compression_support = false + ''; + }); + }; + + ffmpeg = final.ffmpeg-headless; + ffmpeg-headless = (prev.ffmpeg-headless.overrideAttrs { + ffpContract = false; + }).override { + withAlsa = false; + withSsh = false; + }; + + gd = prev.gd.override { withXorg = false; }; + ghostscript = prev.ghostscript.override { x11Support = false; }; + gobject-introspection = prev.gobject-introspection.override { x11Support = false; }; + graphviz = prev.graphviz-nox; + + gtk3 = prev.gtk3.override { + x11Support = false; + xineramaSupport = false; + }; + + gtk4 = prev.gtk4.override { + x11Support = false; + xineramaSupport = false; + }; + + imagemagick = prev.imagemagick.override { + libX11Support = false; + libXtSupport = false; + }; + + imlib2 = prev.imlib2.override { x11Support = false; }; + + iproute2 = prev.iproute2.overrideAttrs (prevAttrs: { + patches = prevAttrs.patches or [ ] ++ [ + (final.fetchpatch { + url = "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/patch/?id=043ef90e2fa94397eb5c85330889ca4146a6d58a"; + hash = "sha256-6q4NcdT2YXhhbMgLaiAjO2WFUcM9Pv8+J34rGzJqU5Q="; + }) + ]; + }); + + jdk8 = prev.jdk8_headless; + jre8 = prev.jre8_headless; + + kexec-tools = prev.kexec-tools.overrideAttrs (prevAttrs: { + makeFlags = prevAttrs.makeFlags or [ ] ++ [ "BUILD_KEXEC_TEST=no" ]; + }); + + libdrm = prev.libdrm.override { withValgrind = false; }; + + libepoxy = prev.libepoxy.overrideAttrs (prevAttrs: { + buildInputs = prevAttrs.buildInputs or [ ] ++ [ final.libGL ]; + mesonFlags = prevAttrs.mesonFlags or [ ] ++ [ "-Degl=yes" ]; + }); + + libjpeg = prev.libjpeg.overrideAttrs (prevAttrs: { + cmakeFlags = prevAttrs.cmakeFlags or [ ] ++ [ "-DFLOATTEST12=fp-contract" ]; + }); + + libpng = prev.libpng.overrideAttrs (prevAttrs: { + postPatch = prevAttrs.postPatch or "" + '' + + substituteInPlace tests/pngtest-all \ + --replace-warn --strict --relaxed + ''; + }); + + libpng-apng = final.libpng.override { apngSupport = true; }; + libpulseaudio = prev.libpulseaudio.override { fftwFloat = null; }; + + makeInitrdNG = prev.makeInitrdNG.overrideAttrs (prevAttrs: { + NIX_RUSTFLAGS = prevAttrs.NIX_RUSTFLAGS + |> map (flag: if flag == "lto" then "embed-bitcode=no" else flag); + }); + + mercurial = prev.mercurial.override { re2Support = false; }; + + mesa = (prev.mesa.overrideAttrs (prevAttrs: { + outputs = prevAttrs.outputs |> lib.remove "spirv2dxil"; + })).override { + galliumDrivers = [ + "llvmpipe" + "nouveau" + "radeonsi" + "virgl" + "zink" + ]; + + vulkanDrivers = [ + "amd" + "intel" + "nouveau" + "swrast" + "virtio" + ]; + }; + + mpv = final.mpv-unwrapped.wrapper { mpv = final.mpv-unwrapped; }; + mpv-unwrapped = prev.mpv-unwrapped.override { + alsaSupport = false; + cacaSupport = false; + openalSupport = false; + sdl2Support = false; + vdpauSupport = false; + x11Support = false; + }; + + nlohmann_json = prev.nlohmann_json.override { stdenv = final.gccStdenv; }; + nodejs = prev.nodejs.overrideAttrs { doCheck = false; }; + openjdk8 = prev.openjdk_headless; + + openssh = prev.openssh.overrideAttrs { + autoVarInit = "zero"; + boundsCheck = true; + }; + + pango = prev.pango.override { x11Support = false; }; + pipewire = prev.pipewire.override { x11Support = false; }; + speexdsp = prev.speexdsp.override { withFftw3 = false; }; + + systemd = prev.systemd.override { + withApparmor = false; + withIptables = false; + }; + + vim-full = prev.vim-full.override { guiSupport = false; }; + wayland = prev.wayland.override { withDocumentation = false; }; + + w3m = prev.w3m.override { + x11Support = false; + imlib2 = final.imlib2; + }; + + wasilibc = prev.wasilibc.overrideAttrs (finalAttrs: prevAttrs: { + version = "24"; + + src = prevAttrs.src.override { + rev = "refs/tags/wasi-sdk-${finalAttrs.version}"; + hash = "sha256-wfOvOWVJDH5+tC5pSTLV5FUPqf25W+A2N/vXlq4nSmk="; + }; + }); + + xvfb-run = final.callPackage ./xvfb-run.nix { + cage = final.cage.override { + wlroots = final.wlroots.override { enableXWayland = false; }; + xwayland = null; + }; + }; +} // lib.optionalAttrs (!prev.stdenv.buildPlatform.isx86) { + writeShellApplication = { ... }@args: prev.writeShellApplication (args // { + checkPhase = args.checkPhase or '' + runHook preCheck + ${final.stdenv.shellDryRun} "$target" + runHook postCheck + ''; + }); + + sudo-rs = (prev.sudo-rs.overrideAttrs { + postInstall = ""; + }).override { + pandoc = null; + }; +} diff --git a/stdenv.nix b/stdenv.nix new file mode 100644 index 0000000..29f9c2f --- /dev/null +++ b/stdenv.nix @@ -0,0 +1,50 @@ +{ lib, pkgs, ... }: { ... }@attrs: let + stdenv = attrs.stdenv or attrs.baseStdenv; + pkgs' = attrs.pkgs or attrs.buildPackages; + inherit (pkgs'.stdenv.cc) isClang; + inherit (pkgs'.stdenv.cc.bintools) isLLVM; +in pkgs.addAttrsToDerivation (prevAttrs: let + inherit (lib) optionals optionalAttrs toList; + inherit (stdenv) targetPlatform; + + ffpContract = prevAttrs.ffpContract or true; + autoVarInit = prevAttrs.autoVarInit or null; + boundsCheck = prevAttrs.boundsCheck or false; + overrideAlloc = prevAttrs.overrideAlloc or true; + + inputs = optionals overrideAlloc [ pkgs.mimalloc ]; + + cflags = [ "-pipe" ] + ++ optionals isClang [ "-ffp-contract=fast-honor-pragmas" ] + ++ optionals isLLVM [ "-flto" ] + ++ optionals (autoVarInit != null) [ "-ftrivial-auto-var-init=${autoVarInit}" ] + ++ optionals boundsCheck [ "-fsanitize-trap=bounds,object-size,vla-bound" ]; + + ldflags = [ "-O2" "--hash-style=gnu" ] + ++ optionals isLLVM [ "--icf=safe" "--lto-O2" ] + ++ optionals overrideAlloc [ "-lmimalloc" ]; + + rustflags = [ + "-C" "opt-level=2" + "-C" "linker-flavor=ld.lld" + "-C" "lto" + "-C" "linker-plugin-lto" + "-C" "target-cpu=${targetPlatform.gcc.arch}" + ] ++ (map (flag: [ "-C" "link-arg=${flag}" ]) ldflags |> lib.flatten); + + goflags = [ "-ldflags=-linkmode=external" ]; +in { + buildInputs = prevAttrs.buildInputs or [ ] ++ inputs; + env = prevAttrs.env or { } // optionalAttrs (!prevAttrs ? NIX_CFLAGS_COMPILE) { + NIX_CFLAGS_COMPILE = toList prevAttrs.env.NIX_CFLAGS_COMPILE or [ ] ++ cflags |> toString; + } // optionalAttrs (prevAttrs ? env.NIX_LDFLAGS) { + NIX_LDFLAGS = toList prevAttrs.env.NIX_LDFLAGS or [ ] ++ ldflags |> toString; + }; + + NIX_RUSTFLAGS = prevAttrs.NIX_RUSTFLAGS or [ ] ++ rustflags; + GOFLAGS = prevAttrs.GOFLAGS or [ ] ++ goflags; +} // optionalAttrs (prevAttrs ? NIX_CFLAGS_COMPILE) { + NIX_CFLAGS_COMPILE = toList prevAttrs.NIX_CFLAGS_COMPILE or [ ] ++ cflags; +} // optionalAttrs (!prevAttrs ? env.NIX_LDFLAGS) { + NIX_LDFLAGS = lib.toList prevAttrs.NIX_LDFLAGS or [ ] ++ ldflags; +}) stdenv diff --git a/xvfb-run.nix b/xvfb-run.nix new file mode 100644 index 0000000..4bba2f1 --- /dev/null +++ b/xvfb-run.nix @@ -0,0 +1,20 @@ +{ lib, writeShellApplication, cage }: + +writeShellApplication { + name = "xvfb-run"; + text = '' + # Discard all options + while [[ "$1" =~ ^- ]]; do + case "$1" in + (-e|-f|-n|-p|-s|-w) shift ;& + (*) shift ;; + esac + done + + WLR_BACKENDS=headless \ + WLR_LIBINPUT_NO_DEVICES=1 \ + WLR_RENDERER=pixman \ + XDG_RUNTIME_DIR="$(mktemp -d)" \ + exec '${lib.getExe cage}' -- "$@" + ''; +} diff --git a/zlib.nix b/zlib.nix new file mode 100644 index 0000000..bc18a73 --- /dev/null +++ b/zlib.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchurl, zlib-ng, ... }: + +assert zlib-ng.version == "2.2.2"; + +stdenv.mkDerivation (finalAttrs: { + inherit (zlib-ng) pname version; + + src = fetchurl { + url = "https://github.com/zlib-ng/zlib-ng/archive/refs/tags/${finalAttrs.version}.tar.gz"; + hash = "sha256-/LQd1Zo/FwAq6xuyHwRpbJtyFASJC7lFxas50stpZUw="; + }; + + outputs = [ "out" "dev" "man" ]; + + env = { + CROSS_PREFIX = stdenv.cc.targetPrefix; + }; + + setOutputFlags = false; + dontAddDisableDepTrack = true; + configurePlatforms = [ ]; + + configureFlags = [ + "--libdir=${placeholder "dev"}/lib" + "--sharedlibdir=${placeholder "out"}/lib" + "--includedir=${placeholder "dev"}/include" + "--zlib-compat" + ]; + + makeFlags = [ "mandir=$(man)/share/man" ]; +})