commit 7454d295cfa72a13d5340304adbd46232e8fcabc Author: Mikael Voss Date: Sat Nov 16 21:05:58 2024 +0100 Initial import diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a3d6222 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +# Hidden files +.* +!.git* + +# Nix +/result +/result-* diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..b056aa0 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: { + system.stateVersion = "25.05"; + + boot = { + enableContainers = false; + loader.grub.enable = false; + }; + + documentation = { + enable = false; + doc.enable = false; + info.enable = false; + man.enable = false; + nixos.enable = false; + }; + + environment.defaultPackages = lib.mkForce [ ]; + environment.systemPackages = lib.mkForce [ ]; + fileSystems."/".device = "nodev"; + + networking = { + nftables = { + enable = true; + checkRuleset = false; + }; + + useNetworkd = true; + }; + + programs = { + command-not-found.enable = false; + less.lessopen = null; + }; + + security = { + sudo.enable = false; + sudo-rs.enable = true; + }; + + services.dbus.implementation = "broker"; + + xdg = { + autostart.enable = false; + icons.enable = false; + mime.enable = false; + sounds.enable = false; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1c62452 --- /dev/null +++ b/flake.lock @@ -0,0 +1,114 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1731992627, + "narHash": "sha256-OjrXEVD8LtZB5X7LtPCdNx4n5iZOQ2nJmpDlM/foEkI=", + "rev": "f116608a20430b8484814300cdf22eebeb75a59f", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/f116608a20430b8484814300cdf22eebeb75a59f.tar.gz?rev=f116608a20430b8484814300cdf22eebeb75a59f" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": [ + "lix" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731967274, + "narHash": "sha256-n6dPGRlMGdL8X5gviA6ZuRfUdbdD5KiNN/BpABA5YT0=", + "rev": "aa2846680fa9a2032939d720487942567fd9eb63", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/aa2846680fa9a2032939d720487942567fd9eb63.tar.gz?rev=aa2846680fa9a2032939d720487942567fd9eb63" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1731890469, + "narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5083ec887760adfe12af64830a66807423a859a7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "lix": "lix", + "lix-module": "lix-module", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..2bbbb10 --- /dev/null +++ b/flake.nix @@ -0,0 +1,101 @@ +{ + description = "I do not have to explain myself"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + + lix = { + url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; + flake = false; + }; + + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.lix.follows = "lix"; + }; + }; + + nixConfig = { + extra-experimental-features = [ "pipe-operator" "pipe-operators" ]; + extra-substituters = [ "https://cache.kyouma.net" ]; + extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ]; + }; + + outputs = { self, nixpkgs, lix-module, ... }: let + lib = nixpkgs.lib.extend (final: prev: { + neoidiosyn = { + systems = { + riscv64 = "rv64gc"; + aarch64 = "armv8.2-a"; + x86_64 = "x86-64-v3"; + } |> final.mapAttrs' (cpu: arch: { + name = "${cpu}-linux"; + value = { + config = "${cpu}-unknown-linux-musl"; + useLLVM = true; + linker = "lld"; + gcc = { inherit arch; }; + }; + }); + }; + }); + in { + inherit lib; + + overlays.default = lib.composeExtensions + lix-module.overlays.default + (import ./overlay.nix { inherit lib; }); + + legacyPackages = lib.neoidiosyn.systems + |> lib.mapAttrs (system: crossSystem: let + pkgs = import nixpkgs { + localSystem.config = { + riscv64-linux = "riscv64-unknown-linux-gnu"; + aarch64-linux = "aarch64-unknown-linux-musl"; + x86_64-linux = "x86_64-unknown-linux-musl"; + }.${system}; + + inherit crossSystem; + overlays = [ self.overlays.default ]; + }; + in pkgs // { + config = let + stdenv = import ./stdenv.nix { inherit lib pkgs; }; + in pkgs.config or { } // { + replaceStdenv = stdenv; + replaceCrossStdenv = stdenv; + }; + }); + + nixosModules = { + default = import ./module.nix; + } // lib.mapAttrs (system: pkgs: { + nixpkgs = { + inherit (pkgs) + buildPlatform + hostPlatform + overlays + config; + }; + }) self.legacyPackages; + + hydraJobs = lib.mapAttrs (system: pkgs: { + inherit (pkgs) stdenv; + nixos = let + nixos = lib.nixosSystem { + modules = [ + self.nixosModules.default + self.nixosModules.${system} + ./configuration.nix + ]; + }; + in nixos.config.system.build.toplevel; + } // lib.genAttrs [ + "ffmpeg" + "kitty" + "nushell" + "wayland" + ] (pkg: pkgs.${pkg})) self.legacyPackages; + }; +} diff --git a/module.nix b/module.nix new file mode 100644 index 0000000..6d47c64 --- /dev/null +++ b/module.nix @@ -0,0 +1,24 @@ +{ modulesPath, config, lib, pkgs, ... }: { + disabledModules = map (path: modulesPath + path) [ + "/config/ldso.nix" + "/config/stub-ld.nix" + "/programs/nix-ld.nix" + ]; + + config = { + i18n.glibcLocales = pkgs.stdenvNoCC.mkDerivation { + pname = "locale-archive-stub"; + version = "0"; + + buildCommand = '' + mkdir -p "$out/lib/locale" + touch "$out/lib/locale/locale-archive" + ''; + } |> lib.mkDefault; + + i18n.supportedLocales = lib.mkDefault [ ]; + security.pam.services.login.updateWtmp = lib.mkForce false; + services.nscd.enable = lib.mkForce false; + system.nssModules = lib.mkForce [ ]; + }; +} diff --git a/overlay.nix b/overlay.nix new file mode 100644 index 0000000..2b88ffb --- /dev/null +++ b/overlay.nix @@ -0,0 +1,307 @@ +{ lib, ... }: final: prev: let + final' = final; + prev' = prev; + + alias = target: pkg: final.runCommand target { } '' + mkdir -p "$out/bin" + ln -s "${lib.getExe pkg}" "$out/bin/${target}" + ''; + + fetchFromGitHub = let + fetchzip = final.buildPackages.fetchzip.override { withUnzip = false; }; + in lib.makeOverridable ({ owner, repo, rev, hash, ... }: fetchzip { + url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; + inherit hash; + }); +in { + # compilers + llvmPackages = final.llvmPackages_latest; + gcc = final.gcc_latest; + + gfortran = final.wrapCC (final.gcc.cc.overrideAttrs (prevAttrs: { + configureFlags = prevAttrs.configureFlags or [ ] ++ [ "--disable-cody" ]; + })).override { + name = prev.gfortran.cc.pname; + inherit (prev.gfortran.cc) langFortran langCC langC profiledCompiler; + }; + + # memory allocation + mimalloc = prev.mimalloc.override { secureBuild = true; }; + + jemalloc = throw "jemalloc is not supported"; + bind = prev.bind.override { jemalloc = null; }; + + # Package replacements + jq = alias "jq" final.jaq; + zlib = final.callPackage ./zlib.nix { }; + + # cURL + curl = prev.curl.override { + gssSupport = false; + http3Support = true; + scpSupport = false; + zstdSupport = true; + + openssl = final.quictls; + }; + + # cURL HTTP3 dependencies + ngtcp2 = prev.ngtcp2.override { inherit fetchFromGitHub; }; + nghttp3 = prev.nghttp3.override { inherit fetchFromGitHub; }; + + # scopes + netbsd = prev.netbsd.overrideScope (final: prev: { + compatIfNeeded = [ final.compat ]; + + compat = prev.compat.overrideAttrs (prevAttrs: { + makeFlags = prevAttrs.makeFlags ++ [ "OBJCOPY=:" ]; + }); + }); + + # Perl + perlPackages = prev.perlPackages.overrideScope (final: prev: { + DBI = prev.DBI.overrideAttrs (prevAttrs: { + nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ + final'.stdenv.cc + final'.stdenv.cc.bintools + ]; + + makeMakerFlags = prevAttrs.makeMakerFlags or [ ] ++ [ + "CC=${final'.stdenv.cc.targetPrefix}cc" + "LD=${final'.stdenv.cc.targetPrefix}cc" + "CCFLAGS=-Doff64_t=off_t" + ]; + }); + }); + + # Python + python313 = (prev.python313.overrideAttrs (prevAttrs: { + nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ final.stdenv.cc.bintools ]; + })).override { + packageOverrides = final: prev: { + pyflakes = prev.pyflakes.overrideAttrs { + doCheck = false; + doInstallCheck = false; + }; + + sphinx = prev.sphinx.overrideAttrs { + doCheck = false; + doInstallCheck = false; + }; + }; + }; + + python313Packages = final.python313.pkgs; + + python3 = final.python313; + python3Packages = final.python313Packages; + + # individual packages + beam = prev.beam_nox; + + cairo = prev.cairo.override { x11Support = false; }; + + cups = prev.cups.overrideAttrs { + autoVarInit = "zero"; + boundsCheck = true; + }; + + dbus = prev.dbus.override { x11Support = false; }; + + diffutils = prev.diffutils.overrideAttrs (prevAttrs: { + configureFlags = prevAttrs.configureFlags or [ ] ++ [ "--disable-nls" ]; + + postPatch = '' + sed -E -i 's/test-(getopt-(gnu|posix)|(c|m|re)alloc-gnu)//g' gnulib-tests/Makefile.in + ''; + }); + + electron = prev.electron.override { + electron-unwrapped = prev.electron.unwrapped.overrideAttrs (prevAttrs: { + autoVarInit = true; + boundsCheck = true; + + gnFlags = prevAttrs.gnFlags or "" + '' + # Disable X11 + ozone_platform_x11 = false + + # Disable internal memory allocator + use_partition_alloc_as_malloc = false + enable_backup_ref_ptr_support = false + enable_pointer_compression_support = false + ''; + }); + }; + + ffmpeg = final.ffmpeg-headless; + ffmpeg-headless = (prev.ffmpeg-headless.overrideAttrs { + ffpContract = false; + }).override { + withAlsa = false; + withSsh = false; + }; + + gd = prev.gd.override { withXorg = false; }; + ghostscript = prev.ghostscript.override { x11Support = false; }; + gobject-introspection = prev.gobject-introspection.override { x11Support = false; }; + graphviz = prev.graphviz-nox; + + gtk3 = prev.gtk3.override { + x11Support = false; + xineramaSupport = false; + }; + + gtk4 = prev.gtk4.override { + x11Support = false; + xineramaSupport = false; + }; + + imagemagick = prev.imagemagick.override { + libX11Support = false; + libXtSupport = false; + }; + + imlib2 = prev.imlib2.override { x11Support = false; }; + + iproute2 = prev.iproute2.overrideAttrs (prevAttrs: { + patches = prevAttrs.patches or [ ] ++ [ + (final.fetchpatch { + url = "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/patch/?id=043ef90e2fa94397eb5c85330889ca4146a6d58a"; + hash = "sha256-6q4NcdT2YXhhbMgLaiAjO2WFUcM9Pv8+J34rGzJqU5Q="; + }) + ]; + }); + + jdk8 = prev.jdk8_headless; + jre8 = prev.jre8_headless; + + kexec-tools = prev.kexec-tools.overrideAttrs (prevAttrs: { + makeFlags = prevAttrs.makeFlags or [ ] ++ [ "BUILD_KEXEC_TEST=no" ]; + }); + + libdrm = prev.libdrm.override { withValgrind = false; }; + + libepoxy = prev.libepoxy.overrideAttrs (prevAttrs: { + buildInputs = prevAttrs.buildInputs or [ ] ++ [ final.libGL ]; + mesonFlags = prevAttrs.mesonFlags or [ ] ++ [ "-Degl=yes" ]; + }); + + libjpeg = prev.libjpeg.overrideAttrs (prevAttrs: { + cmakeFlags = prevAttrs.cmakeFlags or [ ] ++ [ "-DFLOATTEST12=fp-contract" ]; + }); + + libpng = prev.libpng.overrideAttrs (prevAttrs: { + postPatch = prevAttrs.postPatch or "" + '' + + substituteInPlace tests/pngtest-all \ + --replace-warn --strict --relaxed + ''; + }); + + libpng-apng = final.libpng.override { apngSupport = true; }; + libpulseaudio = prev.libpulseaudio.override { fftwFloat = null; }; + + librist = prev.librist.overrideAttrs (finalAttrs: prevAttrs: { + version = assert prevAttrs.version == "0.2.10"; "0.2.11"; + + src = prevAttrs.src.override { + rev = "refs/tags/${finalAttrs.version}"; + hash = "sha256-xWqyQl3peB/ENReMcDHzIdKXXCYOJYbhhG8tcSh36dY="; + }; + + patches = [ ]; + }); + + makeInitrdNG = prev.makeInitrdNG.overrideAttrs (prevAttrs: { + NIX_RUSTFLAGS = prevAttrs.NIX_RUSTFLAGS + |> map (flag: if flag == "lto" then "embed-bitcode=no" else flag); + }); + + mercurial = prev.mercurial.override { re2Support = false; }; + + mesa = (prev.mesa.overrideAttrs (prevAttrs: { + outputs = prevAttrs.outputs |> lib.remove "spirv2dxil"; + })).override { + galliumDrivers = [ + "llvmpipe" + "nouveau" + "radeonsi" + "virgl" + "zink" + ]; + + vulkanDrivers = [ + "amd" + "intel" + "nouveau" + "swrast" + "virtio" + ]; + }; + + mpv = final.mpv-unwrapped.wrapper { mpv = final.mpv-unwrapped; }; + mpv-unwrapped = prev.mpv-unwrapped.override { + alsaSupport = false; + cacaSupport = false; + openalSupport = false; + sdl2Support = false; + vdpauSupport = false; + x11Support = false; + }; + + nlohmann_json = prev.nlohmann_json.override { stdenv = final.gccStdenv; }; + nodejs = prev.nodejs.overrideAttrs { doCheck = false; }; + openjdk8 = prev.openjdk_headless; + + openssh = prev.openssh.overrideAttrs { + autoVarInit = "zero"; + boundsCheck = true; + }; + + pango = prev.pango.override { x11Support = false; }; + pipewire = prev.pipewire.override { x11Support = false; }; + speexdsp = prev.speexdsp.override { withFftw3 = false; }; + + systemd = prev.systemd.override { + withApparmor = false; + withIptables = false; + }; + + vim-full = prev.vim-full.override { guiSupport = false; }; + wayland = prev.wayland.override { withDocumentation = false; }; + + w3m = prev.w3m.override { + x11Support = false; + imlib2 = final.imlib2; + }; + + wasilibc = prev.wasilibc.overrideAttrs (finalAttrs: prevAttrs: { + version = "24"; + + src = prevAttrs.src.override { + rev = "refs/tags/wasi-sdk-${finalAttrs.version}"; + hash = "sha256-wfOvOWVJDH5+tC5pSTLV5FUPqf25W+A2N/vXlq4nSmk="; + }; + }); + + xvfb-run = final.callPackage ./xvfb-run.nix { + cage = final.cage.override { + wlroots = final.wlroots.override { enableXWayland = false; }; + xwayland = null; + }; + }; +} // lib.optionalAttrs (!prev.stdenv.buildPlatform.isx86) { + writeShellApplication = { ... }@args: prev.writeShellApplication (args // { + checkPhase = args.checkPhase or '' + runHook preCheck + ${final.stdenv.shellDryRun} "$target" + runHook postCheck + ''; + }); + + sudo-rs = (prev.sudo-rs.overrideAttrs { + postInstall = ""; + }).override { + pandoc = null; + }; +} diff --git a/stdenv.nix b/stdenv.nix new file mode 100644 index 0000000..29f9c2f --- /dev/null +++ b/stdenv.nix @@ -0,0 +1,50 @@ +{ lib, pkgs, ... }: { ... }@attrs: let + stdenv = attrs.stdenv or attrs.baseStdenv; + pkgs' = attrs.pkgs or attrs.buildPackages; + inherit (pkgs'.stdenv.cc) isClang; + inherit (pkgs'.stdenv.cc.bintools) isLLVM; +in pkgs.addAttrsToDerivation (prevAttrs: let + inherit (lib) optionals optionalAttrs toList; + inherit (stdenv) targetPlatform; + + ffpContract = prevAttrs.ffpContract or true; + autoVarInit = prevAttrs.autoVarInit or null; + boundsCheck = prevAttrs.boundsCheck or false; + overrideAlloc = prevAttrs.overrideAlloc or true; + + inputs = optionals overrideAlloc [ pkgs.mimalloc ]; + + cflags = [ "-pipe" ] + ++ optionals isClang [ "-ffp-contract=fast-honor-pragmas" ] + ++ optionals isLLVM [ "-flto" ] + ++ optionals (autoVarInit != null) [ "-ftrivial-auto-var-init=${autoVarInit}" ] + ++ optionals boundsCheck [ "-fsanitize-trap=bounds,object-size,vla-bound" ]; + + ldflags = [ "-O2" "--hash-style=gnu" ] + ++ optionals isLLVM [ "--icf=safe" "--lto-O2" ] + ++ optionals overrideAlloc [ "-lmimalloc" ]; + + rustflags = [ + "-C" "opt-level=2" + "-C" "linker-flavor=ld.lld" + "-C" "lto" + "-C" "linker-plugin-lto" + "-C" "target-cpu=${targetPlatform.gcc.arch}" + ] ++ (map (flag: [ "-C" "link-arg=${flag}" ]) ldflags |> lib.flatten); + + goflags = [ "-ldflags=-linkmode=external" ]; +in { + buildInputs = prevAttrs.buildInputs or [ ] ++ inputs; + env = prevAttrs.env or { } // optionalAttrs (!prevAttrs ? NIX_CFLAGS_COMPILE) { + NIX_CFLAGS_COMPILE = toList prevAttrs.env.NIX_CFLAGS_COMPILE or [ ] ++ cflags |> toString; + } // optionalAttrs (prevAttrs ? env.NIX_LDFLAGS) { + NIX_LDFLAGS = toList prevAttrs.env.NIX_LDFLAGS or [ ] ++ ldflags |> toString; + }; + + NIX_RUSTFLAGS = prevAttrs.NIX_RUSTFLAGS or [ ] ++ rustflags; + GOFLAGS = prevAttrs.GOFLAGS or [ ] ++ goflags; +} // optionalAttrs (prevAttrs ? NIX_CFLAGS_COMPILE) { + NIX_CFLAGS_COMPILE = toList prevAttrs.NIX_CFLAGS_COMPILE or [ ] ++ cflags; +} // optionalAttrs (!prevAttrs ? env.NIX_LDFLAGS) { + NIX_LDFLAGS = lib.toList prevAttrs.NIX_LDFLAGS or [ ] ++ ldflags; +}) stdenv diff --git a/xvfb-run.nix b/xvfb-run.nix new file mode 100644 index 0000000..4bba2f1 --- /dev/null +++ b/xvfb-run.nix @@ -0,0 +1,20 @@ +{ lib, writeShellApplication, cage }: + +writeShellApplication { + name = "xvfb-run"; + text = '' + # Discard all options + while [[ "$1" =~ ^- ]]; do + case "$1" in + (-e|-f|-n|-p|-s|-w) shift ;& + (*) shift ;; + esac + done + + WLR_BACKENDS=headless \ + WLR_LIBINPUT_NO_DEVICES=1 \ + WLR_RENDERER=pixman \ + XDG_RUNTIME_DIR="$(mktemp -d)" \ + exec '${lib.getExe cage}' -- "$@" + ''; +} diff --git a/zlib.nix b/zlib.nix new file mode 100644 index 0000000..bc18a73 --- /dev/null +++ b/zlib.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchurl, zlib-ng, ... }: + +assert zlib-ng.version == "2.2.2"; + +stdenv.mkDerivation (finalAttrs: { + inherit (zlib-ng) pname version; + + src = fetchurl { + url = "https://github.com/zlib-ng/zlib-ng/archive/refs/tags/${finalAttrs.version}.tar.gz"; + hash = "sha256-/LQd1Zo/FwAq6xuyHwRpbJtyFASJC7lFxas50stpZUw="; + }; + + outputs = [ "out" "dev" "man" ]; + + env = { + CROSS_PREFIX = stdenv.cc.targetPrefix; + }; + + setOutputFlags = false; + dontAddDisableDepTrack = true; + configurePlatforms = [ ]; + + configureFlags = [ + "--libdir=${placeholder "dev"}/lib" + "--sharedlibdir=${placeholder "out"}/lib" + "--includedir=${placeholder "dev"}/include" + "--zlib-compat" + ]; + + makeFlags = [ "mandir=$(man)/share/man" ]; +})