From a3199ac2c7b7f28283635ce5e3d27fe2e676c882 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 16 Nov 2024 21:05:58 +0100 Subject: [PATCH] Initial import --- .gitignore | 7 ++ configuration.nix | 47 ++++++++ flake.lock | 114 +++++++++++++++++++ flake.nix | 96 ++++++++++++++++ module.nix | 24 ++++ overlay.nix | 275 ++++++++++++++++++++++++++++++++++++++++++++++ stdenv.nix | 50 +++++++++ xvfb-run.nix | 20 ++++ zlib.nix | 31 ++++++ 9 files changed, 664 insertions(+) create mode 100644 .gitignore create mode 100644 configuration.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 module.nix create mode 100644 overlay.nix create mode 100644 stdenv.nix create mode 100644 xvfb-run.nix create mode 100644 zlib.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a3d6222 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +# Hidden files +.* +!.git* + +# Nix +/result +/result-* diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..407dab9 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: { + system.stateVersion = "25.05"; + + boot = { + enableContainers = false; + loader.grub.enable = false; + }; + + documentation = { + enable = false; + doc.enable = false; + info.enable = false; + man.enable = false; + nixos.enable = false; + }; + + environment.defaultPackages = [ ]; + fileSystems."/".device = "nodev"; + + networking = { + nftables = { + enable = true; + checkRuleset = false; + }; + + useNetworkd = true; + }; + + programs = { + command-not-found.enable = false; + less.lessopen = null; + }; + + security = { + sudo.enable = false; + sudo-rs.enable = true; + }; + + services.dbus.implementation = "broker"; + + xdg = { + autostart.enable = false; + icons.enable = false; + mime.enable = false; + sounds.enable = false; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1c62452 --- /dev/null +++ b/flake.lock @@ -0,0 +1,114 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1731992627, + "narHash": "sha256-OjrXEVD8LtZB5X7LtPCdNx4n5iZOQ2nJmpDlM/foEkI=", + "rev": "f116608a20430b8484814300cdf22eebeb75a59f", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/f116608a20430b8484814300cdf22eebeb75a59f.tar.gz?rev=f116608a20430b8484814300cdf22eebeb75a59f" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": [ + "lix" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731967274, + "narHash": "sha256-n6dPGRlMGdL8X5gviA6ZuRfUdbdD5KiNN/BpABA5YT0=", + "rev": "aa2846680fa9a2032939d720487942567fd9eb63", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/aa2846680fa9a2032939d720487942567fd9eb63.tar.gz?rev=aa2846680fa9a2032939d720487942567fd9eb63" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1731890469, + "narHash": "sha256-D1FNZ70NmQEwNxpSSdTXCSklBH1z2isPR84J6DQrJGs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5083ec887760adfe12af64830a66807423a859a7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "lix": "lix", + "lix-module": "lix-module", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..8d70995 --- /dev/null +++ b/flake.nix @@ -0,0 +1,96 @@ +{ + description = "I do not have to explain myself"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + + lix = { + url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; + flake = false; + }; + + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.lix.follows = "lix"; + }; + }; + + nixConfig = { + extra-experimental-features = [ "pipe-operator" "pipe-operators" ]; + extra-substituters = [ "https://cache.kyouma.net" ]; + extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ]; + }; + + outputs = { self, nixpkgs, lix-module, ... }: let + lib = nixpkgs.lib.extend (final: prev: { + neoidiosyn = { + systems = { + riscv64 = "rv64gc"; + aarch64 = "armv8.2-a"; + x86_64 = "x86-64-v3"; + } |> final.mapAttrs' (cpu: arch: { + name = "${cpu}-linux"; + value = { + config = "${cpu}-unknown-linux-musl"; + useLLVM = true; + linker = "lld"; + gcc = { inherit arch; }; + }; + }); + }; + }); + in { + inherit lib; + + overlays.default = lib.composeExtensions + lix-module.overlays.default + (import ./overlay.nix { inherit lib; }); + + legacyPackages = lib.neoidiosyn.systems + |> lib.mapAttrs (system: crossSystem: let + pkgs = import nixpkgs { + localSystem.config = { + riscv64-linux = "riscv64-unknown-linux-gnu"; + aarch64-linux = "aarch64-unknown-linux-musl"; + x86_64-linux = "x86_64-unknown-linux-musl"; + }.${system}; + + inherit crossSystem; + overlays = [ self.overlays.default ]; + }; + in pkgs // { + config = let + stdenv = import ./stdenv.nix { inherit lib pkgs; }; + in pkgs.config or { } // { + replaceStdenv = stdenv; + replaceCrossStdenv = stdenv; + }; + }); + + nixosModules = { + default = import ./module.nix; + } // lib.mapAttrs (system: pkgs: { + nixpkgs = { + inherit (pkgs) + buildPlatform + hostPlatform + overlays + config; + }; + }) self.legacyPackages; + + hydraJobs = lib.mapAttrs (system: pkgs: { + inherit (pkgs) stdenv; + nixos = let + nixos = lib.nixosSystem { + modules = [ + self.nixosModules.default + self.nixosModules.${system} + ./configuration.nix + ]; + }; + in nixos.config.system.build.toplevel; + }) self.legacyPackages; + }; +} diff --git a/module.nix b/module.nix new file mode 100644 index 0000000..6d47c64 --- /dev/null +++ b/module.nix @@ -0,0 +1,24 @@ +{ modulesPath, config, lib, pkgs, ... }: { + disabledModules = map (path: modulesPath + path) [ + "/config/ldso.nix" + "/config/stub-ld.nix" + "/programs/nix-ld.nix" + ]; + + config = { + i18n.glibcLocales = pkgs.stdenvNoCC.mkDerivation { + pname = "locale-archive-stub"; + version = "0"; + + buildCommand = '' + mkdir -p "$out/lib/locale" + touch "$out/lib/locale/locale-archive" + ''; + } |> lib.mkDefault; + + i18n.supportedLocales = lib.mkDefault [ ]; + security.pam.services.login.updateWtmp = lib.mkForce false; + services.nscd.enable = lib.mkForce false; + system.nssModules = lib.mkForce [ ]; + }; +} diff --git a/overlay.nix b/overlay.nix new file mode 100644 index 0000000..3d38efe --- /dev/null +++ b/overlay.nix @@ -0,0 +1,275 @@ +{ lib, ... }: final: prev: let + final' = final; + prev' = prev; + + alias = target: pkg: final.runCommand target { } '' + mkdir -p "$out/bin" + ln -s "${lib.getExe pkg}" "$out/bin/${target}" + ''; + + fetchFromGitHub = let + fetchzip = final.buildPackages.fetchzip.override { withUnzip = false; }; + in lib.makeOverridable ({ owner, repo, rev, hash, ... }: fetchzip { + url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; + inherit hash; + }); +in { + # compilers + llvmPackages = final.llvmPackages_latest; + gcc = final.gcc_latest; + + # memory allocation + mimalloc = prev.mimalloc.override { secureBuild = true; }; + + jemalloc = throw "jemalloc is not supported"; + bind = prev.bind.override { jemalloc = null; }; + + # Package replacements + jq = alias "jq" final.jaq; + zlib = final.callPackage ./zlib.nix { }; + + # cURL + curl = prev.curl.override { + gssSupport = false; + http3Support = true; + scpSupport = false; + zstdSupport = true; + + openssl = final.quictls; + }; + + # cURL HTTP3 dependencies + ngtcp2 = prev.ngtcp2.override { inherit fetchFromGitHub; }; + nghttp3 = prev.nghttp3.override { inherit fetchFromGitHub; }; + + # scopes + netbsd = prev.netbsd.overrideScope (final: prev: { + compatIfNeeded = [ final.compat ]; + + compat = prev.compat.overrideAttrs (prevAttrs: { + makeFlags = prevAttrs.makeFlags ++ [ "OBJCOPY=:" ]; + }); + }); + + # Perl + perlPackages = prev.perlPackages.overrideScope (final: prev: { + DBI = prev.DBI.overrideAttrs (prevAttrs: { + nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ + final'.stdenv.cc + final'.stdenv.cc.bintools + ]; + + makeMakerFlags = prevAttrs.makeMakerFlags or [ ] ++ [ + "CC=${final'.stdenv.cc.targetPrefix}cc" + "LD=${final'.stdenv.cc.targetPrefix}cc" + "CCFLAGS=-Doff64_t=off_t" + ]; + }); + }); + + # Python + python313 = (prev.python313.overrideAttrs (prevAttrs: { + env = prevAttrs.env or { } // { + LD = "${final.stdenv.cc.bintools}/bin/${final.stdenv.cc.targetPrefix}ld"; + }; + })).override { + packageOverrides = final: prev: { + pyflakes = prev.pyflakes.overrideAttrs { + doCheck = false; + doInstallCheck = false; + }; + }; + }; + + python313Packages = final.python313.pkgs; + + python3 = final.python313; + python3Packages = final.python313Packages; + + # individual packages + beam = prev.beam_nox; + + cairo = prev.cairo.override { x11Support = false; }; + + cups = prev.cups.overrideAttrs { + autoVarInit = "zero"; + boundsCheck = true; + }; + + dbus = prev.dbus.override { x11Support = false; }; + + diffutils = prev.diffutils.overrideAttrs (prevAttrs: { + configureFlags = prevAttrs.configureFlags or [ ] ++ [ "--disable-nls" ]; + + postPatch = '' + sed -E -i 's/test-(getopt-(gnu|posix)|(c|m|re)alloc-gnu)//g' gnulib-tests/Makefile.in + ''; + }); + + electron = prev.electron.override { + electron-unwrapped = prev.electron.unwrapped.overrideAttrs (prevAttrs: { + autoVarInit = true; + boundsCheck = true; + + gnFlags = prevAttrs.gnFlags or "" + '' + # Disable X11 + ozone_platform_x11 = false + + # Disable internal memory allocator + use_partition_alloc_as_malloc = false + enable_backup_ref_ptr_support = false + enable_pointer_compression_support = false + ''; + }); + }; + + ffmpeg = final.ffmpeg-headless; + ffmpeg-headless = (prev.ffmpeg-headless.overrideAttrs { + ffpContract = false; + }).override { + withAlsa = false; + withSsh = false; + }; + + gd = prev.gd.override { withXorg = false; }; + ghostscript = prev.ghostscript.override { x11Support = false; }; + gobject-introspection = prev.gobject-introspection.override { x11Support = false; }; + graphviz = prev.graphviz-nox; + + gtk3 = prev.gtk3.override { + x11Support = false; + xineramaSupport = false; + }; + + gtk4 = prev.gtk4.override { + x11Support = false; + xineramaSupport = false; + }; + + imagemagick = prev.imagemagick.override { + libX11Support = false; + libXtSupport = false; + }; + + imlib2 = prev.imlib2.override { x11Support = false; }; + + iproute2 = prev.iproute2.overrideAttrs (prevAttrs: { + patches = prevAttrs.patches or [ ] ++ [ + (final.fetchpatch { + url = "https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/patch/?id=043ef90e2fa94397eb5c85330889ca4146a6d58a"; + hash = "sha256-6q4NcdT2YXhhbMgLaiAjO2WFUcM9Pv8+J34rGzJqU5Q="; + }) + ]; + }); + + jdk8 = prev.jdk8_headless; + jre8 = prev.jre8_headless; + + kexec-tools = prev.kexec-tools.overrideAttrs (prevAttrs: { + makeFlags = prevAttrs.makeFlags or [ ] ++ [ "BUILD_KEXEC_TEST=no" ]; + }); + + libdrm = prev.libdrm.override { withValgrind = false; }; + + libepoxy = prev.libepoxy.overrideAttrs (prevAttrs: { + buildInputs = prevAttrs.buildInputs or [ ] ++ [ final.libGL ]; + mesonFlags = prevAttrs.mesonFlags or [ ] ++ [ "-Degl=yes" ]; + }); + + libjpeg = prev.libjpeg.overrideAttrs (prevAttrs: { + cmakeFlags = prevAttrs.cmakeFlags or [ ] ++ [ "-DFLOATTEST12=fp-contract" ]; + }); + + libpng = prev.libpng.overrideAttrs (prevAttrs: { + postPatch = prevAttrs.postPatch or "" + '' + + substituteInPlace tests/pngtest-all \ + --replace-warn --strict --relaxed + ''; + }); + + libpng-apng = final.libpng.override { apngSupport = true; }; + libpulseaudio = prev.libpulseaudio.override { fftwFloat = null; }; + mercurial = prev.mercurial.override { re2Support = false; }; + + mesa = (prev.mesa.overrideAttrs (prevAttrs: { + outputs = prevAttrs.outputs |> lib.remove "spirv2dxil"; + })).override { + galliumDrivers = [ + "llvmpipe" + "nouveau" + "radeonsi" + "virgl" + "zink" + ]; + + vulkanDrivers = [ + "amd" + "intel" + "nouveau" + "swrast" + "virtio" + ]; + }; + + mpv = final.mpv-unwrapped.wrapper { mpv = final.mpv-unwrapped; }; + mpv-unwrapped = prev.mpv-unwrapped.override { + alsaSupport = false; + cacaSupport = false; + openalSupport = false; + sdl2Support = false; + vdpauSupport = false; + x11Support = false; + }; + + nlohmann_json = prev.nlohmann_json.override { stdenv = final.gccStdenv; }; + nodejs = prev.nodejs.overrideAttrs { doCheck = false; }; + openjdk8 = prev.openjdk_headless; + + openssh = prev.openssh.overrideAttrs { + autoVarInit = "zero"; + boundsCheck = true; + }; + + pango = prev.pango.override { x11Support = false; }; + pipewire = prev.pipewire.override { x11Support = false; }; + + systemd = prev.systemd.override { + withApparmor = false; + withIptables = false; + }; + + vim-full = prev.vim-full.override { guiSupport = false; }; + wayland = prev.wayland.override { withDocumentation = false; }; + + w3m = prev.w3m.override { + x11Support = false; + imlib2 = final.imlib2; + }; + + wasilibc = prev.wasilibc.overrideAttrs (finalAttrs: prevAttrs: { + version = "24"; + + src = prevAttrs.src.override { + rev = "refs/tags/wasi-sdk-${finalAttrs.version}"; + hash = "sha256-wfOvOWVJDH5+tC5pSTLV5FUPqf25W+A2N/vXlq4nSmk="; + }; + }); + + wlroots = prev.wlroots.override { enableXWayland = false; }; + xvfb-run = final.callPackage ./xvfb-run.nix { }; +} // lib.optionalAttrs (!prev.stdenv.buildPlatform.isx86) { + writeShellApplication = { ... }@args: prev.writeShellApplication (args // { + checkPhase = args.checkPhase or '' + runHook preCheck + ${final.stdenv.shellDryRun} "$target" + runHook postCheck + ''; + }); + + sudo-rs = (prev.sudo-rs.overrideAttrs { + postInstall = ""; + }).override { + pandoc = null; + }; +} diff --git a/stdenv.nix b/stdenv.nix new file mode 100644 index 0000000..95eb9ac --- /dev/null +++ b/stdenv.nix @@ -0,0 +1,50 @@ +{ lib, pkgs, ... }: { ... }@attrs: let + stdenv = attrs.stdenv or attrs.baseStdenv; + pkgs' = attrs.pkgs or attrs.buildPackages; + inherit (pkgs'.stdenv.cc) isClang; + inherit (pkgs'.stdenv.cc.bintools) isLLVM; +in pkgs.addAttrsToDerivation (prevAttrs: let + inherit (lib) optionals optionalAttrs toList; + inherit (stdenv) targetPlatform; + + ffpContract = prevAttrs.ffpContract or true; + autoVarInit = prevAttrs.autoVarInit or null; + boundsCheck = prevAttrs.boundsCheck or false; + overrideAlloc = prevAttrs.overrideAlloc or true; + + inputs = optionals overrideAlloc [ pkgs.mimalloc ]; + + cflags = [ "-pipe" ] + ++ optionals isClang [ "-ffp-contract=fast-honor-pragmas" ] + ++ optionals isLLVM [ "-flto" ] + ++ optionals (autoVarInit != null) [ "-ftrivial-auto-var-init=${autoVarInit}" ] + ++ optionals boundsCheck [ "-fsanitize-trap=bounds,object-size,vla-bound" ]; + + ldflags = [ "-O2" "--hash-style=gnu" ] + ++ optionals isLLVM [ "--icf=safe" "--lto-O2" ] + ++ optionals overrideAlloc [ "-lmimalloc" ]; + + rustflags = [ + "-C" "opt-level=2" + "-C" "linker-flavor=ld.lld" + "-C" "lto" + "-C" "linker-plugin-lto" + "-C" "target-cpu=${targetPlatform.gcc.arch}" + ] ++ (map (flag: [ "-C" "link-arg=${flag}" ]) ldflags |> lib.flatten); + + goflags = [ "-ldflags=-linkmode=external" ]; +in { + extraBuildInputs = prevAttrs.extraBuildInputs or [ ] ++ inputs; + env = prevAttrs.env or { } // optionalAttrs (!prevAttrs ? NIX_CFLAGS_COMPILE) { + NIX_CFLAGS_COMPILE = toList prevAttrs.env.NIX_CFLAGS_COMPILE or [ ] ++ cflags |> toString; + } // optionalAttrs (prevAttrs ? env.NIX_LDFLAGS) { + NIX_LDFLAGS = toList prevAttrs.env.NIX_LDFLAGS or [ ] ++ ldflags |> toString; + }; + + NIX_RUSTFLAGS = prevAttrs.NIX_RUSTFLAGS or [ ] ++ rustflags; + GOFLAGS = prevAttrs.GOFLAGS or [ ] ++ goflags; +} // optionalAttrs (prevAttrs ? NIX_CFLAGS_COMPILE) { + NIX_CFLAGS_COMPILE = toList prevAttrs.NIX_CFLAGS_COMPILE or [ ] ++ cflags; +} // optionalAttrs (!prevAttrs ? env.NIX_LDFLAGS) { + NIX_LDFLAGS = lib.toList prevAttrs.NIX_LDFLAGS or [ ] ++ ldflags; +}) stdenv diff --git a/xvfb-run.nix b/xvfb-run.nix new file mode 100644 index 0000000..4bba2f1 --- /dev/null +++ b/xvfb-run.nix @@ -0,0 +1,20 @@ +{ lib, writeShellApplication, cage }: + +writeShellApplication { + name = "xvfb-run"; + text = '' + # Discard all options + while [[ "$1" =~ ^- ]]; do + case "$1" in + (-e|-f|-n|-p|-s|-w) shift ;& + (*) shift ;; + esac + done + + WLR_BACKENDS=headless \ + WLR_LIBINPUT_NO_DEVICES=1 \ + WLR_RENDERER=pixman \ + XDG_RUNTIME_DIR="$(mktemp -d)" \ + exec '${lib.getExe cage}' -- "$@" + ''; +} diff --git a/zlib.nix b/zlib.nix new file mode 100644 index 0000000..bc18a73 --- /dev/null +++ b/zlib.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchurl, zlib-ng, ... }: + +assert zlib-ng.version == "2.2.2"; + +stdenv.mkDerivation (finalAttrs: { + inherit (zlib-ng) pname version; + + src = fetchurl { + url = "https://github.com/zlib-ng/zlib-ng/archive/refs/tags/${finalAttrs.version}.tar.gz"; + hash = "sha256-/LQd1Zo/FwAq6xuyHwRpbJtyFASJC7lFxas50stpZUw="; + }; + + outputs = [ "out" "dev" "man" ]; + + env = { + CROSS_PREFIX = stdenv.cc.targetPrefix; + }; + + setOutputFlags = false; + dontAddDisableDepTrack = true; + configurePlatforms = [ ]; + + configureFlags = [ + "--libdir=${placeholder "dev"}/lib" + "--sharedlibdir=${placeholder "out"}/lib" + "--includedir=${placeholder "dev"}/include" + "--zlib-compat" + ]; + + makeFlags = [ "mandir=$(man)/share/man" ]; +})