From 66057f4e3ca22aeed99f8e8bffc2c371f6168d9c Mon Sep 17 00:00:00 2001 From: Julian Mutter Date: Sun, 21 Jun 2026 13:20:51 +0200 Subject: [PATCH] Switch from devenv to flake --- .envrc | 11 +----- devenv.lock | 102 ---------------------------------------------------- devenv.nix | 41 --------------------- devenv.yaml | 10 ------ flake.lock | 27 ++++++++++++++ flake.nix | 85 +++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 113 insertions(+), 163 deletions(-) delete mode 100644 devenv.lock delete mode 100644 devenv.nix delete mode 100644 devenv.yaml create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/.envrc b/.envrc index 7e9a2d601..3550a30f2 100644 --- a/.envrc +++ b/.envrc @@ -1,10 +1 @@ -export DIRENV_WARN_TIMEOUT=20s - -eval "$(devenv direnvrc)" - -# `use devenv` supports the same options as the `devenv shell` command. -# -# To silence the output, use `--quiet`. -# -# Example usage: use devenv --quiet --impure --option services.postgres.enable:bool true -use devenv +use flake diff --git a/devenv.lock b/devenv.lock deleted file mode 100644 index 9354842d0..000000000 --- a/devenv.lock +++ /dev/null @@ -1,102 +0,0 @@ -{ - "nodes": { - "devenv": { - "locked": { - "dir": "src/modules", - "lastModified": 1781195293, - "narHash": "sha256-C9OFghpvf3RzK2rGsZjjNNrTrHgFOecEkpDhFnU4QGs=", - "owner": "cachix", - "repo": "devenv", - "rev": "5f5109c83854577191634f7b86fc6e0c8fd44964", - "type": "github" - }, - "original": { - "dir": "src/modules", - "owner": "cachix", - "repo": "devenv", - "type": "github" - } - }, - "mk-shell-bin": { - "locked": { - "lastModified": 1677004959, - "narHash": "sha256-/uEkr1UkJrh11vD02aqufCxtbF5YnhRTIKlx5kyvf+I=", - "owner": "rrbutani", - "repo": "nix-mk-shell-bin", - "rev": "ff5d8bd4d68a347be5042e2f16caee391cd75887", - "type": "github" - }, - "original": { - "owner": "rrbutani", - "repo": "nix-mk-shell-bin", - "type": "github" - } - }, - "nix2container": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775487831, - "narHash": "sha256-2lguQpLPQaxpQCJjXhmEEAfabwsAhkP29Z7fgLzHARA=", - "owner": "nlewo", - "repo": "nix2container", - "rev": "76be9608a7f4d6c985d28b0e7be903ae2547df3e", - "type": "github" - }, - "original": { - "owner": "nlewo", - "repo": "nix2container", - "type": "github" - } - }, - "nixpkgs": { - "inputs": { - "nixpkgs-src": "nixpkgs-src" - }, - "locked": { - "lastModified": 1778507786, - "narHash": "sha256-HzSQCKMsMr8r55LwM1JuzIOB+8bzk0FEv6sItKvsfoY=", - "owner": "cachix", - "repo": "devenv-nixpkgs", - "rev": "8f24a228a782e24576b155d1e39f0d914b380691", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "rolling", - "repo": "devenv-nixpkgs", - "type": "github" - } - }, - "nixpkgs-src": { - "flake": false, - "locked": { - "lastModified": 1778274207, - "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "devenv": "devenv", - "mk-shell-bin": "mk-shell-bin", - "nix2container": "nix2container", - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} \ No newline at end of file diff --git a/devenv.nix b/devenv.nix deleted file mode 100644 index ab812e765..000000000 --- a/devenv.nix +++ /dev/null @@ -1,41 +0,0 @@ -{pkgs, ...}: { - packages = with pkgs; [ - coreutils - curl - fdroidserver - sops - git - cacert - jq - ]; - - scripts = { - deploy-docker.exec = '' - devenv container copy processes - ''; - }; - - services.nginx = { - enable = true; - httpConfig = builtins.readFile ./hosting/nginx-http.conf; - }; - - processes.updater.exec = '' - while true; do - ${pkgs.writeShellScript "run-updater" (builtins.readFile ./hosting/update.sh)} - - echo "Sleeping for 30 minutes..." - sleep 1800 - done - ''; - - # environment variables for sops - # SOPS_PGP_FP - containers."processes" = { - name = "gitlab.julian-mutter.de/julian/fdroid-frajul"; - registry = "docker://"; - - copyToRoot = []; # avoid copying this repo - maxLayers = 10; - }; -} diff --git a/devenv.yaml b/devenv.yaml deleted file mode 100644 index 20699073f..000000000 --- a/devenv.yaml +++ /dev/null @@ -1,10 +0,0 @@ -inputs: - mk-shell-bin: - url: github:rrbutani/nix-mk-shell-bin - nix2container: - url: github:nlewo/nix2container - inputs: - nixpkgs: - follows: nixpkgs - nixpkgs: - url: github:cachix/devenv-nixpkgs/rolling diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..0ee730754 --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1781577229, + "narHash": "sha256-lrp67w8AulE9Ks53n27I45ADSzbOCn4H+CNW1Ck8B+8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "567a49d1913ce81ac6e9582e3553dd90a955875f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..ae0df314f --- /dev/null +++ b/flake.nix @@ -0,0 +1,85 @@ +{ + description = "Docker image with Nginx, F-Droid, and a 30-minute periodic task"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + outputs = {nixpkgs, ...}: let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + + periodicScript = pkgs.writeShellScript "run-update" (builtins.readFile ./hosting/update.sh); + caddyConfig = ./hosting/Caddyfile; + + entrypoint = pkgs.writeShellScript "entrypoint" '' + # Ensure necessary directories exist + mkdir -p /repo/fdroid/repo /tmp/caddy_data /tmp/caddy_config + + # Start the background loop (1800 seconds = 30 minutes) + echo "Starting 30-minute background loop..." + while true; do + ${periodicScript} + ${pkgs.coreutils}/bin/sleep 1800 + done & + + # Set environment variables so Caddy writes its state to /tmp instead of /root + export XDG_DATA_HOME=/tmp/caddy_data + export XDG_CONFIG_HOME=/tmp/caddy_config + + # Start Caddy in the foreground + echo "Starting Caddy..." + exec ${pkgs.caddy}/bin/caddy run --config ${caddyConfig} --adapter caddyfile + ''; + + deploy-script = pkgs.writeShellScriptBin "deploy" '' + ${pkgs.nix}/bin/nix build .#container + + ${pkgs.skopeo}/bin/skopeo copy \ + --registries-conf /dev/null \ + docker-archive:result \ + docker://gitlab.julian-mutter.de/julian/fdroid-frajul:latest + ''; + + dockerImage = pkgs.dockerTools.buildLayeredImage { + name = "gitlab.julian-mutter.de/julian/fdroid-frajul"; + tag = "latest"; + + contents = with pkgs; [ + coreutils + bashInteractive + caddy + dockerTools.fakeNss # Provides fake /etc/passwd for basic user emulation + dockerTools.usrBinEnv + dockerTools.binSh + dockerTools.caCertificates + + fdroidserver + jq + curl + sops + git + ]; + + config = { + Cmd = ["${entrypoint}"]; + WorkingDir = "/src"; + ExposedPorts = { + "8080/tcp" = {}; + }; + }; + maxLayers = 10; + }; + in { + # nix build .#container + # docker load < result + packages.${system}.container = dockerImage; + devShells.${system}.default = pkgs.mkShell { + packages = [ + deploy-script + + pkgs.skopeo + ]; + }; + }; +}