flake reorg

demostf · Jan 14, 2024 · 5e172bf · 5e172bf
1 parent 9b0e4af
commit 5e172bf
Show file tree

Hide file tree

Showing 8 changed files with 653 additions and 451 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,19 +1,19 @@
 [package]
-name = "backup"
+name = "demostf-backup"
 version = "0.1.0"
 authors = ["Robin Appelman <[email protected]>"]
 edition = "2018"
 
 [dependencies]
-thiserror = "1.0.30"
-dotenv = "0.15.0"
+thiserror = "1.0.56"
+dotenvy = "0.15.7"
 main_error = "0.1.2"
-demostf-client = { version = "0.4.0", default-features = false, features = ["rustls-tls"] }
-tokio = { version = "1.17.0", features = ["rt-multi-thread", "macros"] }
-tracing = "0.1.33"
-tracing-subscriber = "0.3.11"
-futures-util = "0.3.21"
+demostf-client = { version = "0.4.3", default-features = false, features = ["rustls-tls"] }
+tokio = { version = "1.35.1", features = ["rt-multi-thread", "macros"] }
+tracing = "0.1.40"
+tracing-subscriber = "0.3.18"
+futures-util = "0.3.30"
 md5 = "0.7.0"
 
 [profile.release]
-lto = true
+lto = true
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -1,141 +1,46 @@
 {
   inputs = {
-    nixpkgs.url = "nixpkgs/release-23.05";
+    nixpkgs.url = "nixpkgs/nixos-23.11";
     flake-utils.url = "github:numtide/flake-utils";
-    naersk.url = "github:nix-community/naersk";
-    naersk.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = { self, nixpkgs, flake-utils, naersk }:
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+  }:
     flake-utils.lib.eachDefaultSystem (
       system: let
-        pkgs = nixpkgs.legacyPackages."${system}";
-        naersk-lib = naersk.lib."${system}";
-        lib = pkgs.lib;
-      in
-        rec {
-          # `nix build`
-          packages = rec {
-            demobackup = naersk-lib.buildPackage {
-              pname = "demobackup";
-              root = lib.sources.sourceByRegex (lib.cleanSource ./.) ["Cargo.*" "src" "src/.*"];
-            };
-            dockerImage = pkgs.dockerTools.buildImage {
-              name = "demostf/backup";
-              tag = "latest";
-              copyToRoot = [demobackup];
-              config = {
-                Cmd = [ "${demobackup}/bin/backup"];
-              };
-            };
-          };
-          defaultPackage = packages.demobackup;
-
-          # `nix run`
-          apps.hello-world = flake-utils.lib.mkApp {
-            drv = packages.demobackup;
-          };
-          defaultApp = apps.demobackup;
+        overlays = [
+          (import ./overlay.nix)
+        ];
+        pkgs = (import nixpkgs) {
+          inherit system overlays;
+        };
+      in rec {
+        packages = rec {
+          demostf-backup = pkgs.demostf-backup;
+          default = demostf-backup;
+        };
 
-          # `nix develop`
-          devShells.default = pkgs.mkShell {
-            nativeBuildInputs = with pkgs; [ rustc cargo rustfmt clippy ];
-          };
-        }
+        devShells.default = pkgs.mkShell {
+          nativeBuildInputs = with pkgs; [rustc cargo rustfmt clippy cargo-edit cargo-audit bacon];
+        };
+      }
     )
     // {
-      nixosModule = {
+      overlays.default = import ./overlay.nix;
+      nixosModules.default = {
+        pkgs,
         config,
         lib,
-        pkgs,
         ...
-      }:
-        with lib; let
-          cfg = config.services.demosbackup;
-        in {
-          options.services.demosbackup = {
-            enable = mkEnableOption "Enables the demos backup service";
-
-            target = mkOption {
-              type = types.str;
-              description = "target directory";
-            };
-            api = mkOption {
-              type = types.str;
-              default = "https://api.demos.tf";
-              description = "demos.tf api url";
-            };
-            stateFile = mkOption {
-              type = types.str;
-              description = "state file path";
-            };
-            logLevel = mkOption {
-              type = types.str;
-              default = "INFO";
-              description = "log level";
-            };
-            user = mkOption {
-              type = types.str;
-              description = "user that owns the demos";
-            };
-            interval = mkOption {
-              type = types.str;
-              default = "*:0/10";
-              description = "Interval to run the service";
-            };
-          };
-
-          config = mkIf cfg.enable {
-            systemd.services.demosbackup = let
-              pkg = self.defaultPackage.${pkgs.system};
-            in {
-              script = "${pkg}/bin/backup";
-              description = "Backup demos for demos.tf";
-
-              environment = {
-                STORAGE_ROOT = cfg.target;
-                SOURCE = cfg.api;
-                STATE_FILE = cfg.stateFile;
-                RUST_LOG = cfg.logLevel;
-              };
-
-              serviceConfig = {
-                ReadWritePaths = [cfg.target cfg.stateFile];
-                Restart = "on-failure";
-                User = cfg.user;
-                PrivateTmp = true;
-                ProtectSystem = "strict";
-                ProtectHome = true;
-                NoNewPrivileges = true;
-                PrivateDevices = true;
-                ProtectClock = true;
-                CapabilityBoundingSet = true;
-                ProtectKernelLogs = true;
-                ProtectControlGroups = true;
-                SystemCallArchitectures = "native";
-                ProtectKernelModules = true;
-                RestrictNamespaces = true;
-                MemoryDenyWriteExecute = true;
-                ProtectHostname = true;
-                LockPersonality = true;
-                ProtectKernelTunables = true;
-                RestrictAddressFamilies = "AF_INET AF_INET6";
-                RestrictRealtime = true;
-                ProtectProc = "noaccess";
-                SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
-                IPAddressDeny = "localhost link-local multicast";
-              };
-            };
-
-            systemd.timers.demosbackup = {
-              enable = true;
-              description = "Backup demos for demos.tf";
-              wantedBy = ["multi-user.target"];
-              timerConfig = {
-                OnCalendar = "*:0/10";
-              };
-            };
-          };
+      }: {
+        imports = [./module.nix];
+        config = lib.mkIf config.services.demostf-backup.enable {
+          nixpkgs.overlays = [self.overlays.default];
+          services.demostf-backup.package = lib.mkDefault pkgs.demostf-backup;
         };
+      };
     };
 }
diff --git a/module.nix b/module.nix
@@ -0,0 +1,97 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.demostf-backup;
+in {
+  options.services.demostf-backup = {
+    enable = mkEnableOption "Enables the demos backup service";
+
+    target = mkOption {
+      type = types.str;
+      description = "target directory";
+    };
+    api = mkOption {
+      type = types.str;
+      default = "https://api.demos.tf";
+      description = "demos.tf api url";
+    };
+    stateFile = mkOption {
+      type = types.str;
+      description = "state file path";
+    };
+    logLevel = mkOption {
+      type = types.str;
+      default = "INFO";
+      description = "log level";
+    };
+    user = mkOption {
+      type = types.str;
+      description = "user that owns the demos";
+    };
+    interval = mkOption {
+      type = types.str;
+      default = "*:0/10";
+      description = "Interval to run the service";
+    };
+
+    package = mkOption {
+      type = types.package;
+      defaultText = literalExpression "pkgs.demostf-backup";
+      description = "package to use";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.demostf-backup = {
+      description = "Backup demos for demos.tf";
+
+      environment = {
+        STORAGE_ROOT = cfg.target;
+        SOURCE = cfg.api;
+        STATE_FILE = cfg.stateFile;
+        RUST_LOG = cfg.logLevel;
+      };
+
+      serviceConfig = {
+        ExecStart = "${cfg.package}/bin/demostf-backup";
+        ReadWritePaths = [cfg.target cfg.stateFile];
+        Restart = "on-failure";
+        User = cfg.user;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        ProtectClock = true;
+        CapabilityBoundingSet = true;
+        ProtectKernelLogs = true;
+        ProtectControlGroups = true;
+        SystemCallArchitectures = "native";
+        ProtectKernelModules = true;
+        RestrictNamespaces = true;
+        MemoryDenyWriteExecute = true;
+        ProtectHostname = true;
+        LockPersonality = true;
+        ProtectKernelTunables = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictRealtime = true;
+        ProtectProc = "noaccess";
+        SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
+        IPAddressDeny = "localhost link-local multicast";
+      };
+    };
+
+    systemd.timers.demostf-backup = {
+      enable = true;
+      description = "Backup demos for demos.tf";
+      wantedBy = ["multi-user.target"];
+      timerConfig = {
+        OnCalendar = "*:0/10";
+      };
+    };
+  };
+}
diff --git a/overlay.nix b/overlay.nix
@@ -0,0 +1,3 @@
+final: prev: {
+  demostf-backup = final.callPackage ./package.nix {};
+}