flake reorg

2026-06-03 10:14:11 +02:00 · 2024-02-23 19:30:06 +01:00 · 2024-02-23 19:30:06 +01:00 · 5647cdd759
commit 5647cdd759
parent c6715e9498
7 changed files with 145 additions and 19 deletions
--- a/api-server/Cargo.lock
+++ b/api-server/Cargo.lock
@ -1742,9 +1742,9 @@ dependencies = [

 [[package]]
 name = "ugc-scraper"
-version = "0.2.4"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08bf51a31c6002154c76405bde69310880f9107612851620a360c8812feaca7f"
+checksum = "11b4b037bee0f48414cd67199b591d7503fde00dec683f2b9dbbaff5e54539b0"
 dependencies = [
 "reqwest",
 "scraper",
--- a/api-server/Cargo.toml
+++ b/api-server/Cargo.toml
@ -6,8 +6,8 @@ edition = "2021"
 [dependencies]
 tokio = { version = "1.34.0", features = ["macros", "rt-multi-thread", "rt"] }
 main_error = "0.1.2"
-#ugc-scraper = { path = "../", version = "0.2.4" }
-ugc-scraper = "0.2.4"
+#ugc-scraper = { path = "../", version = "*" }
+ugc-scraper = "0.3.0"
 axum = "0.6.20"
 steamid-ng = "1.0.0"
 thiserror = "1.0.50"
--- a/flake.lock
+++ b/flake.lock
@ -22,16 +22,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1699994397,
-        "narHash": "sha256-xxNeIcMNMXH2EA9IAX6Cny+50mvY22LhIBiGZV363gc=",
+        "lastModified": 1708161998,
+        "narHash": "sha256-6KnemmUorCvlcAvGziFosAVkrlWZGIc6UNT9GUYr0jQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d4b5a67bbe9ef750bd2fdffd4cad400dd5553af8",
+        "rev": "84d981bae8b5e783b3b548de505b22880559515f",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-23.05",
+        "ref": "nixos-23.11",
        "type": "indirect"
      }
    },
@ -53,11 +53,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1700100993,
-        "narHash": "sha256-Zc//DbR3eMGajG09iQUMTO/Tc/fdUYmTAzXYdxx5MKw=",
+        "lastModified": 1708241671,
+        "narHash": "sha256-zSulX9tP4R35Y8A842dGSzaHMVP91W2Ry0SXvQKD2BQ=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "b7a041430733fccaa1ffc3724bb9454289d0f701",
+        "rev": "d500e370b26f9b14303cb39bf1509df0a920c8b0",
        "type": "github"
      },
      "original": {
@ -86,11 +86,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1694529238,
-        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -1,6 +1,6 @@
 {
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.05";
+    nixpkgs.url = "nixpkgs/nixos-23.11";
    utils.url = "github:numtide/flake-utils";
    naersk.url = "github:nix-community/naersk";
    naersk.inputs.nixpkgs.follows = "nixpkgs";
@ -17,7 +17,10 @@
    rust-overlay,
  }:
    utils.lib.eachDefaultSystem (system: let
-      overlays = [(import rust-overlay)];
+      overlays = [
+        (import rust-overlay)
+        (import ./overlay.nix)
+      ];
      pkgs = (import nixpkgs) {
        inherit system overlays;
      };
@ -46,12 +49,12 @@
      ];

      nearskOpt = {
-        pname = "vbsp";
+        pname = "ugc-scraper";
        root = src;
        nativeBuildInputs = deps;
      };
    in rec {
-      packages = {
+      packages = rec {
        check = naersk'.buildPackage (nearskOpt
          // {
            mode = "check";
@ -69,6 +72,8 @@
          // {
            mode = "check";
          });
+        inherit (pkgs) ugc-api-server;
+        default = ugc-api-server;
      };

      devShells = let
@ -83,11 +88,28 @@
        ];
      in {
        default = mkShell {
+          OPENSSL_NO_VENDOR = 1;
          nativeBuildInputs = [toolchain] ++ tools ++ deps;
        };
        msrv = mkShell {
+          OPENSSL_NO_VENDOR = 1;
          nativeBuildInputs = [msrvToolchain] ++ tools ++ deps;
        };
      };
-    });
+    })
+    // {
+      overlays.default = import ./overlay.nix;
+      nixosModules.default = {
+        pkgs,
+        config,
+        lib,
+        ...
+      }: {
+        imports = [./module.nix];
+        config = lib.mkIf config.services.ugc-api-server.enable {
+          nixpkgs.overlays = [self.overlays.default];
+          services.ugc-api-server.package = lib.mkDefault pkgs.ugc-api-server;
+        };
+      };
+    };
 }
--- a/module.nix
+++ b/module.nix
@ -0,0 +1,69 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.ugc-api-server;
+in {
+  options.services.ugc-api-server = {
+    enable = mkEnableOption "ugc api server";
+
+    logLevel = mkOption {
+      type = types.str;
+      default = "INFO";
+      description = "log level";
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 10333;
+      description = "port to listen to";
+    };
+
+    package = mkOption {
+      type = types.package;
+      description = "package to use";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services."ugc-api-server" = {
+      wantedBy = ["multi-user.target"];
+      after = ["network-online.target"];
+      wants = ["network-online.target"];
+      environment = {
+        RUST_LOG = cfg.logLevel;
+      };
+
+      serviceConfig = {
+        ExecStart = "${cfg.package}/bin/ugc-api-server";
+        Restart = "on-failure";
+        DynamicUser = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        ProtectClock = true;
+        CapabilityBoundingSet = true;
+        ProtectKernelLogs = true;
+        ProtectControlGroups = true;
+        SystemCallArchitectures = "native";
+        ProtectKernelModules = true;
+        RestrictNamespaces = true;
+        MemoryDenyWriteExecute = true;
+        ProtectHostname = true;
+        LockPersonality = true;
+        ProtectKernelTunables = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictRealtime = true;
+        ProtectProc = "noaccess";
+        SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
+        PrivateUsers = true;
+        ProcSubset = "pid";
+      };
+    };
+  };
+}
--- a/overlay.nix
+++ b/overlay.nix
@ -0,0 +1,3 @@
+final: prev: {
+  ugc-api-server = final.callPackage ./package.nix {};
+}
--- a/package.nix
+++ b/package.nix
@ -0,0 +1,32 @@
+{
+  rustPlatform,
+  openssl,
+  pkg-config,
+  lib,
+}: let
+  inherit (lib.sources) sourceByRegex;
+  inherit (builtins) fromTOML readFile;
+  src = sourceByRegex ./api-server ["Cargo.*" "(src)(/.*)?" "README.md"];
+  version = (fromTOML (readFile api-server/Cargo.toml)).package.version;
+in
+  rustPlatform.buildRustPackage rec {
+    pname = "ugc-api-server";
+
+    inherit src version;
+
+    buildInputs = [
+      openssl
+    ];
+
+    nativeBuildInputs = [
+      pkg-config
+    ];
+
+    OPENSSL_NO_VENDOR = 1;
+
+    doCheck = false;
+
+    cargoLock = {
+      lockFile = ./api-server/Cargo.lock;
+    };
+  }