flake reorg

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-on: [ push, pull_request ]
+on: [push, pull_request]
 
 name: CI
 
@@ -12,71 +12,5 @@ jobs:
         with:
           name: ci
           instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
+          authToken: "${{ secrets.ATTIC_TOKEN }}"
-      - run: nix build .#check
+      - run: nix flake check --keep-going
-
-  clippy:
-    runs-on: ubuntu-latest
-    needs: check
-    steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v27
-      - uses: icewind1991/attic-action@v1
-        with:
-          name: ci
-          instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
-      - run: nix build .#clippy
-
-  build:
-    runs-on: ubuntu-latest
-    needs: check
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-          - x86_64-unknown-linux-gnu
-          - x86_64-unknown-linux-musl
-    steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v27
-      - uses: icewind1991/attic-action@v1
-        with:
-          name: ci
-          instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
-      - run: nix build .#${{ matrix.target }}
-      - uses: actions/upload-artifact@v3
-        with:
-          name: palantir-${{ matrix.target }}
-          path: result/bin/*
-
-  build-nixpkgs:
-    runs-on: ubuntu-latest
-    needs: check
-    steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v27
-      - uses: icewind1991/attic-action@v1
-        with:
-          name: ci
-          instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
-      - run: nix build .#dispenser
-
-  docker:
-    runs-on: ubuntu-latest
-    needs: build-nixpkgs
-    steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v27
-      - uses: icewind1991/attic-action@v1
-        with:
-          name: ci
-          instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
-      - run: nix build .#dockerImage
-      - name: Push image
-        if: github.ref == 'refs/heads/main'
-        run: |
-          skopeo copy --dest-creds="${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" "docker-archive:$(nix build .#dockerImage --print-out-paths)" "docker://spiretf/dispenser"

.github/workflows/release.yml

@@ -1,27 +0,0 @@
-name: Release
-
-on:
-  release:
-    types: [ created ]
-
-
-jobs:
-  release-binaries:
-    name: Build release binaries
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: cachix/install-nix-action@v27
-      - uses: icewind1991/attic-action@v1
-        with:
-          name: ci
-          instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
-      - run: nix build .#x86_64-unknown-linux-musl
-      - name: Upload binary to release
-        uses: svenstaro/upload-release-action@v2
-        with:
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          file: result/bin/dispenser
-          asset_name: dispenser
-          tag: ${{ github.ref }}

Cargo.lock

@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 
 [[package]]
 name = "addr2line"
@@ -30,15 +30,6 @@ dependencies = [
  "opaque-debug",
 ]
 
-[[package]]
-name = "aho-corasick"
-version = "1.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
-dependencies = [
- "memchr",
-]
-
 [[package]]
 name = "android-tzdata"
 version = "0.1.1"
@@ -474,7 +465,6 @@ dependencies = [
  "futures-util",
  "main_error",
  "petname",
- "pretty_env_logger",
  "rcon",
  "reqwest",
  "secretfile",
@@ -505,19 +495,6 @@ version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b"
 
-[[package]]
-name = "env_logger"
-version = "0.10.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580"
-dependencies = [
- "humantime",
- "is-terminal",
- "log",
- "regex",
- "termcolor",
-]
-
 [[package]]
 name = "equivalent"
 version = "1.0.1"
@@ -747,12 +724,6 @@ version = "1.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0e7a4dd27b9476dc40cb050d3632d3bba3a70ddbff012285f7f8559a1e7e545"
 
-[[package]]
-name = "humantime"
-version = "2.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
-
 [[package]]
 name = "hyper"
 version = "1.3.1"
@@ -987,17 +958,6 @@ version = "2.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3"
 
-[[package]]
-name = "is-terminal"
-version = "0.4.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b"
-dependencies = [
- "hermit-abi",
- "libc",
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "is_terminal_polyfill"
 version = "1.70.0"
@@ -1306,16 +1266,6 @@ version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
 
-[[package]]
-name = "pretty_env_logger"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "865724d4dbe39d9f3dd3b52b88d859d66bcb2d6a0acfd5ea68a65fb66d4bdc1c"
-dependencies = [
- "env_logger",
- "log",
-]
-
 [[package]]
 name = "proc-macro-error"
 version = "1.0.4"
@@ -1409,35 +1359,6 @@ dependencies = [
  "thiserror",
 ]
 
-[[package]]
-name = "regex"
-version = "1.10.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f"
-dependencies = [
- "aho-corasick",
- "memchr",
- "regex-automata",
- "regex-syntax",
-]
-
-[[package]]
-name = "regex-automata"
-version = "0.4.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df"
-dependencies = [
- "aho-corasick",
- "memchr",
- "regex-syntax",
-]
-
-[[package]]
-name = "regex-syntax"
-version = "0.8.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b"
-
 [[package]]
 name = "reqwest"
 version = "0.12.4"
@@ -1765,15 +1686,6 @@ dependencies = [
  "syn 2.0.66",
 ]
 
-[[package]]
-name = "termcolor"
-version = "1.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755"
-dependencies = [
- "winapi-util",
-]
-
 [[package]]
 name = "thiserror"
 version = "1.0.61"

Cargo.toml

@@ -17,7 +17,6 @@ petname = "2.0.2"
 thrussh = "=0.34.0" # 0.34.1 broke password auth?
 thrussh-keys = "0.22.1"
 futures-util = "0.3.30"
-pretty_env_logger = "0.5.0"
 cron = "0.12.1"
 rcon = { version = "0.6.0", features = ["rt-tokio"] }
 tracing = "0.1.40"

Dockerfile

@@ -1,20 +0,0 @@
-FROM ekidd/rust-musl-builder AS build
-
-COPY Cargo.toml Cargo.lock ./
-
-# Build with a dummy main to pre-build dependencies
-RUN mkdir src && \
- echo "fn main(){}" > src/main.rs && \
- cargo build --release && \
- rm -r src
-
-COPY src ./src/
-RUN sudo chown -R rust:rust . && \
- touch src/main.rs && \
- cargo build --release
-
-FROM scratch
-
-COPY --from=build /home/rust/src/target/x86_64-unknown-linux-musl/release/dispenser /
-
-CMD ["/dispenser", "/config.toml"]

README.md

@@ -50,7 +50,7 @@ If you want to store your config file in version control but don't want to store
 you can choose to load the secrets from other files by specifying the secret as an absolute path.
 
 This can be done for the following config options:
-  `server.demostf_key`, `server.logstf_key`, `vultr.api_key`, `digitalocean.api_key` and `dyndns.password`.
+`server.demostf_key`, `server.logstf_key`, `vultr.api_key`, `digitalocean.api_key` and `dyndns.password`.
 
 ## TODO
 

flake.lock

@@ -1,63 +1,98 @@
 {
   "nodes": {
-    "naersk": {
+    "crane": {
+      "locked": {
+        "lastModified": 1733688869,
+        "narHash": "sha256-KrhxxFj1CjESDrL5+u/zsVH0K+Ik9tvoac/oFPoxSB8=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "604637106e420ad99907cae401e13ab6b452e7d9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
+    "flakelight": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1717067539,
+        "lastModified": 1734353159,
-        "narHash": "sha256-oIs5EF+6VpHJRvvpVWuqCYJMMVW/6h59aYUv9lABLtY=",
+        "narHash": "sha256-TDCUemm0azypG46OnVNISAcz6LDuMnD8rixps1NejfQ=",
         "owner": "nix-community",
-        "repo": "naersk",
+        "repo": "flakelight",
-        "rev": "fa19d8c135e776dc97f4dcca08656a0eeb28d5c0",
+        "rev": "8ea81fa76945397adb766e1f249238bab6e72079",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "repo": "naersk",
+        "repo": "flakelight",
+        "type": "github"
+      }
+    },
+    "mill-scale": {
+      "inputs": {
+        "crane": "crane",
+        "flakelight": [
+          "flakelight"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1734789971,
+        "narHash": "sha256-Krf10FGET5NRfrWcQjaaSpo6cSXM2Wyl84DqHttNghw=",
+        "owner": "icewind1991",
+        "repo": "mill-scale",
+        "rev": "ad3de3f1708ae23e9ebf2b4ef0f787366ddc45ee",
+        "type": "github"
+      },
+      "original": {
+        "owner": "icewind1991",
+        "repo": "mill-scale",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1718308668,
+        "lastModified": 1734600368,
-        "narHash": "sha256-bIiBteaAwucl3iXUX6MtnUV2c7VBBIJgcSUEa35zvuk=",
+        "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "171d55c5959ef046f1fc05f9b68faa844c457f5b",
+        "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "release-24.05",
+        "ref": "nixos-24.11",
         "type": "indirect"
       }
     },
     "root": {
       "inputs": {
-        "naersk": "naersk",
+        "flakelight": "flakelight",
-        "nixpkgs": "nixpkgs",
+        "mill-scale": "mill-scale",
-        "rust-overlay": "rust-overlay",
+        "nixpkgs": "nixpkgs"
-        "utils": "utils"
       }
     },
     "rust-overlay": {
       "inputs": {
-        "flake-utils": [
-          "utils"
-        ],
         "nixpkgs": [
+          "mill-scale",
+          "flakelight",
           "nixpkgs"
         ]
       },
       "locked": {
-        "lastModified": 1718245100,
+        "lastModified": 1733884434,
-        "narHash": "sha256-ETm3A2nUVEUwVQ30fj3ePK4rqsSbSnY4uP4LYrFrDNE=",
+        "narHash": "sha256-8GXR9kC07dyOIshAyfZhG11xfvBRSZzYghnZ2weOKJU=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "4cbc2810d1dfb5960791be92df6a5f842a79bdfb",
+        "rev": "d0483df44ddf0fd1985f564abccbe568e020ddf2",
         "type": "github"
       },
       "original": {
@@ -65,39 +100,6 @@
         "repo": "rust-overlay",
         "type": "github"
       }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -1,94 +1,29 @@
 {
   inputs = {
-    utils.url = "github:numtide/flake-utils";
+    nixpkgs.url = "nixpkgs/nixos-24.11";
-    naersk.url = "github:nix-community/naersk";
+    flakelight = {
-    naersk.inputs.nixpkgs.follows = "nixpkgs";
+      url = "github:nix-community/flakelight";
-    nixpkgs.url = "nixpkgs/release-24.05";
+      inputs.nixpkgs.follows = "nixpkgs";
-    rust-overlay.url = "github:oxalica/rust-overlay";
-    rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
-    rust-overlay.inputs.flake-utils.follows = "utils";
-  };
-
-  outputs = {
-    self,
-    nixpkgs,
-    utils,
-    naersk,
-    rust-overlay,
-  }:
-    utils.lib.eachDefaultSystem (system: let
-      lib = nixpkgs.lib;
-      overlays = [
-        (import rust-overlay)
-        (import ./overlay.nix)
-      ];
-      pkgs = (import nixpkgs) {
-        inherit system overlays;
-      };
-      hostTarget = pkgs.hostPlatform.config;
-      targets = ["x86_64-unknown-linux-musl" hostTarget];
-
-      naerskForTarget = target: let
-        toolchain = pkgs.rust-bin.stable.latest.default.override {targets = [target];};
-      in
-        pkgs.callPackage naersk {
-          cargo = toolchain;
-          rustc = toolchain;
-        };
-      hostNaersk = naerskForTarget hostTarget;
-      nearskOpt = {
-        pname = "dispenser";
-
-        inherit (pkgs.dispenser) src;
-
-        nativeBuildInputs = with pkgs; [
-          libsodium
-          pkg-config
-        ];
-      };
-    in rec {
-      packages =
-        (lib.attrsets.genAttrs targets (target: (naerskForTarget target).buildPackage nearskOpt))
-        // rec {
-          dispenser = pkgs.dispenser;
-          check = hostNaersk.buildPackage (nearskOpt // {checkOnly = true;});
-          test = hostNaersk.buildPackage (nearskOpt // {testOnly = true;});
-          clippy = hostNaersk.buildPackage (nearskOpt // {clippyOnly = true;});
-          dockerImage = pkgs.dockerTools.buildImage {
-            name = "spiretf/dispenser";
-            tag = "latest";
-            copyToRoot = [dispenser];
-            config = {
-              Cmd = ["${dispenser}/bin/dispenser" "/config.toml"];
-            };
-          };
-          default = dispenser;
-        };
-
-      devShells.default = pkgs.mkShell {
-        nativeBuildInputs = with pkgs;
-          [
-            rust-bin.stable.latest.default
-            bacon
-            skopeo
-            cargo-edit
-          ]
-          ++ nearskOpt.nativeBuildInputs;
-      };
-    })
-    // {
-      overlays.default = import ./overlay.nix;
-      nixosModules.default = {
-        pkgs,
-        config,
-        lib,
-        ...
-      }: {
-        imports = [./module.nix];
-        config = lib.mkIf config.services.dispenser.enable {
-          nixpkgs.overlays = [self.overlays.default];
-          services.dispenser.package = lib.mkDefault pkgs.dispenser;
-        };
-      };
     };
+    mill-scale = {
+      url = "github:icewind1991/mill-scale";
+      inputs.flakelight.follows = "flakelight";
+    };
+  };
+  outputs = { mill-scale, ... }: mill-scale ./. {
+    nixosModules = { outputs, ... }: {
+      default =
+        { pkgs
+        , config
+        , lib
+        , ...
+        }: {
+          imports = [ ./module.nix ];
+          config = {
+            nixpkgs.overlays = [ outputs.overlays.default ];
+            services.dispenser.package = lib.mkDefault pkgs.dispenser;
+          };
+        };
+    };
+  };
 }

nix/module.nix

@@ -1,17 +1,17 @@
-{
+{ config
-  config,
+, lib
-  lib,
+, pkgs
-  pkgs,
+, ...
-  ...
 }:
 with lib; let
   cfg = config.services.dispenser;
-  format = pkgs.formats.toml {};
+  format = pkgs.formats.toml { };
   configFile = format.generate "dispenser.toml" (filterAttrs (n: v: v != null) {
     inherit (cfg) server vultr dyndns schedule;
     digital_ocean = cfg.digitalocean;
   });
-in {
+in
+{
   options.services.dispenser = {
     enable = mkEnableOption "Enables the dispenser service";
 
@@ -168,7 +168,7 @@ in {
 
   config = mkIf cfg.enable {
     systemd.services.dispenser = {
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
         ExecStart = "${cfg.package}/bin/dispenser ${configFile}";
@@ -193,7 +193,7 @@ in {
         RestrictAddressFamilies = "AF_INET AF_INET6";
         RestrictRealtime = true;
         ProtectProc = "noaccess";
-        SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
+        SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
         IPAddressDeny = "localhost link-local multicast";
       };
     };
@@ -201,7 +201,7 @@ in {
     environment.systemPackages = [
       (pkgs.writeShellApplication {
         name = "dispenser-cli";
-        runtimeInputs = [cfg.package];
+        runtimeInputs = [ cfg.package ];
 
         text = ''
           ${cfg.package}/bin/dispenser ${configFile} "$@"

nix/overlay.nix

@@ -0,0 +1,3 @@
+final: prev: {
+  dispenser = final.callPackage ./package.nix { };
+}

nix/package.nix

@@ -0,0 +1,34 @@
+{ stdenv
+, rustPlatform
+, libsodium
+, pkg-config
+, lib
+, rust-bin
+,
+}:
+let
+  inherit (lib.sources) sourceByRegex;
+  inherit (builtins) fromTOML readFile;
+  src = sourceByRegex ../. [ "Cargo.*" "(src)(/.*)?" ];
+  cargoPackage = (fromTOML (readFile ../Cargo.toml)).package;
+in
+rustPlatform.buildRustPackage rec {
+  pname = cargoPackage.name;
+  inherit (cargoPackage) version;
+
+  inherit src;
+
+  buildInputs = [
+    libsodium
+  ];
+
+  nativeBuildInputs = [
+    pkg-config
+  ];
+
+  doCheck = false;
+
+  cargoLock = {
+    lockFile = ../Cargo.lock;
+  };
+}

overlay.nix

@@ -1,3 +0,0 @@
-final: prev: {
-  dispenser = final.callPackage ./package.nix {};
-}

package.nix

@@ -1,35 +0,0 @@
-{
-  stdenv,
-  makeRustPlatform,
-  libsodium,
-  pkg-config,
-  lib,
-  rust-bin,
-}: let
-  inherit (lib.sources) sourceByRegex;
-  rustPlatform = makeRustPlatform {
-    cargo = rust-bin.stable.latest.minimal;
-    rustc = rust-bin.stable.latest.minimal;
-  };
-  src = sourceByRegex ./. ["Cargo.*" "(src)(/.*)?"];
-in
-  rustPlatform.buildRustPackage rec {
-    pname = "dispenser";
-    version = "0.1.0";
-
-    inherit src;
-
-    buildInputs = [
-      libsodium
-    ];
-
-    nativeBuildInputs = [
-      pkg-config
-    ];
-
-    doCheck = false;
-
-    cargoLock = {
-      lockFile = ./Cargo.lock;
-    };
-  }