flake reorg

2026-06-03 10:04:07 +02:00 · 2024-12-21 14:54:00 +01:00 · 2024-12-21 14:54:00 +01:00 · 9802f5c405
commit 9802f5c405
parent 74c0678d0b
13 changed files with 131 additions and 397 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,4 +1,4 @@
-on: [ push, pull_request ]
+on: [push, pull_request]
 name: CI
@ -12,71 +12,5 @@ jobs:
        with:
          name: ci
          instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
+          authToken: "${{ secrets.ATTIC_TOKEN }}"
-      - run: nix build .#check
+      - run: nix flake check --keep-going
  clippy:
    runs-on: ubuntu-latest
    needs: check
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v27
      - uses: icewind1991/attic-action@v1
        with:
          name: ci
          instance: https://cache.icewind.me
          authToken: '${{ secrets.ATTIC_TOKEN }}'
      - run: nix build .#clippy
  build:
    runs-on: ubuntu-latest
    needs: check
    strategy:
      fail-fast: false
      matrix:
        target:
          - x86_64-unknown-linux-gnu
          - x86_64-unknown-linux-musl
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v27
      - uses: icewind1991/attic-action@v1
        with:
          name: ci
          instance: https://cache.icewind.me
          authToken: '${{ secrets.ATTIC_TOKEN }}'
      - run: nix build .#${{ matrix.target }}
      - uses: actions/upload-artifact@v3
        with:
          name: palantir-${{ matrix.target }}
          path: result/bin/*
  build-nixpkgs:
    runs-on: ubuntu-latest
    needs: check
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v27
      - uses: icewind1991/attic-action@v1
        with:
          name: ci
          instance: https://cache.icewind.me
          authToken: '${{ secrets.ATTIC_TOKEN }}'
      - run: nix build .#dispenser
  docker:
    runs-on: ubuntu-latest
    needs: build-nixpkgs
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v27
      - uses: icewind1991/attic-action@v1
        with:
          name: ci
          instance: https://cache.icewind.me
          authToken: '${{ secrets.ATTIC_TOKEN }}'
      - run: nix build .#dockerImage
      - name: Push image
        if: github.ref == 'refs/heads/main'
        run: |
          skopeo copy --dest-creds="${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" "docker-archive:$(nix build .#dockerImage --print-out-paths)" "docker://spiretf/dispenser"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -1,27 +0,0 @@
 name: Release
 on:
  release:
    types: [ created ]
 jobs:
  release-binaries:
    name: Build release binaries
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v27
      - uses: icewind1991/attic-action@v1
        with:
          name: ci
          instance: https://cache.icewind.me
          authToken: '${{ secrets.ATTIC_TOKEN }}'
      - run: nix build .#x86_64-unknown-linux-musl
      - name: Upload binary to release
        uses: svenstaro/upload-release-action@v2
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: result/bin/dispenser
          asset_name: dispenser
          tag: ${{ github.ref }}
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 [[package]]
 name = "addr2line"
@ -30,15 +30,6 @@ dependencies = [
 "opaque-debug",
 ]
 [[package]]
 name = "aho-corasick"
 version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
 dependencies = [
 "memchr",
 ]
 [[package]]
 name = "android-tzdata"
 version = "0.1.1"
@ -474,7 +465,6 @@ dependencies = [
 "futures-util",
 "main_error",
 "petname",
 "pretty_env_logger",
 "rcon",
 "reqwest",
 "secretfile",
@ -505,19 +495,6 @@ version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b"
 [[package]]
 name = "env_logger"
 version = "0.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580"
 dependencies = [
 "humantime",
 "is-terminal",
 "log",
 "regex",
 "termcolor",
 ]
 [[package]]
 name = "equivalent"
 version = "1.0.1"
@ -747,12 +724,6 @@ version = "1.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0e7a4dd27b9476dc40cb050d3632d3bba3a70ddbff012285f7f8559a1e7e545"
 [[package]]
 name = "humantime"
 version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
 [[package]]
 name = "hyper"
 version = "1.3.1"
@ -987,17 +958,6 @@ version = "2.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3"
 [[package]]
 name = "is-terminal"
 version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b"
 dependencies = [
 "hermit-abi",
 "libc",
 "windows-sys 0.52.0",
 ]
 [[package]]
 name = "is_terminal_polyfill"
 version = "1.70.0"
@ -1306,16 +1266,6 @@ version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
 [[package]]
 name = "pretty_env_logger"
 version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "865724d4dbe39d9f3dd3b52b88d859d66bcb2d6a0acfd5ea68a65fb66d4bdc1c"
 dependencies = [
 "env_logger",
 "log",
 ]
 [[package]]
 name = "proc-macro-error"
 version = "1.0.4"
@ -1409,35 +1359,6 @@ dependencies = [
 "thiserror",
 ]
 [[package]]
 name = "regex"
 version = "1.10.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f"
 dependencies = [
 "aho-corasick",
 "memchr",
 "regex-automata",
 "regex-syntax",
 ]
 [[package]]
 name = "regex-automata"
 version = "0.4.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df"
 dependencies = [
 "aho-corasick",
 "memchr",
 "regex-syntax",
 ]
 [[package]]
 name = "regex-syntax"
 version = "0.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b"
 [[package]]
 name = "reqwest"
 version = "0.12.4"
@ -1765,15 +1686,6 @@ dependencies = [
 "syn 2.0.66",
 ]
 [[package]]
 name = "termcolor"
 version = "1.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755"
 dependencies = [
 "winapi-util",
 ]
 [[package]]
 name = "thiserror"
 version = "1.0.61"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -17,7 +17,6 @@ petname = "2.0.2"
 thrussh = "=0.34.0" # 0.34.1 broke password auth?
 thrussh-keys = "0.22.1"
 futures-util = "0.3.30"
 pretty_env_logger = "0.5.0"
 cron = "0.12.1"
 rcon = { version = "0.6.0", features = ["rt-tokio"] }
 tracing = "0.1.40"
--- a/20
+++ b/20
@ -1,20 +0,0 @@
 FROM ekidd/rust-musl-builder AS build
 COPY Cargo.toml Cargo.lock ./
 # Build with a dummy main to pre-build dependencies
 RUN mkdir src && \
 echo "fn main(){}" > src/main.rs && \
 cargo build --release && \
 rm -r src
 COPY src ./src/
 RUN sudo chown -R rust:rust . && \
 touch src/main.rs && \
 cargo build --release
 FROM scratch
 COPY --from=build /home/rust/src/target/x86_64-unknown-linux-musl/release/dispenser /
 CMD ["/dispenser", "/config.toml"]
--- a/README.md
+++ b/README.md
@ -18,7 +18,7 @@ This does mean that if the program is (re-)started while a server is already act
 start and destroy any server because it can't be sure it should control the running server.
 You'll need to manually destroy the existing server in that case.
-You can overwrite this behavior by setting `manage_existing = true` in your `config.toml`,  
+You can overwrite this behavior by setting `manage_existing = true` in your `config.toml`,
 ## Manual usage
@ -50,11 +50,11 @@ If you want to store your config file in version control but don't want to store
 you can choose to load the secrets from other files by specifying the secret as an absolute path.
 This can be done for the following config options:
-  `server.demostf_key`, `server.logstf_key`, `vultr.api_key`, `digitalocean.api_key` and `dyndns.password`.
+`server.demostf_key`, `server.logstf_key`, `vultr.api_key`, `digitalocean.api_key` and `dyndns.password`.
 ## TODO
 - [x] don't blindly kill server if there are players connected
 - [ ] kill the server earlier if everyone disconnected
 - [x] digital ocean backend
- [ ] more backends?
+- [ ] more backends?
--- a/flake.lock
+++ b/flake.lock
@ -1,63 +1,98 @@
 {
  "nodes": {
-    "naersk": {
+    "crane": {
      "locked": {
        "lastModified": 1733688869,
        "narHash": "sha256-KrhxxFj1CjESDrL5+u/zsVH0K+Ik9tvoac/oFPoxSB8=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "604637106e420ad99907cae401e13ab6b452e7d9",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "flakelight": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1717067539,
+        "lastModified": 1734353159,
-        "narHash": "sha256-oIs5EF+6VpHJRvvpVWuqCYJMMVW/6h59aYUv9lABLtY=",
+        "narHash": "sha256-TDCUemm0azypG46OnVNISAcz6LDuMnD8rixps1NejfQ=",
        "owner": "nix-community",
-        "repo": "naersk",
+        "repo": "flakelight",
-        "rev": "fa19d8c135e776dc97f4dcca08656a0eeb28d5c0",
+        "rev": "8ea81fa76945397adb766e1f249238bab6e72079",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "repo": "naersk",
+        "repo": "flakelight",
        "type": "github"
      }
    },
    "mill-scale": {
      "inputs": {
        "crane": "crane",
        "flakelight": [
          "flakelight"
        ],
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1734789971,
        "narHash": "sha256-Krf10FGET5NRfrWcQjaaSpo6cSXM2Wyl84DqHttNghw=",
        "owner": "icewind1991",
        "repo": "mill-scale",
        "rev": "ad3de3f1708ae23e9ebf2b4ef0f787366ddc45ee",
        "type": "github"
      },
      "original": {
        "owner": "icewind1991",
        "repo": "mill-scale",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1718308668,
+        "lastModified": 1734600368,
-        "narHash": "sha256-bIiBteaAwucl3iXUX6MtnUV2c7VBBIJgcSUEa35zvuk=",
+        "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "171d55c5959ef046f1fc05f9b68faa844c457f5b",
+        "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "release-24.05",
+        "ref": "nixos-24.11",
        "type": "indirect"
      }
    },
    "root": {
      "inputs": {
-        "naersk": "naersk",
+        "flakelight": "flakelight",
-        "nixpkgs": "nixpkgs",
+        "mill-scale": "mill-scale",
-        "rust-overlay": "rust-overlay",
+        "nixpkgs": "nixpkgs"
        "utils": "utils"
      }
    },
    "rust-overlay": {
      "inputs": {
        "flake-utils": [
          "utils"
        ],
        "nixpkgs": [
          "mill-scale",
          "flakelight",
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1718245100,
+        "lastModified": 1733884434,
-        "narHash": "sha256-ETm3A2nUVEUwVQ30fj3ePK4rqsSbSnY4uP4LYrFrDNE=",
+        "narHash": "sha256-8GXR9kC07dyOIshAyfZhG11xfvBRSZzYghnZ2weOKJU=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "4cbc2810d1dfb5960791be92df6a5f842a79bdfb",
+        "rev": "d0483df44ddf0fd1985f564abccbe568e020ddf2",
        "type": "github"
      },
      "original": {
@ -65,39 +100,6 @@
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -1,94 +1,29 @@
 {
  inputs = {
-    utils.url = "github:numtide/flake-utils";
+    nixpkgs.url = "nixpkgs/nixos-24.11";
-    naersk.url = "github:nix-community/naersk";
+    flakelight = {
-    naersk.inputs.nixpkgs.follows = "nixpkgs";
+      url = "github:nix-community/flakelight";
-    nixpkgs.url = "nixpkgs/release-24.05";
+      inputs.nixpkgs.follows = "nixpkgs";
    rust-overlay.url = "github:oxalica/rust-overlay";
    rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
    rust-overlay.inputs.flake-utils.follows = "utils";
  };
  outputs = {
    self,
    nixpkgs,
    utils,
    naersk,
    rust-overlay,
  }:
    utils.lib.eachDefaultSystem (system: let
      lib = nixpkgs.lib;
      overlays = [
        (import rust-overlay)
        (import ./overlay.nix)
      ];
      pkgs = (import nixpkgs) {
        inherit system overlays;
      };
      hostTarget = pkgs.hostPlatform.config;
      targets = ["x86_64-unknown-linux-musl" hostTarget];
      naerskForTarget = target: let
        toolchain = pkgs.rust-bin.stable.latest.default.override {targets = [target];};
      in
        pkgs.callPackage naersk {
          cargo = toolchain;
          rustc = toolchain;
        };
      hostNaersk = naerskForTarget hostTarget;
      nearskOpt = {
        pname = "dispenser";
        inherit (pkgs.dispenser) src;
        nativeBuildInputs = with pkgs; [
          libsodium
          pkg-config
        ];
      };
    in rec {
      packages =
        (lib.attrsets.genAttrs targets (target: (naerskForTarget target).buildPackage nearskOpt))
        // rec {
          dispenser = pkgs.dispenser;
          check = hostNaersk.buildPackage (nearskOpt // {checkOnly = true;});
          test = hostNaersk.buildPackage (nearskOpt // {testOnly = true;});
          clippy = hostNaersk.buildPackage (nearskOpt // {clippyOnly = true;});
          dockerImage = pkgs.dockerTools.buildImage {
            name = "spiretf/dispenser";
            tag = "latest";
            copyToRoot = [dispenser];
            config = {
              Cmd = ["${dispenser}/bin/dispenser" "/config.toml"];
            };
          };
          default = dispenser;
        };
      devShells.default = pkgs.mkShell {
        nativeBuildInputs = with pkgs;
          [
            rust-bin.stable.latest.default
            bacon
            skopeo
            cargo-edit
          ]
          ++ nearskOpt.nativeBuildInputs;
      };
    })
    // {
      overlays.default = import ./overlay.nix;
      nixosModules.default = {
        pkgs,
        config,
        lib,
        ...
      }: {
        imports = [./module.nix];
        config = lib.mkIf config.services.dispenser.enable {
          nixpkgs.overlays = [self.overlays.default];
          services.dispenser.package = lib.mkDefault pkgs.dispenser;
        };
      };
    };
    mill-scale = {
      url = "github:icewind1991/mill-scale";
      inputs.flakelight.follows = "flakelight";
    };
  };
  outputs = { mill-scale, ... }: mill-scale ./. {
    nixosModules = { outputs, ... }: {
      default =
        { pkgs
        , config
        , lib
        , ...
        }: {
          imports = [ ./module.nix ];
          config = {
            nixpkgs.overlays = [ outputs.overlays.default ];
            services.dispenser.package = lib.mkDefault pkgs.dispenser;
          };
        };
    };
  };
 }
--- a/nix/module.nix
+++ b/nix/module.nix
@ -1,17 +1,17 @@
-{
+{ config
-  config,
+, lib
-  lib,
+, pkgs
-  pkgs,
+, ...
  ...
 }:
 with lib; let
  cfg = config.services.dispenser;
-  format = pkgs.formats.toml {};
+  format = pkgs.formats.toml { };
  configFile = format.generate "dispenser.toml" (filterAttrs (n: v: v != null) {
    inherit (cfg) server vultr dyndns schedule;
    digital_ocean = cfg.digitalocean;
  });
-in {
+in
 {
  options.services.dispenser = {
    enable = mkEnableOption "Enables the dispenser service";
@ -168,7 +168,7 @@ in {
  config = mkIf cfg.enable {
    systemd.services.dispenser = {
-      wantedBy = ["multi-user.target"];
+      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        ExecStart = "${cfg.package}/bin/dispenser ${configFile}";
@ -193,7 +193,7 @@ in {
        RestrictAddressFamilies = "AF_INET AF_INET6";
        RestrictRealtime = true;
        ProtectProc = "noaccess";
-        SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
+        SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
        IPAddressDeny = "localhost link-local multicast";
      };
    };
@ -201,7 +201,7 @@ in {
    environment.systemPackages = [
      (pkgs.writeShellApplication {
        name = "dispenser-cli";
-        runtimeInputs = [cfg.package];
+        runtimeInputs = [ cfg.package ];
        text = ''
          ${cfg.package}/bin/dispenser ${configFile} "$@"
--- a/nix/overlay.nix
+++ b/nix/overlay.nix
@ -0,0 +1,3 @@
 final: prev: {
  dispenser = final.callPackage ./package.nix { };
 }
--- a/nix/package.nix
+++ b/nix/package.nix
@ -0,0 +1,34 @@
 { stdenv
 , rustPlatform
 , libsodium
 , pkg-config
 , lib
 , rust-bin
 ,
 }:
 let
  inherit (lib.sources) sourceByRegex;
  inherit (builtins) fromTOML readFile;
  src = sourceByRegex ../. [ "Cargo.*" "(src)(/.*)?" ];
  cargoPackage = (fromTOML (readFile ../Cargo.toml)).package;
 in
 rustPlatform.buildRustPackage rec {
  pname = cargoPackage.name;
  inherit (cargoPackage) version;
  inherit src;
  buildInputs = [
    libsodium
  ];
  nativeBuildInputs = [
    pkg-config
  ];
  doCheck = false;
  cargoLock = {
    lockFile = ../Cargo.lock;
  };
 }
--- a/overlay.nix
+++ b/overlay.nix
@ -1,3 +0,0 @@
 final: prev: {
  dispenser = final.callPackage ./package.nix {};
 }
--- a/package.nix
+++ b/package.nix
@ -1,35 +0,0 @@
 {
  stdenv,
  makeRustPlatform,
  libsodium,
  pkg-config,
  lib,
  rust-bin,
 }: let
  inherit (lib.sources) sourceByRegex;
  rustPlatform = makeRustPlatform {
    cargo = rust-bin.stable.latest.minimal;
    rustc = rust-bin.stable.latest.minimal;
  };
  src = sourceByRegex ./. ["Cargo.*" "(src)(/.*)?"];
 in
  rustPlatform.buildRustPackage rec {
    pname = "dispenser";
    version = "0.1.0";
    inherit src;
    buildInputs = [
      libsodium
    ];
    nativeBuildInputs = [
      pkg-config
    ];
    doCheck = false;
    cargoLock = {
      lockFile = ./Cargo.lock;
    };
  }