nix: Drop nix cruft
Diff
flake.lock | 166 --------------------------------------------------------------------------------
flake.nix | 199 --------------------------------------------------------------------------------
grammars.nix | 132 --------------------------------------------------------------------------------
treefmt.nix | 12 ------------
.github/dependabot.yml | 13 -------------
.github/workflows/audit.yml | 17 -----------------
.github/workflows/audit_cron.yml | 14 --------------
.github/workflows/cachix.yml | 23 -----------------------
.github/workflows/ci.yml | 34 ----------------------------------
.github/workflows/docker-publish.yml | 45 ---------------------------------------------
10 files changed, 655 deletions(-)
@@ -1,166 +1,0 @@
{
"nodes": {
"advisory-db": {
"flake": false,
"locked": {
"lastModified": 1747937073,
"narHash": "sha256-52H8P6jAHEwRvg7rXr4Z7h1KHZivO8T1Z9tN6R0SWJg=",
"owner": "rustsec",
"repo": "advisory-db",
"rev": "bccf313a98c034573ac4170e6271749113343d97",
"type": "github"
},
"original": {
"owner": "rustsec",
"repo": "advisory-db",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1748047550,
"narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "b718a78696060df6280196a6f992d04c87a16aef",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"helix": {
"flake": false,
"locked": {
"lastModified": 1727654850,
"narHash": "sha256-du6Vy5Yxy6aZFP7ad5guz5GOD/8uMY+Pgse1ZM+K2Jo=",
"owner": "JordanForks",
"repo": "helix",
"rev": "1603715cc91bf6fdffb4aedfb5b76fb69fd10e28",
"type": "github"
},
"original": {
"owner": "JordanForks",
"repo": "helix",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737420293,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1748159586,
"narHash": "sha256-xeCMAhKjhDjVFsfJcftv+CWcExYo+X8IBUW8L947ww4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7382d075365a977c4a9c8aa4c5e4abed15f00ee1",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1745377448,
"narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"advisory-db": "advisory-db",
"crane": "crane",
"helix": "helix",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs",
"treefmt-nix": "treefmt-nix",
"utils": "utils"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1747912973,
"narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}
@@ -1,199 +1,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs";
crane.url = "github:ipetkov/crane";
utils.url = "github:numtide/flake-utils";
treefmt-nix.url = "github:numtide/treefmt-nix";
advisory-db = {
url = "github:rustsec/advisory-db";
flake = false;
};
helix = {
url = "github:JordanForks/helix";
flake = false;
};
nix-github-actions = {
url = "github:nix-community/nix-github-actions";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, utils, crane, advisory-db, treefmt-nix, helix, nix-github-actions }:
{
githubActions = nix-github-actions.lib.mkGithubMatrix {
checks =
builtins.mapAttrs
(name: value: if name != "x86_64-linux" then removeAttrs value [ "clippy" "audit" "formatting" "doc" ] else value)
{ inherit (self.checks) x86_64-linux aarch64-darwin; };
};
}
//
utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
craneLib = crane.mkLib pkgs;
cargoOnlySrc = craneLib.cleanCargoSource ./.;
src = pkgs.lib.fileset.toSource {
root = ./.;
fileset = pkgs.lib.fileset.unions [
./.cargo
./Cargo.toml
./Cargo.lock
./tree-sitter-grammar-repository
./src
./statics
./templates
./themes
./deny.toml
./build.rs
];
};
rgit-grammar = pkgs.callPackage ./grammars.nix { inherit helix; };
commonArgs = {
inherit src;
strictDeps = true;
buildInputs = pkgs.lib.optionals pkgs.stdenv.isDarwin [ pkgs.libiconv ];
nativeBuildInputs = with pkgs; [ cmake clang makeBinaryWrapper ];
LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib";
ROCKSDB_LIB_DIR = "${pkgs.rocksdb}/lib";
SNAPPY_LIB_DIR = "${pkgs.snappy}/lib";
};
cargoArtifacts = craneLib.buildDepsOnly (commonArgs // { src = cargoOnlySrc; });
buildArgs = commonArgs // {
inherit cargoArtifacts;
buildInputs = [ rgit-grammar ] ++ commonArgs.buildInputs;
TREE_SITTER_GRAMMAR_LIB_DIR = rgit-grammar;
};
rgit = craneLib.buildPackage (buildArgs // {
doCheck = false;
postInstall = ''
wrapProgram $out/bin/rgit \
--set PATH ${pkgs.lib.makeBinPath [ pkgs.gitMinimal ]}
'';
});
treefmt = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
in
{
checks = {
build = rgit;
clippy = craneLib.cargoClippy buildArgs;
doc = craneLib.cargoDoc buildArgs;
audit = craneLib.cargoAudit { inherit advisory-db; src = cargoOnlySrc; };
deny = craneLib.cargoDeny { inherit src; };
test = craneLib.cargoNextest (buildArgs // {
partitions = 1;
partitionType = "count";
});
formatting = treefmt.config.build.check self;
};
formatter = treefmt.config.build.wrapper;
packages.default = rgit;
apps.default = utils.lib.mkApp { drv = rgit; };
devShells.default = craneLib.devShell {
checks = self.checks.${system};
packages = with pkgs; [ rust-analyzer clang ];
RUST_SRC_PATH = pkgs.rustPlatform.rustLibSrc;
LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib";
TREE_SITTER_GRAMMAR_LIB_DIR = rgit-grammar;
ROCKSDB_LIB_DIR = "${pkgs.rocksdb}/lib";
SNAPPY_LIB_DIR = "${pkgs.snappy}/lib";
};
nixosModules.default = { config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.rgit;
in
{
options.services.rgit = {
enable = mkEnableOption "rgit";
bindAddress = mkOption {
default = "[::]:8333";
description = "Address and port to listen on";
type = types.str;
};
dbStorePath = mkOption {
default = "/tmp/rgit.db";
description = "Path to store the temporary cache";
type = types.path;
};
repositoryStorePath = mkOption {
default = "/git";
description = "Path to repositories";
type = types.path;
};
requestTimeout = mkOption {
default = "10s";
description = "Timeout for incoming HTTP requests";
type = types.str;
};
package = mkOption {
default = rgit;
description = "rgit package to use";
type = types.package;
};
};
config = mkIf cfg.enable {
users.groups.rgit = { };
users.users.rgit = {
description = "RGit service user";
group = "rgit";
isSystemUser = true;
home = "/git";
};
systemd.services.rgit = {
enable = true;
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
path = [ pkgs.git ];
serviceConfig = {
Type = "exec";
ExecStart = "${cfg.package}/bin/rgit --request-timeout ${cfg.requestTimeout} --db-store ${cfg.dbStorePath} ${cfg.bindAddress} ${cfg.repositoryStorePath}";
Restart = "on-failure";
User = "rgit";
Group = "rgit";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
PrivateMounts = true;
ProtectHome = true;
ProtectClock = true;
ProtectProc = "noaccess";
ProcSubset = "pid";
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectHostname = true;
RestrictSUIDSGID = true;
RestrictRealtime = true;
RestrictNamespaces = true;
LockPersonality = true;
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
SystemCallFilter = [ "@system-service" "~@privileged" ];
};
};
};
};
});
nixConfig = {
extra-substituters = [ "https://rgit.cachix.org" ];
extra-trusted-public-keys = [ "rgit.cachix.org-1:3Wva/GHhrlhbYx+ObbEYQSYq1Yzk8x9OAvEvcYazgL0=" ];
};
}
@@ -1,132 +1,0 @@
{ stdenv
, lib
, runCommand
, includeGrammarIf ? _: true
, grammarOverlays ? [ ]
, helix
, ...
}:
let
languagesConfig = builtins.fromTOML (builtins.readFile "${helix}/languages.toml");
isGitGrammar = grammar:
builtins.hasAttr "source" grammar
&& builtins.hasAttr "git" grammar.source
&& builtins.hasAttr "rev" grammar.source;
isGitHubGrammar = grammar: lib.hasPrefix "https://github.com" grammar.source.git;
toGitHubFetcher = url:
let
match = builtins.match "https://github\.com/([^/]*)/([^/]*)/?" url;
in
{
owner = builtins.elemAt match 0;
repo = builtins.elemAt match 1;
};
useGrammar = grammar:
if languagesConfig?use-grammars.only then
builtins.elem grammar.name languagesConfig.use-grammars.only
else if languagesConfig?use-grammars.except then
!(builtins.elem grammar.name languagesConfig.use-grammars.except)
else true;
grammarsToUse = builtins.filter useGrammar languagesConfig.grammar;
gitGrammars = builtins.filter isGitGrammar grammarsToUse;
buildGrammar = grammar:
let
gh = toGitHubFetcher grammar.source.git;
sourceGit = builtins.fetchTree {
type = "git";
url = grammar.source.git;
inherit (grammar.source) rev;
ref = grammar.source.ref or "HEAD";
shallow = true;
};
sourceGitHub = builtins.fetchTree {
type = "github";
inherit (gh) owner;
inherit (gh) repo;
inherit (grammar.source) rev;
};
source =
if isGitHubGrammar grammar
then sourceGitHub
else sourceGit;
in
stdenv.mkDerivation {
pname = "tree-sitter-${grammar.name}";
version = grammar.source.rev;
src = source;
sourceRoot =
if builtins.hasAttr "subpath" grammar.source then
"source/${grammar.source.subpath}"
else
"source";
dontConfigure = true;
FLAGS = [
"-Isrc"
"-g"
"-O3"
"-fPIC"
"-fno-exceptions"
"-Wl,-z,relro,-z,now"
];
NAME = "libtree-sitter-${grammar.name}";
buildPhase = ''
runHook preBuild
if [[ -e src/scanner.cc ]]; then
$CXX -c src/scanner.cc -o scanner.o $FLAGS
elif [[ -e src/scanner.c ]]; then
$CC -c src/scanner.c -o scanner.o $FLAGS
fi
$CC -c src/parser.c -o parser.o $FLAGS
$CXX -shared${lib.optionalString stdenv.isDarwin " -install_name $out/$NAME.so"} -o $NAME.so *.o
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir $out
mv $NAME.so $out/
runHook postInstall
'';
fixupPhase = lib.optionalString stdenv.isLinux ''
runHook preFixup
$STRIP $out/$NAME.so
runHook postFixup
'';
};
grammarsToBuild = builtins.filter includeGrammarIf gitGrammars;
builtGrammars = builtins.map
(grammar: {
inherit (grammar) name;
value = buildGrammar grammar;
})
grammarsToBuild;
extensibleGrammars =
lib.makeExtensible (self: builtins.listToAttrs builtGrammars);
overlayedGrammars = lib.pipe extensibleGrammars
(builtins.map (overlay: grammar: grammar.extend overlay) grammarOverlays);
grammarLinks = lib.mapAttrsToList
(name: artifact: "ln -s ${artifact}/libtree-sitter-${name}.so $out/libtree-sitter-${name}.so")
(lib.filterAttrs (n: v: lib.isDerivation v) overlayedGrammars);
in
runCommand "consolidated-rit-grammars" { } ''
mkdir -p $out
${builtins.concatStringsSep "\n" grammarLinks}
ln -s "${helix}/languages.toml" "$out/languages.toml"
ln -s "${helix}/runtime/queries" "$out/queries"
''
@@ -1,12 +1,0 @@
{ pkgs, ... }:
{
projectRootFile = "flake.nix";
programs = {
nixpkgs-fmt.enable = true;
statix.enable = true;
rustfmt.enable = true;
taplo.enable = true;
shellcheck.enable = true;
};
}
@@ -1,13 +1,0 @@
version: 2
updates:
- package-ecosystem: "cargo"
directory: "/"
open-pull-requests-limit: 20
schedule:
interval: "monthly"
@@ -1,17 +1,0 @@
name: Security audit
on:
push:
paths:
- '**/Cargo.toml'
- '**/Cargo.lock'
jobs:
security_audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions-rs/audit-check@v1
continue-on-error: true
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -1,14 +1,0 @@
name: Security audit (cron)
on:
schedule:
- cron: '0 0 * * *'
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
@@ -1,23 +1,0 @@
name: Cachix
on:
push:
branches:
- main
jobs:
publish:
name: Publish Flake
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: Install nix
uses: cachix/install-nix-action@v30
- name: Authenticate with Cachix
uses: cachix/cachix-action@v15
with:
name: rgit
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build nix flake
run: nix build -L
@@ -1,34 +1,0 @@
on: [push, pull_request]
name: CI
jobs:
nix-matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
- id: set-matrix
name: Generate Nix Matrix
run: |
set -Eeu
matrix="$(nix eval --json '.#githubActions.matrix')"
echo "matrix=$matrix" >> "$GITHUB_OUTPUT"
check:
name: ${{ matrix.name }} (${{ matrix.system }})
needs: nix-matrix
runs-on: ${{ matrix.os }}
strategy:
matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
- name: Authenticate with Cachix
uses: cachix/cachix-action@v15
with:
name: rgit
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- run: nix build -L '.#${{ matrix.attr }}'
@@ -1,45 +1,0 @@
name: Docker
on:
schedule:
- cron: '45 20 * * *'
push:
branches: [ main ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}