From 3dfcb7f0ec622b6f20b9827510869710d4d106df Mon Sep 17 00:00:00 2001 From: Alexander von Gluck Date: Fri, 21 Nov 2025 15:39:02 -0600 Subject: [PATCH] nix: Drop nix cruft --- flake.lock | 166 -------------------------------------------------------------------------------- flake.nix | 199 -------------------------------------------------------------------------------- grammars.nix | 132 -------------------------------------------------------------------------------- treefmt.nix | 12 ------------ .github/dependabot.yml | 13 ------------- .github/workflows/audit.yml | 17 ----------------- .github/workflows/audit_cron.yml | 14 -------------- .github/workflows/cachix.yml | 23 ----------------------- .github/workflows/ci.yml | 34 ---------------------------------- .github/workflows/docker-publish.yml | 45 --------------------------------------------- 10 files changed, 655 deletions(-) diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 3d6543c..0000000 100644 --- a/flake.lock +++ /dev/null @@ -1,166 +1,0 @@ -{ - "nodes": { - "advisory-db": { - "flake": false, - "locked": { - "lastModified": 1747937073, - "narHash": "sha256-52H8P6jAHEwRvg7rXr4Z7h1KHZivO8T1Z9tN6R0SWJg=", - "owner": "rustsec", - "repo": "advisory-db", - "rev": "bccf313a98c034573ac4170e6271749113343d97", - "type": "github" - }, - "original": { - "owner": "rustsec", - "repo": "advisory-db", - "type": "github" - } - }, - "crane": { - "locked": { - "lastModified": 1748047550, - "narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=", - "owner": "ipetkov", - "repo": "crane", - "rev": "b718a78696060df6280196a6f992d04c87a16aef", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "helix": { - "flake": false, - "locked": { - "lastModified": 1727654850, - "narHash": "sha256-du6Vy5Yxy6aZFP7ad5guz5GOD/8uMY+Pgse1ZM+K2Jo=", - "owner": "JordanForks", - "repo": "helix", - "rev": "1603715cc91bf6fdffb4aedfb5b76fb69fd10e28", - "type": "github" - }, - "original": { - "owner": "JordanForks", - "repo": "helix", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737420293, - "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1748159586, - "narHash": "sha256-xeCMAhKjhDjVFsfJcftv+CWcExYo+X8IBUW8L947ww4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7382d075365a977c4a9c8aa4c5e4abed15f00ee1", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1745377448, - "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "advisory-db": "advisory-db", - "crane": "crane", - "helix": "helix", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "treefmt-nix": "treefmt-nix", - "utils": "utils" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1747912973, - "narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index ae07132..0000000 100644 --- a/flake.nix +++ /dev/null @@ -1,199 +1,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs"; - - crane.url = "github:ipetkov/crane"; - utils.url = "github:numtide/flake-utils"; - treefmt-nix.url = "github:numtide/treefmt-nix"; - - advisory-db = { - url = "github:rustsec/advisory-db"; - flake = false; - }; - - helix = { - url = "github:JordanForks/helix"; - flake = false; - }; - - nix-github-actions = { - url = "github:nix-community/nix-github-actions"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = { self, nixpkgs, utils, crane, advisory-db, treefmt-nix, helix, nix-github-actions }: - { - githubActions = nix-github-actions.lib.mkGithubMatrix { - checks = - builtins.mapAttrs - (name: value: if name != "x86_64-linux" then removeAttrs value [ "clippy" "audit" "formatting" "doc" ] else value) - { inherit (self.checks) x86_64-linux aarch64-darwin; }; - }; - } - // - utils.lib.eachDefaultSystem (system: - let - pkgs = import nixpkgs { inherit system; }; - craneLib = crane.mkLib pkgs; - cargoOnlySrc = craneLib.cleanCargoSource ./.; - src = pkgs.lib.fileset.toSource { - root = ./.; - fileset = pkgs.lib.fileset.unions [ - ./.cargo - ./Cargo.toml - ./Cargo.lock - ./tree-sitter-grammar-repository - ./src - ./statics - ./templates - ./themes - ./deny.toml - ./build.rs - ]; - }; - rgit-grammar = pkgs.callPackage ./grammars.nix { inherit helix; }; - commonArgs = { - inherit src; - strictDeps = true; - buildInputs = pkgs.lib.optionals pkgs.stdenv.isDarwin [ pkgs.libiconv ]; - nativeBuildInputs = with pkgs; [ cmake clang makeBinaryWrapper ]; - LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib"; - ROCKSDB_LIB_DIR = "${pkgs.rocksdb}/lib"; - SNAPPY_LIB_DIR = "${pkgs.snappy}/lib"; - }; - cargoArtifacts = craneLib.buildDepsOnly (commonArgs // { src = cargoOnlySrc; }); - buildArgs = commonArgs // { - inherit cargoArtifacts; - buildInputs = [ rgit-grammar ] ++ commonArgs.buildInputs; - TREE_SITTER_GRAMMAR_LIB_DIR = rgit-grammar; - }; - rgit = craneLib.buildPackage (buildArgs // { - doCheck = false; - postInstall = '' - wrapProgram $out/bin/rgit \ - --set PATH ${pkgs.lib.makeBinPath [ pkgs.gitMinimal ]} - ''; - }); - treefmt = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; - in - { - checks = { - build = rgit; - clippy = craneLib.cargoClippy buildArgs; - doc = craneLib.cargoDoc buildArgs; - audit = craneLib.cargoAudit { inherit advisory-db; src = cargoOnlySrc; }; - deny = craneLib.cargoDeny { inherit src; }; - test = craneLib.cargoNextest (buildArgs // { - partitions = 1; - partitionType = "count"; - }); - formatting = treefmt.config.build.check self; - }; - - formatter = treefmt.config.build.wrapper; - - packages.default = rgit; - apps.default = utils.lib.mkApp { drv = rgit; }; - - devShells.default = craneLib.devShell { - checks = self.checks.${system}; - packages = with pkgs; [ rust-analyzer clang ]; - RUST_SRC_PATH = pkgs.rustPlatform.rustLibSrc; - LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib"; - TREE_SITTER_GRAMMAR_LIB_DIR = rgit-grammar; - ROCKSDB_LIB_DIR = "${pkgs.rocksdb}/lib"; - SNAPPY_LIB_DIR = "${pkgs.snappy}/lib"; - }; - - nixosModules.default = { config, lib, pkgs, ... }: - with lib; - let - cfg = config.services.rgit; - in - { - options.services.rgit = { - enable = mkEnableOption "rgit"; - bindAddress = mkOption { - default = "[::]:8333"; - description = "Address and port to listen on"; - type = types.str; - }; - dbStorePath = mkOption { - default = "/tmp/rgit.db"; - description = "Path to store the temporary cache"; - type = types.path; - }; - repositoryStorePath = mkOption { - default = "/git"; - description = "Path to repositories"; - type = types.path; - }; - requestTimeout = mkOption { - default = "10s"; - description = "Timeout for incoming HTTP requests"; - type = types.str; - }; - package = mkOption { - default = rgit; - description = "rgit package to use"; - type = types.package; - }; - }; - - config = mkIf cfg.enable { - users.groups.rgit = { }; - users.users.rgit = { - description = "RGit service user"; - group = "rgit"; - isSystemUser = true; - home = "/git"; - }; - - systemd.services.rgit = { - enable = true; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - path = [ pkgs.git ]; - serviceConfig = { - Type = "exec"; - ExecStart = "${cfg.package}/bin/rgit --request-timeout ${cfg.requestTimeout} --db-store ${cfg.dbStorePath} ${cfg.bindAddress} ${cfg.repositoryStorePath}"; - Restart = "on-failure"; - - User = "rgit"; - Group = "rgit"; - - CapabilityBoundingSet = ""; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - PrivateMounts = true; - ProtectHome = true; - ProtectClock = true; - ProtectProc = "noaccess"; - ProcSubset = "pid"; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectHostname = true; - RestrictSUIDSGID = true; - RestrictRealtime = true; - RestrictNamespaces = true; - LockPersonality = true; - RemoveIPC = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - SystemCallFilter = [ "@system-service" "~@privileged" ]; - }; - }; - }; - }; - }); - - nixConfig = { - extra-substituters = [ "https://rgit.cachix.org" ]; - extra-trusted-public-keys = [ "rgit.cachix.org-1:3Wva/GHhrlhbYx+ObbEYQSYq1Yzk8x9OAvEvcYazgL0=" ]; - }; -} diff --git a/grammars.nix b/grammars.nix deleted file mode 100644 index 59223bc..0000000 100644 --- a/grammars.nix +++ /dev/null @@ -1,132 +1,0 @@ -# adapted from https://github.com/helix-editor/helix/blob/217818681ea9bbc7f995c87f8794c46eeb012b1c/grammars.nix -{ stdenv -, lib -, runCommand -, includeGrammarIf ? _: true -, grammarOverlays ? [ ] -, helix -, ... -}: -let - languagesConfig = builtins.fromTOML (builtins.readFile "${helix}/languages.toml"); - isGitGrammar = grammar: - builtins.hasAttr "source" grammar - && builtins.hasAttr "git" grammar.source - && builtins.hasAttr "rev" grammar.source; - isGitHubGrammar = grammar: lib.hasPrefix "https://github.com" grammar.source.git; - toGitHubFetcher = url: - let - match = builtins.match "https://github\.com/([^/]*)/([^/]*)/?" url; - in - { - owner = builtins.elemAt match 0; - repo = builtins.elemAt match 1; - }; - # If `use-grammars.only` is set, use only those grammars. - # If `use-grammars.except` is set, use all other grammars. - # Otherwise use all grammars. - useGrammar = grammar: - if languagesConfig?use-grammars.only then - builtins.elem grammar.name languagesConfig.use-grammars.only - else if languagesConfig?use-grammars.except then - !(builtins.elem grammar.name languagesConfig.use-grammars.except) - else true; - grammarsToUse = builtins.filter useGrammar languagesConfig.grammar; - gitGrammars = builtins.filter isGitGrammar grammarsToUse; - buildGrammar = grammar: - let - gh = toGitHubFetcher grammar.source.git; - sourceGit = builtins.fetchTree { - type = "git"; - url = grammar.source.git; - inherit (grammar.source) rev; - ref = grammar.source.ref or "HEAD"; - shallow = true; - }; - sourceGitHub = builtins.fetchTree { - type = "github"; - inherit (gh) owner; - inherit (gh) repo; - inherit (grammar.source) rev; - }; - source = - if isGitHubGrammar grammar - then sourceGitHub - else sourceGit; - in - stdenv.mkDerivation { - # see https://github.com/NixOS/nixpkgs/blob/fbdd1a7c0bc29af5325e0d7dd70e804a972eb465/pkgs/development/tools/parsing/tree-sitter/grammar.nix - - pname = "tree-sitter-${grammar.name}"; - version = grammar.source.rev; - - src = source; - sourceRoot = - if builtins.hasAttr "subpath" grammar.source then - "source/${grammar.source.subpath}" - else - "source"; - - dontConfigure = true; - - FLAGS = [ - "-Isrc" - "-g" - "-O3" - "-fPIC" - "-fno-exceptions" - "-Wl,-z,relro,-z,now" - ]; - - NAME = "libtree-sitter-${grammar.name}"; - - buildPhase = '' - runHook preBuild - - if [[ -e src/scanner.cc ]]; then - $CXX -c src/scanner.cc -o scanner.o $FLAGS - elif [[ -e src/scanner.c ]]; then - $CC -c src/scanner.c -o scanner.o $FLAGS - fi - - $CC -c src/parser.c -o parser.o $FLAGS - $CXX -shared${lib.optionalString stdenv.isDarwin " -install_name $out/$NAME.so"} -o $NAME.so *.o - - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - mkdir $out - mv $NAME.so $out/ - runHook postInstall - ''; - - # Strip failed on darwin: strip: error: symbols referenced by indirect symbol table entries that can't be stripped - fixupPhase = lib.optionalString stdenv.isLinux '' - runHook preFixup - $STRIP $out/$NAME.so - runHook postFixup - ''; - }; - grammarsToBuild = builtins.filter includeGrammarIf gitGrammars; - builtGrammars = builtins.map - (grammar: { - inherit (grammar) name; - value = buildGrammar grammar; - }) - grammarsToBuild; - extensibleGrammars = - lib.makeExtensible (self: builtins.listToAttrs builtGrammars); - overlayedGrammars = lib.pipe extensibleGrammars - (builtins.map (overlay: grammar: grammar.extend overlay) grammarOverlays); - grammarLinks = lib.mapAttrsToList - (name: artifact: "ln -s ${artifact}/libtree-sitter-${name}.so $out/libtree-sitter-${name}.so") - (lib.filterAttrs (n: v: lib.isDerivation v) overlayedGrammars); -in -runCommand "consolidated-rit-grammars" { } '' - mkdir -p $out - ${builtins.concatStringsSep "\n" grammarLinks} - ln -s "${helix}/languages.toml" "$out/languages.toml" - ln -s "${helix}/runtime/queries" "$out/queries" -'' diff --git a/treefmt.nix b/treefmt.nix deleted file mode 100644 index 9484674..0000000 100644 --- a/treefmt.nix +++ /dev/null @@ -1,12 +1,0 @@ -{ pkgs, ... }: -{ - projectRootFile = "flake.nix"; - - programs = { - nixpkgs-fmt.enable = true; - statix.enable = true; - rustfmt.enable = true; - taplo.enable = true; - shellcheck.enable = true; - }; -} diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index bb70725..0000000 100644 --- a/.github/dependabot.yml +++ /dev/null @@ -1,13 +1,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 - -updates: - - package-ecosystem: "cargo" - directory: "/" - open-pull-requests-limit: 20 - schedule: - interval: "monthly" diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml deleted file mode 100644 index 9b2c84d..0000000 100644 --- a/.github/workflows/audit.yml +++ /dev/null @@ -1,17 +1,0 @@ -name: Security audit - -on: - push: - paths: - - '**/Cargo.toml' - - '**/Cargo.lock' - -jobs: - security_audit: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - uses: actions-rs/audit-check@v1 - continue-on-error: true - with: - token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/audit_cron.yml b/.github/workflows/audit_cron.yml deleted file mode 100644 index 56de683..0000000 100644 --- a/.github/workflows/audit_cron.yml +++ /dev/null @@ -1,14 +1,0 @@ -name: Security audit (cron) - -on: - schedule: - - cron: '0 0 * * *' - -jobs: - audit: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions-rs/audit-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml deleted file mode 100644 index fcc6744..0000000 100644 --- a/.github/workflows/cachix.yml +++ /dev/null @@ -1,23 +1,0 @@ -name: Cachix - -on: - push: - branches: - - main - -jobs: - publish: - name: Publish Flake - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - - name: Install nix - uses: cachix/install-nix-action@v30 - - name: Authenticate with Cachix - uses: cachix/cachix-action@v15 - with: - name: rgit - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - - name: Build nix flake - run: nix build -L diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 99e637d..0000000 100644 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,34 +1,0 @@ -on: [push, pull_request] - -name: CI - -jobs: - nix-matrix: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v30 - - id: set-matrix - name: Generate Nix Matrix - run: | - set -Eeu - matrix="$(nix eval --json '.#githubActions.matrix')" - echo "matrix=$matrix" >> "$GITHUB_OUTPUT" - - check: - name: ${{ matrix.name }} (${{ matrix.system }}) - needs: nix-matrix - runs-on: ${{ matrix.os }} - strategy: - matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}} - steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v30 - - name: Authenticate with Cachix - uses: cachix/cachix-action@v15 - with: - name: rgit - authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - - run: nix build -L '.#${{ matrix.attr }}' diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml deleted file mode 100644 index 70f29cf..0000000 100644 --- a/.github/workflows/docker-publish.yml +++ /dev/null @@ -1,45 +1,0 @@ -name: Docker - -on: - schedule: - - cron: '45 20 * * *' - push: - branches: [ main ] - -env: - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }}-- gitore 0.2.3