Using Zen, added nix update to be upstreamed

2 files changed, 415 insertions, 0 deletions

diff --git a/modules/ryan-packages/package-management.scm b/modules/ryan-packages/package-management.scm
new file mode 100644
index 0000000..9629168
--- /dev/null
+++ b/modules/ryan-packages/package-management.scm
@@ -0,0 +1,233 @@
+(define-module (ryan-packages package-management)
+               #:use-module ((guix licenses) #:prefix license:)
+               #:use-module (guix build-system meson)
+               #:use-module (guix build-system cmake)
+               #:use-module (guix packages)
+               #:use-module (guix git-download)
+               #:use-module (guix gexp)
+               #:use-module (gnu packages)
+               #:use-module (gnu packages autotools)
+               #:use-module (gnu packages backup)
+               #:use-module (gnu packages bdw-gc)
+               #:use-module (gnu packages bison)
+               #:use-module (gnu packages boost)
+               #:use-module (gnu packages compression)
+               #:use-module (gnu packages check)
+               #:use-module (gnu packages cmake)
+               #:use-module (gnu packages cpp)
+               #:use-module (gnu packages crypto)
+               #:use-module (gnu packages curl)
+               #:use-module (gnu packages databases)
+               #:use-module (gnu packages flex)
+               #:use-module (gnu packages gcc)
+               #:use-module (gnu packages libedit)
+               #:use-module (gnu packages linux)
+               #:use-module (gnu packages llvm)
+               #:use-module (gnu packages markup)
+               #:use-module (gnu packages package-management)
+               #:use-module (gnu packages perl)
+               #:use-module (gnu packages pkg-config)
+               #:use-module (gnu packages sqlite)
+               #:use-module (gnu packages tls)
+               #:use-module (gnu packages version-control)
+               #:use-module (gnu packages web)
+               #:use-module (guix utils))
+
+(define-public nix-ryan
+  (package
+    (name "nix")
+    (version "2.26.3")
+    (source
+      (origin
+        (method git-fetch)
+        (uri (git-reference
+               (url "https://github.com/NixOS/nix")
+               (commit version)))
+        (file-name (git-file-name "nix" version))
+        (sha256
+          (base32 "1rh9k0cdixahqzziylgg7p8j9p58h55m08h3l1kg369wlmi7r5g5"))))
+    (build-system meson-build-system)
+    (arguments
+      (list
+        #:configure-flags #~(list "--sysconfdir=/etc")
+        #:tests? #f))
+    (native-inputs
+      (list autoconf
+            autoconf-archive
+            automake
+            bison
+            gcc-14
+            cmake
+            flex
+            perl
+            perl-dbi
+            perl-dbd-sqlite
+            googletest
+            jq
+            libtool
+            pkg-config
+            rapidcheck))
+    (inputs
+      (list boost-ryan
+            brotli
+            bzip2
+            curl
+            editline
+            libarchive
+            libgc-ryan
+            libseccomp-ryan
+            libsodium
+            libbl3
+            libgit2-1.9
+            lowdown
+            nlohmann-json
+            openssl
+            sqlite
+            toml11
+            xz
+            zlib))
+    (home-page "https://nixos.org/")
+    (synopsis "The Nix package manager")
+    (description "todo")
+    (license license:lgpl2.1+)))
+
+(define libbl3
+  (package
+    (name "blake3")
+    (version "1.7.0")
+    (source
+      (origin
+        (method git-fetch)
+        (uri (git-reference
+               (url "https://github.com/BLAKE3-team/BLAKE3")
+               (commit version)))
+        (file-name (git-file-name name version))
+        (sha256
+          (base32 "1dsx5jmr8csgzdvfxf4byc1086rg6vclqgqkz54la8rpfn3gkh6k"))))
+    (build-system cmake-build-system)
+    (arguments
+      (list
+        #:configure-flags #~(list "-DCMAKE_POSITION_INDEPENDENT_CODE=on")
+        #:phases
+        #~(modify-phases %standard-phases
+            (add-after 'unpack 'enter-build-directory
+              (lambda _ (chdir "c") #t))
+            (add-before 'build 'set-env
+              (lambda _
+                (setenv "CFLAGS" "-fPIC")
+                (setenv "CXXFLAGS" "-fPIC")
+                #t)))))
+    (home-page "https://github.com/BLAKE3-team/BLAKE3")
+    (synopsis "Official C implementation of BLAKE3")
+    (description "todo")
+    (license license:expat)))
+
+(define toml11
+  (package
+    (name "toml11")
+    (version "v4.4.0")
+    (source
+      (origin
+        (method git-fetch)
+        (uri (git-reference
+               (url "https://github.com/ToruNiina/toml11")
+               (commit version)))
+        (sha256
+          (base32 "0d15b50cf9jgvh3w99xh6crh03bn2dmv9bdyvzq6knsk2diql1dj"))))
+    (build-system cmake-build-system)
+    (home-page "https://github.com/ToruNiina/toml11")
+    (synopsis "TODO")
+    (description "TODO")
+    (license license:expat)))
+
+(define libgit2-1.9
+  (package
+    (inherit libgit2-1.8)
+    (version "1.9.0")
+    (source (origin
+              (inherit (package-source libgit2-1.8))
+              (uri (git-reference
+                     (url "https://github.com/libgit2/libgit2")
+                     (commit (string-append "v" version))))
+              (file-name (git-file-name "libgit2" version))
+              (sha256
+                (base32
+                  "06ajn5i5l1209z7x7jxcpw68ph0a6g3q67bmx0jm381rr8cb4zdz"))
+              (snippet
+                #~(begin
+                    (for-each delete-file-recursively
+                              '("deps/llhttp"
+                                "deps/ntlmclient"
+                                "deps/pcre"
+                                "deps/winhttp"
+                                "deps/zlib"))))))))
+
+(define libgc-ryan
+  (package
+    (inherit libgc)
+    (version "8.2.8")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/ivmai/bdwgc")
+                     (commit (string-append "v" version))))
+              (file-name (git-file-name "libgc" version))
+              (sha256
+                (base32 "1xzvr5wb36flkbjqjyk5ilhda1a3yk61rgprxfjzdf1rzlmqn12i"))))
+    (native-inputs (modify-inputs (package-native-inputs libgc) (prepend autoconf autoconf-archive automake libtool)))))
+
+(define boost-ryan
+  (package
+    (inherit boost)
+    (version "1.87.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/boostorg/boost")
+                     (commit (string-append "boost-" version))
+                     (recursive? #t)))
+              (file-name (git-file-name "boost" version))
+              (sha256
+                (base32 "1xirczrh2rgk2x70crw33w6566d2by9q675wlyv0zj69f49z8prn"))))
+    (native-inputs (modify-inputs (package-native-inputs boost) (prepend clang-18)))
+    (arguments
+      (append
+          (substitute-keyword-arguments (package-arguments boost))
+          (list
+            #:tests? #f
+            #:configure-flags
+            #~(let ((icu (dirname (dirname (search-input-file
+                                             %build-inputs "bin/uconv")))))
+                (list
+                  ;; Auto-detection looks for ICU only in traditional
+                  ;; install locations.
+                  (string-append "--with-icu=" icu)
+                  ;; Ditto for Python.
+                  #$@(if (%current-target-system)
+                       #~()
+                       #~((let ((python (dirname (dirname (search-input-file
+                                                            %build-inputs
+                                                            "bin/python")))))
+                            (string-append "--with-python-root=" python)
+                            (string-append "--with-python=" python
+                                           "/bin/python")
+                            (string-append "--with-python-version="
+                                           (python-version python)))))
+                  "--with-toolset=clang")))))))
+
+(define libseccomp-ryan
+  (package
+    (inherit libseccomp)
+    (version "2.6.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/seccomp/libseccomp")
+                     (commit (string-append "v" version))))
+              (file-name (git-file-name "libseccomp" version))
+              (sha256
+                (base32 "189yh66aj3z3jvns739qbj504f3mcl3w44pxxizw877pbj3kal11"))))
+    (native-inputs (modify-inputs (package-native-inputs libseccomp) (prepend autoconf autoconf-archive automake libtool)))))
+
+
+nix-ryan
diff --git a/modules/ryan-services/nix.scm b/modules/ryan-services/nix.scm
new file mode 100644
index 0000000..75c9082
--- /dev/null
+++ b/modules/ryan-services/nix.scm
@@ -0,0 +1,182 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019, 2020, 2021, 2024 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2020 Peng Mei Yu <i@pengmeiyu.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (ryan-services nix)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages bash)
+  #:use-module (gnu packages package-management)
+  #:use-module (gnu services base)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu services web)
+  #:use-module (gnu services)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system shadow)
+  #:use-module (guix gexp)
+  #:use-module (guix packages)
+  #:use-module (guix records)
+  #:use-module (guix store)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 format)
+  #:use-module (guix modules)
+  #:export (nix-service-type
+
+            nix-configuration
+            nix-configuration?))
+
+;;; Commentary:
+;;;
+;;; This module provides a service definition for the Nix daemon.
+;;;
+;;; Code:
+
+(define-record-type* <nix-configuration>
+  nix-configuration make-nix-configuration
+  nix-configuration?
+  (package             nix-configuration-package ;file-like
+                       (default nix))
+  (sandbox             nix-configuration-sandbox ;boolean
+                       (default #t))
+  (build-directory     nix-configuration-build-directory ;string
+                       (default "/tmp"))
+  (build-sandbox-items nix-configuration-build-sandbox-items ;list of strings
+                       (default '()))
+  (extra-config        nix-configuration-extra-config ;list of strings
+                       (default '()))
+  (extra-options       nix-configuration-extra-options ;list of strings
+                       (default '())))
+
+;; Copied from gnu/services/base.scm
+(define* (nix-build-accounts count #:key
+                             (group "nixbld")
+                             (shadow shadow))
+  "Return a list of COUNT user accounts for Nix build users with the given
+GID."
+  (unfold (cut > <> count)
+          (lambda (n)
+            (user-account
+             (name (format #f "nixbld~2,'0d" n))
+             (system? #t)
+             (group group)
+             (supplementary-groups (list group "kvm"))
+             (comment (format #f "Nix Build User ~2d" n))
+             (home-directory "/var/empty")
+             (shell (file-append shadow "/sbin/nologin"))))
+          1+
+          1))
+(define (nix-accounts _)
+  "Return the user accounts and user groups."
+  (cons (user-group
+         (name "nixbld")
+         (system? #t)
+
+         ;; Use a fixed GID so that we can create the store with the right
+         ;; owner.
+         (id 40000))
+        (nix-build-accounts 10 #:group "nixbld")))
+
+(define (nix-activation _)
+  ;; Return the activation gexp.
+  #~(begin
+      (use-modules (guix build utils)
+                   (srfi srfi-26))
+      (for-each (cut mkdir-p <>) '("/nix/var/log"
+                                   "/nix/var/nix/gcroots/per-user"
+                                   "/nix/var/nix/profiles/per-user"))
+      (unless (file-exists? #$%nix-store-directory)
+        (mkdir-p #$%nix-store-directory)
+        (chown #$%nix-store-directory
+               (passwd:uid (getpw "root")) (group:gid (getpw "nixbld01")))
+        (chmod #$%nix-store-directory #o775))
+      (for-each (cut chmod <> #o777) '("/nix/var/nix/profiles"
+                                       "/nix/var/nix/profiles/per-user"))))
+
+(define nix-service-etc
+  (match-lambda
+    (($ <nix-configuration> package sandbox build-directory build-sandbox-items extra-config)
+     (let ((ref-file (references-file package)))
+       `(("nix/nix.conf"
+          ,(computed-file
+            "nix.conf"
+            #~(begin
+                (use-modules (srfi srfi-26)
+                             (ice-9 format))
+                (with-output-to-file #$output
+                  (lambda _
+                    (define internal-sandbox-paths
+                      (call-with-input-file #$ref-file read))
+
+                    (format #t "sandbox = ~a~%" (if #$sandbox "true" "false"))
+                    ;; config.nix captures store file names.
+                    (format #t "sandbox-paths = ~{~a ~}~%"
+                            (append (list (string-append "/bin/sh=" #$bash-minimal "/bin/bash"))
+                                    internal-sandbox-paths
+                                    '#$build-sandbox-items))
+                    (for-each (cut display <>) '#$extra-config)))))))))))
+
+(define %nix-store-directory
+  "/nix/store")
+
+(define %immutable-nix-store
+  ;; Read-only store to avoid users or daemons accidentally modifying it.
+  ;; 'nix-daemon' has provisions to remount it read-write in its own name
+  ;; space.
+  (list (file-system
+          (device %nix-store-directory)
+          (mount-point %nix-store-directory)
+          (type "none")
+          (check? #f)
+          (flags '(read-only bind-mount)))))
+
+(define nix-shepherd-service
+  ;; Return a <shepherd-service> for Nix.
+  (match-lambda
+    (($ <nix-configuration> package _ build-directory _ _ extra-options)
+     (list
+      (shepherd-service
+       (provision '(nix-daemon))
+       (documentation "Run nix-daemon.")
+       (requirement '(user-processes file-system-/nix/store))
+       (start #~(make-forkexec-constructor
+                 (list (string-append #$package "/bin/nix-daemon")
+                       #$@extra-options)
+                 #:environment-variables
+                 (list (string-append "TMPDIR=" #$build-directory)
+                       "PATH=/run/current-system/profile/bin")))
+       (respawn? #f)
+       (stop #~(make-kill-destructor)))))))
+
+(define nix-service-type
+  (service-type
+   (name 'nix)
+   (extensions
+    (list (service-extension shepherd-root-service-type nix-shepherd-service)
+          (service-extension account-service-type nix-accounts)
+          (service-extension activation-service-type nix-activation)
+          (service-extension etc-service-type nix-service-etc)
+          (service-extension profile-service-type
+                             (compose list nix-configuration-package))
+          (service-extension file-system-service-type
+                             (const %immutable-nix-store))))
+   (description "Run the Nix daemon.")
+   (default-value (nix-configuration))))
+
+;;; nix.scm ends here