From d465e92647470759177cb63914fd3571cea7a8a4 Mon Sep 17 00:00:00 2001 From: Ryan Schanzenbacher Date: Tue, 1 Apr 2025 11:26:04 -0400 Subject: Using Zen, added nix update to be upstreamed --- modules/ryan-packages/package-management.scm | 233 +++++++++++++++++++++++++++ modules/ryan-services/nix.scm | 182 +++++++++++++++++++++ 2 files changed, 415 insertions(+) create mode 100644 modules/ryan-packages/package-management.scm create mode 100644 modules/ryan-services/nix.scm (limited to 'modules') diff --git a/modules/ryan-packages/package-management.scm b/modules/ryan-packages/package-management.scm new file mode 100644 index 0000000..9629168 --- /dev/null +++ b/modules/ryan-packages/package-management.scm @@ -0,0 +1,233 @@ +(define-module (ryan-packages package-management) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix build-system meson) + #:use-module (guix build-system cmake) + #:use-module (guix packages) + #:use-module (guix git-download) + #:use-module (guix gexp) + #:use-module (gnu packages) + #:use-module (gnu packages autotools) + #:use-module (gnu packages backup) + #:use-module (gnu packages bdw-gc) + #:use-module (gnu packages bison) + #:use-module (gnu packages boost) + #:use-module (gnu packages compression) + #:use-module (gnu packages check) + #:use-module (gnu packages cmake) + #:use-module (gnu packages cpp) + #:use-module (gnu packages crypto) + #:use-module (gnu packages curl) + #:use-module (gnu packages databases) + #:use-module (gnu packages flex) + #:use-module (gnu packages gcc) + #:use-module (gnu packages libedit) + #:use-module (gnu packages linux) + #:use-module (gnu packages llvm) + #:use-module (gnu packages markup) + #:use-module (gnu packages package-management) + #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages sqlite) + #:use-module (gnu packages tls) + #:use-module (gnu packages version-control) + #:use-module (gnu packages web) + #:use-module (guix utils)) + +(define-public nix-ryan + (package + (name "nix") + (version "2.26.3") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/NixOS/nix") + (commit version))) + (file-name (git-file-name "nix" version)) + (sha256 + (base32 "1rh9k0cdixahqzziylgg7p8j9p58h55m08h3l1kg369wlmi7r5g5")))) + (build-system meson-build-system) + (arguments + (list + #:configure-flags #~(list "--sysconfdir=/etc") + #:tests? #f)) + (native-inputs + (list autoconf + autoconf-archive + automake + bison + gcc-14 + cmake + flex + perl + perl-dbi + perl-dbd-sqlite + googletest + jq + libtool + pkg-config + rapidcheck)) + (inputs + (list boost-ryan + brotli + bzip2 + curl + editline + libarchive + libgc-ryan + libseccomp-ryan + libsodium + libbl3 + libgit2-1.9 + lowdown + nlohmann-json + openssl + sqlite + toml11 + xz + zlib)) + (home-page "https://nixos.org/") + (synopsis "The Nix package manager") + (description "todo") + (license license:lgpl2.1+))) + +(define libbl3 + (package + (name "blake3") + (version "1.7.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/BLAKE3-team/BLAKE3") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1dsx5jmr8csgzdvfxf4byc1086rg6vclqgqkz54la8rpfn3gkh6k")))) + (build-system cmake-build-system) + (arguments + (list + #:configure-flags #~(list "-DCMAKE_POSITION_INDEPENDENT_CODE=on") + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'enter-build-directory + (lambda _ (chdir "c") #t)) + (add-before 'build 'set-env + (lambda _ + (setenv "CFLAGS" "-fPIC") + (setenv "CXXFLAGS" "-fPIC") + #t))))) + (home-page "https://github.com/BLAKE3-team/BLAKE3") + (synopsis "Official C implementation of BLAKE3") + (description "todo") + (license license:expat))) + +(define toml11 + (package + (name "toml11") + (version "v4.4.0") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ToruNiina/toml11") + (commit version))) + (sha256 + (base32 "0d15b50cf9jgvh3w99xh6crh03bn2dmv9bdyvzq6knsk2diql1dj")))) + (build-system cmake-build-system) + (home-page "https://github.com/ToruNiina/toml11") + (synopsis "TODO") + (description "TODO") + (license license:expat))) + +(define libgit2-1.9 + (package + (inherit libgit2-1.8) + (version "1.9.0") + (source (origin + (inherit (package-source libgit2-1.8)) + (uri (git-reference + (url "https://github.com/libgit2/libgit2") + (commit (string-append "v" version)))) + (file-name (git-file-name "libgit2" version)) + (sha256 + (base32 + "06ajn5i5l1209z7x7jxcpw68ph0a6g3q67bmx0jm381rr8cb4zdz")) + (snippet + #~(begin + (for-each delete-file-recursively + '("deps/llhttp" + "deps/ntlmclient" + "deps/pcre" + "deps/winhttp" + "deps/zlib")))))))) + +(define libgc-ryan + (package + (inherit libgc) + (version "8.2.8") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/ivmai/bdwgc") + (commit (string-append "v" version)))) + (file-name (git-file-name "libgc" version)) + (sha256 + (base32 "1xzvr5wb36flkbjqjyk5ilhda1a3yk61rgprxfjzdf1rzlmqn12i")))) + (native-inputs (modify-inputs (package-native-inputs libgc) (prepend autoconf autoconf-archive automake libtool))))) + +(define boost-ryan + (package + (inherit boost) + (version "1.87.0") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/boostorg/boost") + (commit (string-append "boost-" version)) + (recursive? #t))) + (file-name (git-file-name "boost" version)) + (sha256 + (base32 "1xirczrh2rgk2x70crw33w6566d2by9q675wlyv0zj69f49z8prn")))) + (native-inputs (modify-inputs (package-native-inputs boost) (prepend clang-18))) + (arguments + (append + (substitute-keyword-arguments (package-arguments boost)) + (list + #:tests? #f + #:configure-flags + #~(let ((icu (dirname (dirname (search-input-file + %build-inputs "bin/uconv"))))) + (list + ;; Auto-detection looks for ICU only in traditional + ;; install locations. + (string-append "--with-icu=" icu) + ;; Ditto for Python. + #$@(if (%current-target-system) + #~() + #~((let ((python (dirname (dirname (search-input-file + %build-inputs + "bin/python"))))) + (string-append "--with-python-root=" python) + (string-append "--with-python=" python + "/bin/python") + (string-append "--with-python-version=" + (python-version python))))) + "--with-toolset=clang"))))))) + +(define libseccomp-ryan + (package + (inherit libseccomp) + (version "2.6.0") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/seccomp/libseccomp") + (commit (string-append "v" version)))) + (file-name (git-file-name "libseccomp" version)) + (sha256 + (base32 "189yh66aj3z3jvns739qbj504f3mcl3w44pxxizw877pbj3kal11")))) + (native-inputs (modify-inputs (package-native-inputs libseccomp) (prepend autoconf autoconf-archive automake libtool))))) + + +nix-ryan diff --git a/modules/ryan-services/nix.scm b/modules/ryan-services/nix.scm new file mode 100644 index 0000000..75c9082 --- /dev/null +++ b/modules/ryan-services/nix.scm @@ -0,0 +1,182 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019, 2020, 2021, 2024 Oleg Pykhalov +;;; Copyright © 2020 Peng Mei Yu +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (ryan-services nix) + #:use-module (gnu packages admin) + #:use-module (gnu packages bash) + #:use-module (gnu packages package-management) + #:use-module (gnu services base) + #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) + #:use-module (gnu services web) + #:use-module (gnu services) + #:use-module (gnu system file-systems) + #:use-module (gnu system shadow) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module (guix records) + #:use-module (guix store) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) + #:use-module (ice-9 match) + #:use-module (ice-9 format) + #:use-module (guix modules) + #:export (nix-service-type + + nix-configuration + nix-configuration?)) + +;;; Commentary: +;;; +;;; This module provides a service definition for the Nix daemon. +;;; +;;; Code: + +(define-record-type* + nix-configuration make-nix-configuration + nix-configuration? + (package nix-configuration-package ;file-like + (default nix)) + (sandbox nix-configuration-sandbox ;boolean + (default #t)) + (build-directory nix-configuration-build-directory ;string + (default "/tmp")) + (build-sandbox-items nix-configuration-build-sandbox-items ;list of strings + (default '())) + (extra-config nix-configuration-extra-config ;list of strings + (default '())) + (extra-options nix-configuration-extra-options ;list of strings + (default '()))) + +;; Copied from gnu/services/base.scm +(define* (nix-build-accounts count #:key + (group "nixbld") + (shadow shadow)) + "Return a list of COUNT user accounts for Nix build users with the given +GID." + (unfold (cut > <> count) + (lambda (n) + (user-account + (name (format #f "nixbld~2,'0d" n)) + (system? #t) + (group group) + (supplementary-groups (list group "kvm")) + (comment (format #f "Nix Build User ~2d" n)) + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))) + 1+ + 1)) +(define (nix-accounts _) + "Return the user accounts and user groups." + (cons (user-group + (name "nixbld") + (system? #t) + + ;; Use a fixed GID so that we can create the store with the right + ;; owner. + (id 40000)) + (nix-build-accounts 10 #:group "nixbld"))) + +(define (nix-activation _) + ;; Return the activation gexp. + #~(begin + (use-modules (guix build utils) + (srfi srfi-26)) + (for-each (cut mkdir-p <>) '("/nix/var/log" + "/nix/var/nix/gcroots/per-user" + "/nix/var/nix/profiles/per-user")) + (unless (file-exists? #$%nix-store-directory) + (mkdir-p #$%nix-store-directory) + (chown #$%nix-store-directory + (passwd:uid (getpw "root")) (group:gid (getpw "nixbld01"))) + (chmod #$%nix-store-directory #o775)) + (for-each (cut chmod <> #o777) '("/nix/var/nix/profiles" + "/nix/var/nix/profiles/per-user")))) + +(define nix-service-etc + (match-lambda + (($ package sandbox build-directory build-sandbox-items extra-config) + (let ((ref-file (references-file package))) + `(("nix/nix.conf" + ,(computed-file + "nix.conf" + #~(begin + (use-modules (srfi srfi-26) + (ice-9 format)) + (with-output-to-file #$output + (lambda _ + (define internal-sandbox-paths + (call-with-input-file #$ref-file read)) + + (format #t "sandbox = ~a~%" (if #$sandbox "true" "false")) + ;; config.nix captures store file names. + (format #t "sandbox-paths = ~{~a ~}~%" + (append (list (string-append "/bin/sh=" #$bash-minimal "/bin/bash")) + internal-sandbox-paths + '#$build-sandbox-items)) + (for-each (cut display <>) '#$extra-config))))))))))) + +(define %nix-store-directory + "/nix/store") + +(define %immutable-nix-store + ;; Read-only store to avoid users or daemons accidentally modifying it. + ;; 'nix-daemon' has provisions to remount it read-write in its own name + ;; space. + (list (file-system + (device %nix-store-directory) + (mount-point %nix-store-directory) + (type "none") + (check? #f) + (flags '(read-only bind-mount))))) + +(define nix-shepherd-service + ;; Return a for Nix. + (match-lambda + (($ package _ build-directory _ _ extra-options) + (list + (shepherd-service + (provision '(nix-daemon)) + (documentation "Run nix-daemon.") + (requirement '(user-processes file-system-/nix/store)) + (start #~(make-forkexec-constructor + (list (string-append #$package "/bin/nix-daemon") + #$@extra-options) + #:environment-variables + (list (string-append "TMPDIR=" #$build-directory) + "PATH=/run/current-system/profile/bin"))) + (respawn? #f) + (stop #~(make-kill-destructor))))))) + +(define nix-service-type + (service-type + (name 'nix) + (extensions + (list (service-extension shepherd-root-service-type nix-shepherd-service) + (service-extension account-service-type nix-accounts) + (service-extension activation-service-type nix-activation) + (service-extension etc-service-type nix-service-etc) + (service-extension profile-service-type + (compose list nix-configuration-package)) + (service-extension file-system-service-type + (const %immutable-nix-store)))) + (description "Run the Nix daemon.") + (default-value (nix-configuration)))) + +;;; nix.scm ends here -- cgit v1.2.3