diff --git a/flake.lock b/flake.lock index 125633e5..510d52a7 100644 --- a/flake.lock +++ b/flake.lock @@ -22,6 +22,114 @@ "type": "github" } }, + "cargo-chef": { + "flake": false, + "locked": { + "lastModified": 1695999026, + "narHash": "sha256-UtLoZd7YBRSF9uXStfC3geEFqSqZXFh1rLHaP8hre0Y=", + "owner": "LukeMathWalker", + "repo": "cargo-chef", + "rev": "6e96ae5cd023b718ae40d608981e50a6e7d7facf", + "type": "github" + }, + "original": { + "owner": "LukeMathWalker", + "ref": "main", + "repo": "cargo-chef", + "type": "github" + } + }, + "cargo-rdme": { + "flake": false, + "locked": { + "lastModified": 1675118998, + "narHash": "sha256-lrYWqu3h88fr8gG3Yo5GbFGYaq5/1Os7UtM+Af0Bg4k=", + "owner": "orium", + "repo": "cargo-rdme", + "rev": "f9dbb6bccc078f4869f45ae270a2890ac9a75877", + "type": "github" + }, + "original": { + "owner": "orium", + "ref": "v1.1.0", + "repo": "cargo-rdme", + "type": "github" + } + }, + "coturn": { + "flake": false, + "locked": { + "lastModified": 1711026554, + "narHash": "sha256-fvxj4G7GmkyuS67QiFcEX8+UlxvjtyfAbilfE9cin5Q=", + "owner": "steveej-forks", + "repo": "coturn", + "rev": "fed3efd2c4447e5e5966eed5cc32a43d768172ad", + "type": "github" + }, + "original": { + "owner": "steveej-forks", + "ref": "debug-cli-login", + "repo": "coturn", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "nixpkgs-23-11" + ] + }, + "locked": { + "lastModified": 1710003968, + "narHash": "sha256-g8+K+mLiNG5uch35Oy9oDQBAmGSkCcqrd0Jjme7xiG0=", + "owner": "ipetkov", + "repo": "crane", + "rev": "10484f86201bb94bd61ecc5335b1496794fedb78", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "inputs": { + "nixpkgs": [ + "holochain", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1707363936, + "narHash": "sha256-QbqyvGFYt84QNOQLOOTWplZZkzkyDhYrAl/N/9H0vFM=", + "owner": "ipetkov", + "repo": "crane", + "rev": "9107434eda6991e9388ad87b815dafa337446d16", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crate2nix": { + "flake": false, + "locked": { + "lastModified": 1706909251, + "narHash": "sha256-T7G9Uhh77P0kKri/u+Mwa/4YnXwdPsJSwYCiJCCW+fs=", + "owner": "kolloch", + "repo": "crate2nix", + "rev": "15656bb6cb15f55ee3344bf4362e6489feb93db6", + "type": "github" + }, + "original": { + "owner": "kolloch", + "repo": "crate2nix", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -54,11 +162,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1678184100, - "narHash": "sha256-6R0LmBiS2E6CApdqqFpY2IBXDAg2RQ2JHBkJOLMxXsY=", + "lastModified": 1710144971, + "narHash": "sha256-CjTOdoBvT/4AQncTL20SDHyJNgsXZjtGbz62yDIUYnM=", "owner": "cachix", "repo": "devenv", - "rev": "b9e0ace80abd0ca5631ab5df7d6562ba9d8af50c", + "rev": "6c0bad0045f1e1802f769f7890f6a59504825f4d", "type": "github" }, "original": { @@ -74,11 +182,11 @@ ] }, "locked": { - "lastModified": 1686545384, - "narHash": "sha256-XniReOaWLjubBAXk6Wx2Ny6/b9Xdsx3viLhhs7ycuWw=", + "lastModified": 1710724748, + "narHash": "sha256-aXlifKr6Brg0SBUBgRNEBaZf3JLUeGhM9BX2gam+vvo=", "owner": "nix-community", "repo": "disko", - "rev": "55eea2030a42845102334eb29f054f0c6604a32c", + "rev": "c09c3a9639690f94ddff44c3dd25c85602e5aeb2", "type": "github" }, "original": { @@ -109,6 +217,22 @@ "type": "github" } }, + "empty": { + "flake": false, + "locked": { + "lastModified": 1683792623, + "narHash": "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=", + "owner": "steveej", + "repo": "empty", + "rev": "8e328e450e4cd32e072eba9e99fe92cf2a1ef5cf", + "type": "github" + }, + "original": { + "owner": "steveej", + "repo": "empty", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -125,6 +249,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -143,6 +283,23 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1706830856, + "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixos-anywhere", @@ -164,12 +321,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -180,7 +340,25 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems" + "systems": "systems_2" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" }, "locked": { "lastModified": 1692799911, @@ -206,11 +384,11 @@ ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", "type": "github" }, "original": { @@ -236,6 +414,94 @@ "type": "github" } }, + "holochain": { + "inputs": { + "cargo-chef": "cargo-chef", + "cargo-rdme": "cargo-rdme", + "crane": "crane_2", + "crate2nix": "crate2nix", + "empty": "empty", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "holochain": [ + "holochain", + "empty" + ], + "lair": [ + "holochain", + "empty" + ], + "launcher": [ + "holochain", + "empty" + ], + "nix-filter": "nix-filter", + "nixpkgs": "nixpkgs_3", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "repo-git": "repo-git", + "rust-overlay": "rust-overlay", + "scaffolding": [ + "holochain", + "empty" + ], + "versions": [ + "holochain-versions" + ] + }, + "locked": { + "lastModified": 1710743393, + "narHash": "sha256-xhkOYQotgVNiCAVeBRem8V0b1Csi0p/yZY6XvvzePvU=", + "owner": "holochain", + "repo": "holochain", + "rev": "2a4773ca6985cd08a57f6aafb54565bb988ca6bc", + "type": "github" + }, + "original": { + "owner": "holochain", + "repo": "holochain", + "type": "github" + } + }, + "holochain-versions": { + "inputs": { + "holochain": "holochain_2", + "lair": "lair", + "launcher": "launcher", + "scaffolding": "scaffolding" + }, + "locked": { + "dir": "versions/weekly", + "lastModified": 1710743393, + "narHash": "sha256-xhkOYQotgVNiCAVeBRem8V0b1Csi0p/yZY6XvvzePvU=", + "owner": "holochain", + "repo": "holochain", + "rev": "2a4773ca6985cd08a57f6aafb54565bb988ca6bc", + "type": "github" + }, + "original": { + "dir": "versions/weekly", + "owner": "holochain", + "repo": "holochain", + "type": "github" + } + }, + "holochain_2": { + "flake": false, + "locked": { + "lastModified": 1710291013, + "narHash": "sha256-etoY8oXg3PXFMeZgkixxsKJjH1Uauua366y2TN8+fms=", + "owner": "holochain", + "repo": "holochain", + "rev": "15516823c6f5e0ec7f032e614d804b2376fe0867", + "type": "github" + }, + "original": { + "owner": "holochain", + "ref": "holochain-0.3.0-beta-dev.40", + "repo": "holochain", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -305,14 +571,60 @@ "url": "https://github.com/ThetaSinner.keys" } }, + "keys_zippy": { + "flake": false, + "locked": { + "narHash": "sha256-0OoNLGRMmWmezTJGQdbQno6BCYHnuuuUKVfY48chkOw=", + "type": "file", + "url": "https://github.com/zippy.keys" + }, + "original": { + "type": "file", + "url": "https://github.com/zippy.keys" + } + }, + "lair": { + "flake": false, + "locked": { + "lastModified": 1709335027, + "narHash": "sha256-rKMhh7TLuR1lqze2YFWZCGYKZQoB4dZxjpX3sb7r7Jk=", + "owner": "holochain", + "repo": "lair", + "rev": "826be915efc839d1d1b8a2156b158999b8de8d5b", + "type": "github" + }, + "original": { + "owner": "holochain", + "ref": "lair_keystore-v0.4.4", + "repo": "lair", + "type": "github" + } + }, + "launcher": { + "flake": false, + "locked": { + "lastModified": 1706294585, + "narHash": "sha256-92Qc6hBMFfHo3w1m1+EpNAAV+7whpkgRHiGqNiXaMCg=", + "owner": "holochain", + "repo": "launcher", + "rev": "51a45a7141abc98a861b34b288b384f50f359485", + "type": "github" + }, + "original": { + "owner": "holochain", + "ref": "holochain-weekly", + "repo": "launcher", + "type": "github" + } + }, "lowdown-src": { "flake": false, "locked": { - "lastModified": 1633514407, - "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", + "lastModified": 1700431489, + "narHash": "sha256-YB0ksW9HFRVr0WbtBcF4KSN44r02+ArD1Voipw8rU/8=", "owner": "kristapsdz", "repo": "lowdown", - "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", + "rev": "1200b9f4ceceb5795ccc0a02a2105310f0819222", "type": "github" }, "original": { @@ -323,7 +635,7 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -367,6 +679,21 @@ "type": "github" } }, + "nix-filter": { + "locked": { + "lastModified": 1705332318, + "narHash": "sha256-kcw1yFeJe9N4PjQji9ZeX47jg0p9A0DuU4djKvg1a7I=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "3449dc925982ad46246cfc36469baf66e1b64f17", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nix-filter", + "type": "github" + } + }, "nixos-2305": { "locked": { "lastModified": 1686478675, @@ -386,7 +713,7 @@ "nixos-anywhere": { "inputs": { "disko": "disko_2", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nixos-2305": "nixos-2305", "nixos-images": "nixos-images", "nixpkgs": [ @@ -449,6 +776,22 @@ "type": "github" } }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-lib": { "locked": { "dir": "lib", @@ -467,6 +810,24 @@ "type": "github" } }, + "nixpkgs-lib_2": { + "locked": { + "dir": "lib", + "lastModified": 1706550542, + "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-regression": { "locked": { "lastModified": 1643052045, @@ -485,16 +846,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1673800717, - "narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=", + "lastModified": 1704874635, + "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f", + "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", + "ref": "nixos-23.11", "repo": "nixpkgs", "type": "github" } @@ -581,18 +942,17 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1695975771, - "narHash": "sha256-+AGkCM+ZHal3gk6AjOo+vnUMv0I9Kqmas01v2ldEIpQ=", - "owner": "nixos", + "lastModified": 1710631334, + "narHash": "sha256-rL5LSYd85kplL5othxK5lmAtjyMOBg390sGBTb3LRMM=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "c710fc3c3e41e7b7e02dc40885f55aa341461678", + "rev": "c75037bbf9093a2acb617804ee46320d6d1fea5a", "type": "github" }, "original": { - "owner": "nixos", - "ref": "release-23.05", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" } }, "pre-commit-hooks": { @@ -612,11 +972,27 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1677160285, - "narHash": "sha256-tBzpCjMP+P3Y3nKLYvdBkXBg3KvTMo3gvi8tLQaqXVY=", + "lastModified": 1708018599, + "narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "flake": false, + "locked": { + "lastModified": 1707297608, + "narHash": "sha256-ADjo/5VySGlvtCW3qR+vdFF4xM9kJFlRDqcC9ZGI8EA=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "2bd861ab81469428d9c823ef72c4bb08372dd2c4", + "rev": "0db2e67ee49910adfa13010e7f012149660af7f0", "type": "github" }, "original": { @@ -625,25 +1001,85 @@ "type": "github" } }, + "repo-git": { + "flake": false, + "locked": { + "narHash": "sha256-d6xi4mKdjkX2JFicDIv5niSzpyI0m/Hnm8GGAIU04kY=", + "type": "file", + "url": "file:/dev/null" + }, + "original": { + "type": "file", + "url": "file:/dev/null" + } + }, "root": { "inputs": { "cachix_for_watch_store": "cachix_for_watch_store", + "coturn": "coturn", + "crane": "crane", "darwin": "darwin", "disko": "disko", "flake-parts": "flake-parts", + "holochain": "holochain", + "holochain-versions": "holochain-versions", "home-manager": "home-manager", "keys_artbrock": "keys_artbrock", "keys_jost-s": "keys_jost-s", "keys_steveej": "keys_steveej", "keys_thetasinner": "keys_thetasinner", + "keys_zippy": "keys_zippy", "microvm": "microvm", "nixos-anywhere": "nixos-anywhere", - "nixpkgs": "nixpkgs_3", + "nixpkgs": [ + "nixpkgs-23-11" + ], + "nixpkgs-23-11": "nixpkgs-23-11", "nixpkgsGithubActionRunners": "nixpkgsGithubActionRunners", "nixpkgsMaster": "nixpkgsMaster", "nixpkgsUnstable": "nixpkgsUnstable", "sops-nix": "sops-nix", - "srvos": "srvos" + "srvos": "srvos", + "tx5": "tx5" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "holochain", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1710727870, + "narHash": "sha256-Ulsx+t4SnRmjMJx4eF2Li+3rBGYhZp0XNShVjIheCfg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "a1b17cacfa7a6ed18f553a195a047f4e73e95da9", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "scaffolding": { + "flake": false, + "locked": { + "lastModified": 1708377063, + "narHash": "sha256-5+iEjwMO/sTe1h9JVrfn77GjliIRVJQFS2yvI3KTsL8=", + "owner": "holochain", + "repo": "scaffolding", + "rev": "c41f01d2ff19fe58b6632860d85f88a96e16fd65", + "type": "github" + }, + "original": { + "owner": "holochain", + "ref": "holochain-weekly", + "repo": "scaffolding", + "type": "github" } }, "sops-nix": { @@ -674,11 +1110,11 @@ ] }, "locked": { - "lastModified": 1686528292, - "narHash": "sha256-RWSI4qsx2NTPZa7e27DKLEAYOjtyGADSJ1sPB1j4yQA=", + "lastModified": 1710722976, + "narHash": "sha256-tAQvMzQ3pB4O7C0WJqvewlywEpJQRTdu2om5bgKV3L8=", "owner": "numtide", "repo": "srvos", - "rev": "5db34b8c369dad476406ef8ac6382fd019bd07a3", + "rev": "6f5c52bcd3b9e7c0e88907a75d284d11b609a36c", "type": "github" }, "original": { @@ -702,6 +1138,36 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -722,6 +1188,23 @@ "repo": "treefmt-nix", "type": "github" } + }, + "tx5": { + "flake": false, + "locked": { + "lastModified": 1707175829, + "narHash": "sha256-Lkry9eEUk6aXe7aQ824YwkG2Ra44GPapIznGR2Ao/PA=", + "owner": "holochain", + "repo": "tx5", + "rev": "d5fa9096eae2156618c701e87b7c40770faa123c", + "type": "github" + }, + "original": { + "owner": "holochain", + "ref": "tx5-signal-srv-v0.0.7-alpha", + "repo": "tx5", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 312c56b1..70799c88 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,8 @@ description = "The new, performant, and simplified version of Holochain on Rust (sometimes called Holochain RSM for Refactored State Model) "; inputs = { - nixpkgs = {url = "github:nixos/nixpkgs/release-23.05";}; + nixpkgs.follows = "nixpkgs-23-11"; + nixpkgs-23-11 = {url = "github:nixos/nixpkgs/nixos-23.11";}; nixpkgsGithubActionRunners = {url = "github:nixos/nixpkgs/nixos-unstable";}; nixpkgsUnstable = {url = "github:nixos/nixpkgs/nixos-unstable";}; nixpkgsMaster = {url = "github:nixos/nixpkgs/master";}; @@ -32,6 +33,11 @@ sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + crane = { + url = "github:ipetkov/crane"; + inputs.nixpkgs.follows = "nixpkgs-23-11"; + }; + keys_steveej = { url = "https://github.com/steveej.keys"; flake = false; @@ -63,17 +69,30 @@ flake = false; }; - # NAR mismatch as of 2023/07/21 - # keys_zippy = { - # url = "https://github.com/zippy.keys"; - # flake = false; - # }; + keys_zippy = { + url = "https://github.com/zippy.keys"; + flake = false; + }; keys_artbrock = { url = "https://github.com/artbrock.keys"; flake = false; }; - cachix_for_watch_store.url = github:cachix/cachix/v1.5; + cachix_for_watch_store.url = "github:cachix/cachix/v1.5"; + + tx5.url = "github:holochain/tx5/tx5-signal-srv-v0.0.7-alpha"; + tx5.flake = false; + + holochain-versions.url = "github:holochain/holochain?dir=versions/weekly"; + holochain = { + url = "github:holochain/holochain"; + inputs.versions.follows = "holochain-versions"; + }; + + coturn = { + flake = false; + url = "github:steveej-forks/coturn/debug-cli-login"; + }; }; outputs = inputs @ { @@ -155,7 +174,9 @@ }; packages = { - nomad = inputs'.nixpkgsMaster.legacyPackages.nomad_1_6; + nomad = inputs'.nixpkgs.legacyPackages.nomad_1_6; + + nixos-anywhere = inputs'.nixos-anywhere.packages.default; }; }; flake = { diff --git a/modules/flake-parts/apps.ssh-/default.nix b/modules/flake-parts/apps.ssh-/default.nix index 2e78c66d..38bc7d8f 100644 --- a/modules/flake-parts/apps.ssh-/default.nix +++ b/modules/flake-parts/apps.ssh-/default.nix @@ -6,6 +6,7 @@ }: { perSystem = {pkgs, ...}: let mkSsh = { + attrName, hostName, deployUser, }: diff --git a/modules/flake-parts/holochain-turn-server.nix b/modules/flake-parts/holochain-turn-server.nix new file mode 100644 index 00000000..a31da6bb --- /dev/null +++ b/modules/flake-parts/holochain-turn-server.nix @@ -0,0 +1,186 @@ +{ + # System independent arguments. + self, + lib, + ... +}: { + flake = { + # system independent outputs like nixosModules, nixosConfigurations, etc. + + # nixosConfigurations.example-host = ... + overlays.coturn = _final: previous: { + coturn = previous.coturn.overrideAttrs ( + _super: { + src = self.inputs.coturn; + # coturn for NixOS needs to be built without libev_ok, otherwise acme-redirect won't work + LIBEV_OK = "0"; + meta.platforms = lib.platforms.linux; + } + ); + }; + + nixosModules.holochain-turn-server = { + config, + lib, + ... + }: let + cfg = config.services.holochain-turn-server; + in { + options.services.holochain-turn-server = { + enable = lib.mkEnableOption "holochain turn server"; + url = lib.mkOption { + description = "publicly visible url for the turn server"; + type = lib.types.str; + }; + turn-cert-dir = lib.mkOption { + description = "directory where fullchain.pem and key.pem are expected to exist"; + type = lib.types.str; + default = config.security.acme.certs.${cfg.url}.directory; + }; + address = lib.mkOption { + description = "address coturn should listen on"; + type = lib.types.str; + }; + + nginx-http-port = lib.mkOption { + description = "port for nginx to listen on for answering ACME challenges"; + type = lib.types.int; + # skipping 81 because it's the default coturn alternative http port + default = 82; + }; + + coturn-min-port = lib.mkOption { + description = "lower port for coturn's range"; + type = lib.types.int; + default = 20000; + }; + + coturn-max-port = lib.mkOption { + description = "upper port for coturn's range"; + type = lib.types.int; + default = 65535; # which is default but here listing explicitly + }; + + verbose = lib.mkEnableOption "verbose logging"; + + acme-redirect = lib.mkOption { + description = "value passed to acme-redirect configuration option"; + type = lib.types.str; + default = "http://acme-${cfg.url}/.well-known/acme-challenge/"; + }; + + username = lib.mkOption { + description = "user for establishing turn connections to coturn"; + type = lib.types.str; + default = "test"; + }; + + credential = lib.mkOption { + description = "credential for establishing turn connections to coturn"; + type = lib.types.str; + default = "test"; + }; + + extraCoturnAttrs = lib.mkOption { + description = "extra attributes assigned to services.coturn"; + type = lib.types.attrs; + default = {}; + }; + }; + + config = lib.mkIf cfg.enable { + nixpkgs.overlays = [self.overlays.coturn]; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 9641 # prometheus + + cfg.nginx-http-port + ]; + networking.firewall.allowedUDPPorts = [ + 80 + 443 + 9641 # prometheus + ]; + networking.firewall.allowedUDPPortRanges = [ + { + from = cfg.coturn-min-port; + to = cfg.coturn-max-port; + } + ]; + + services.coturn = + { + enable = true; + listening-port = 80; + tls-listening-port = 443; + listening-ips = [cfg.address]; + lt-cred-mech = true; # Use long-term credential mechanism. + realm = cfg.url; + cert = "${cfg.turn-cert-dir}/fullchain.pem"; + pkey = "${cfg.turn-cert-dir}/key.pem"; + no-cli = false; + min-port = cfg.coturn-min-port; + max-port = cfg.coturn-max-port; + extraConfig = + '' + no-software-attribute + no-multicast-peers + no-tlsv1 + no-tlsv1_1 + user=${cfg.username}:${cfg.credential} + prometheus + '' + + lib.strings.optionalString cfg.verbose '' + verbose + '' + + lib.strings.optionalString (cfg.acme-redirect != null) '' + acme-redirect=${cfg.acme-redirect} + ''; + } + // cfg.extraCoturnAttrs; + + systemd.services.coturn.serviceConfig = { + LimitNOFILESoft = 10000; + }; + + # Add turnserver user to nginx group, because turnserver needs to have access to TLS certs from /var/lib/acme/ + users.groups.nginx.members = ["turnserver"]; + + services.nginx = { + enable = true; + + # the sole purpose of nginx here is TLS certificate renewal from letsencrypt + # coturn redirects ACME, i.e. HTTP GET requests matching '^/.well-known/acme-challenge/(.*)' + # to acme-turn.holo.host, which is intercepted by a reverse-proxy and redirected to port ${cfg.nginx-http-port} on this host + virtualHosts."${cfg.url}" = { + listen = [ + { + addr = "${cfg.address}"; + port = cfg.nginx-http-port; + ssl = false; + } + ]; + enableACME = true; + serverName = cfg.url; + }; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "acme@holo.host"; + }; + + # after certificate renewal by acme coturn.service needs to reload this new cert, too + # see https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/security/acme/default.nix#L322 + certs."${cfg.url}".reloadServices = ["coturn"]; + + # staging server has higher retry limits. uncomment the following when debugging ACME challenges. + # certs."${cfg.url}".server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + }; + }; + }; + }; +} diff --git a/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix b/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix index 2b385aff..1064e71f 100644 --- a/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix +++ b/modules/flake-parts/nixosConfigurations.dweb-reverse-tls-proxy/configuration.nix @@ -7,7 +7,6 @@ ... }: let ipv4 = "5.78.43.185"; - ipv6Prefix = "2a01:4ff:1f0:872a"; fqdn2domain = "infra.holochain.org"; in { imports = [ @@ -37,36 +36,31 @@ in { "holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8=" ]; - boot.loader.grub = { - efiSupport = false; - device = "/dev/sda"; - }; - # boot.loader.systemd-boot.enable = true; - # boot.loader.efi.canTouchEfiVariables = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - - systemd.network.networks."10-uplink".networkConfig.Address = "${ipv6Prefix}::1/64"; + boot.loader.systemd-boot.enable = false; + boot.loader.grub.efiSupport = true; + boot.loader.grub.efiInstallAsRemovable = false; disko.devices.disk.sda = { device = "/dev/sda"; type = "disk"; content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "boot"; - start = "0"; - end = "1M"; - part-type = "primary"; - flags = ["bios_grub"]; - } - { - name = "root"; - start = "1M"; - end = "100%"; - part-type = "primary"; - bootable = true; + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + type = "EF00"; + size = "1G"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; content = { type = "btrfs"; extraArgs = ["-f"]; # Override existing partition @@ -77,15 +71,16 @@ in { }; "/nix" = { mountOptions = ["noatime"]; + mountpoint = "/nix"; }; }; }; - } - ]; + }; + }; }; }; - system.stateVersion = "23.05"; + system.stateVersion = "23.11"; ### ZeroTier services.zerotierone = { @@ -94,6 +89,7 @@ in { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" + "nomad" ]; sops.secrets.zerotieroneNetworks = { @@ -152,6 +148,7 @@ in { ### BIND and ACME + # FIXME: changes to the bind zone require a manual `systemctl restart bind` system.activationScripts.bind-zones.text = '' mkdir -p /etc/bind/zones chown named:named /etc/bind/zones @@ -186,6 +183,10 @@ in { amsterdam2023.events.${fqdn2domain}. A 10.1.3.187 sj-bm-hostkey0.dev.${fqdn2domain}. A 185.130.224.33 + + turn.${fqdn2domain}. A ${self.nixosConfigurations.turn-infra-holochain-org.config.services.holochain-turn-server.address} + signal.${fqdn2domain}. A ${self.nixosConfigurations.turn-infra-holochain-org.config.services.tx5-signal-server.address} + bootstrap.${fqdn2domain}. A ${self.nixosConfigurations.turn-infra-holochain-org.config.services.kitsune-bootstrap.address} ''; }; @@ -306,6 +307,12 @@ in { # reverse_proxy https://holochain-ci.cachix.org ''; }; + + "acme-turn.${fqdn2domain}:80" = { + extraConfig = '' + reverse_proxy http://turn.${fqdn2domain}:${builtins.toString self.nixosConfigurations.turn-infra-holochain-org.config.services.holochain-turn-server.nginx-http-port} + ''; + }; }; sops.secrets.global-server-nomad-key = { @@ -316,7 +323,7 @@ in { services.nomad = { enable = true; - package = self.packages.${pkgs.system}.nomad; + package = pkgs.nomad_1_6; enableDocker = false; dropPrivileges = false; diff --git a/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/README.md b/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/README.md new file mode 100644 index 00000000..3a6923c5 --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/README.md @@ -0,0 +1,7 @@ +This machine is of type CCX23 + +# Installation + +``` +nix run github:numtide/nixos-anywhere -- --flake .\#nixosConfigurations.turn-infra-holochain-org root@turn.infra.holochain.org +``` diff --git a/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/configuration.nix b/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/configuration.nix new file mode 100644 index 00000000..5c184948 --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/configuration.nix @@ -0,0 +1,148 @@ +{ + config, + inputs, + self, + pkgs, + ... +}: let + + turnIpv4 = "37.27.24.128"; + turnFqdn = "turn.infra.holochain.org"; + + signalIpv4 = "95.217.30.224"; + signalFqdn = "signal.infra.holochain.org"; + + bootstrapIpv4 = "95.216.179.59"; + bootstrapFqdn = "bootstrap.infra.holochain.org"; +in { + imports = [ + inputs.disko.nixosModules.disko + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.mixins-terminfo + inputs.srvos.nixosModules.hardware-hetzner-cloud + + inputs.sops-nix.nixosModules.sops + + self.nixosModules.holo-users + ../../nixos/shared.nix + ../../nixos/shared-nix-settings.nix + + self.nixosModules.holochain-turn-server + self.nixosModules.tx5-signal-server + self.nixosModules.kitsune-bootstrap + ]; + + networking.hostName = "turn-infra-holochain-org"; # Define your hostname. + + hostName = turnIpv4; + + nix.settings.max-jobs = 8; + + nix.settings.substituters = [ + "https://holochain-ci.cachix.org" + ]; + + nix.settings.trusted-public-keys = [ + "holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8=" + ]; + + boot.loader.grub.enable = false; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelPackages = pkgs.linuxPackages; + + # FIXME: is there a better way to do this? + environment.etc."systemd/network/10-cloud-init-eth0.network.d/00-floating-ips.conf".text = '' + [Network] + Address = ${signalIpv4}/32 + Address = ${bootstrapIpv4}/32 + ''; + + disko.devices.disk.sda = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "1G"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = ["-f"]; # Override existing partition + subvolumes = { + # Subvolume name is different from mountpoint + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountOptions = ["noatime"]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + + system.stateVersion = "23.05"; + + services.holochain-turn-server = { + enable = true; + url = turnFqdn; + address = turnIpv4; + username = "test"; + credential = "test"; + verbose = false; + extraCoturnAttrs = { + cli-ip = "127.0.0.1"; + cli-password = "$5$4c2b9a49c5e013ae$14f901c5f36d4c8d5cf0c7383ecb0f26b052134293152bd1191412641a20ddf5"; + }; + }; + + services.tx5-signal-server = { + enable = true; + address = signalIpv4; + port = 8443; + tls-port = 443; + url = signalFqdn; + iceServers = [ + { + urls = [ + "stun:${config.services.holochain-turn-server.url}:80" + ]; + } + { + urls = [ + "turn:${config.services.holochain-turn-server.url}:80" + "turn:${config.services.holochain-turn-server.url}:80?transport=tcp" + "turns:${config.services.holochain-turn-server.url}:443?transport=tcp" + ]; + + inherit + (config.services.holochain-turn-server) + username + credential + ; + } + ]; + }; + + services.kitsune-bootstrap = { + enable = true; + address = bootstrapIpv4; + port = 8444; + tls-port = 443; + url = bootstrapFqdn; + }; +} diff --git a/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/default.nix b/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/default.nix new file mode 100644 index 00000000..b2243723 --- /dev/null +++ b/modules/flake-parts/nixosConfigurations.turn-infra-holochain-org/default.nix @@ -0,0 +1,12 @@ +{ + self, + lib, + inputs, + ... +}: { + flake.nixosConfigurations.turn-infra-holochain-org = inputs.nixpkgs.lib.nixosSystem { + modules = [./configuration.nix]; + system = "x86_64-linux"; + specialArgs = self.specialArgs; + }; +} diff --git a/modules/flake-parts/nixosModules.holo-users.nix b/modules/flake-parts/nixosModules.holo-users.nix index 4490f0a9..c5164208 100644 --- a/modules/flake-parts/nixosModules.holo-users.nix +++ b/modules/flake-parts/nixosModules.holo-users.nix @@ -4,8 +4,13 @@ ... }: { flake.nixosModules.holo-users = { - users.users.root.openssh.authorizedKeys.keyFiles = - lib.attrValues - (lib.filterAttrs (name: _: lib.hasPrefix "keys_" name) inputs); + users.users.root.openssh.authorizedKeys = { + keyFiles = + lib.attrValues + (lib.filterAttrs (name: _: lib.hasPrefix "keys_" name) inputs); + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHujII5RAwfEXNBYxKhWv2Wx/oHeHUTc8CACZ3M5W3p neonphog@gmail.com" + ]; + }; }; } diff --git a/modules/flake-parts/packages.nix b/modules/flake-parts/packages.default.nix similarity index 100% rename from modules/flake-parts/packages.nix rename to modules/flake-parts/packages.default.nix diff --git a/modules/flake-parts/packages.holochain-tx5.nix b/modules/flake-parts/packages.holochain-tx5.nix new file mode 100644 index 00000000..1f04146c --- /dev/null +++ b/modules/flake-parts/packages.holochain-tx5.nix @@ -0,0 +1,49 @@ +{ + # System independent arguments. + lib, + inputs, + ... +}: { + perSystem = { + # Arguments specific to the `perSystem` context. + self', + pkgs, + ... + }: { + # system specific outputs like, apps, checks, packages + + packages = let + system = pkgs.system; + craneLib = inputs.crane.lib.${system}; + cranePkgs = inputs.crane.inputs.nixpkgs.legacyPackages.${system}; + + tx5Args = { + pname = "tx5"; + src = inputs.tx5; + version = inputs.tx5.rev; + cargoExtraArgs = "--examples --bins"; + nativeBuildInputs = [ + cranePkgs.perl + cranePkgs.pkg-config + cranePkgs.go + ]; + + doCheck = false; + }; + tx5Deps = lib.makeOverridable craneLib.buildDepsOnly tx5Args; + in { + tx5 = lib.makeOverridable craneLib.buildPackage (tx5Args // { + cargoArtifacts = tx5Deps; + }); + + tx5-signal-srv = self'.packages.tx5.override { + cargoExtraArgs = "--bin tx5-signal-srv"; + }; + }; + }; + flake = { + # system independent outputs like nixosModules, nixosConfigurations, etc. + + # nixosConfigurations.example-host = ... + }; +} diff --git a/modules/nixos/kitsune-bootstrap.nix b/modules/nixos/kitsune-bootstrap.nix new file mode 100644 index 00000000..9b06429c --- /dev/null +++ b/modules/nixos/kitsune-bootstrap.nix @@ -0,0 +1,92 @@ +{ + self, + config, + lib, + pkgs, + ... +}: let + cfg = config.services.kitsune-bootstrap; +in { + options.services.kitsune-bootstrap = { + enable = lib.mkEnableOption "kitsune-bootstrap"; + + package = lib.mkOption { + default = self.inputs.holochain.packages.${pkgs.system}.holochain; + type = lib.types.package; + }; + + address = lib.mkOption { + description = "address to bind"; + type = lib.types.str; + }; + + tls-port = lib.mkOption { + description = "port to bind for incoming TLS connections"; + type = lib.types.int; + }; + + url = lib.mkOption { + description = "url for incoming TLS connections to the bootstrap server"; + type = lib.types.str; + }; + + port = lib.mkOption { + description = "port to bind"; + type = lib.types.int; + }; + }; + + config = lib.mkIf (cfg.enable) { + systemd.services.kitsune-bootstrap = { + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + environment = { + TMPDIR = "%T"; + }; + + serviceConfig = { + DynamicUser = true; + ExecStart = "${cfg.package}/bin/kitsune-bootstrap -i 127.0.0.1:${builtins.toString cfg.port}"; + Restart = "always"; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."${cfg.url}" = { + serverName = cfg.url; + enableACME = true; + addSSL = true; + + listen = [ + { + addr = "${cfg.address}"; + port = 80; + ssl = false; + } + + { + addr = "${cfg.address}"; + port = cfg.tls-port; + ssl = true; + } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "acme@holo.host"; + }; + + # staging server has higher retry limits. uncomment the following when debugging ACME challenges. + # certs."${cfg.url}".server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + }; + }; +} diff --git a/modules/nixos/shared.nix b/modules/nixos/shared.nix index 6172329e..1f331d23 100644 --- a/modules/nixos/shared.nix +++ b/modules/nixos/shared.nix @@ -16,7 +16,7 @@ # ] ; - nix.package = lib.mkDefault pkgs.nixVersions.nix_2_17; + nix.package = lib.mkDefault pkgs.nixVersions.nix_2_18; nix.settings.extra-platforms = lib.mkIf pkgs.stdenv.isDarwin ["x86_64-darwin" "aarch64-darwin"]; diff --git a/modules/nixos/tx5-signal-server.nix b/modules/nixos/tx5-signal-server.nix new file mode 100644 index 00000000..b098d3fd --- /dev/null +++ b/modules/nixos/tx5-signal-server.nix @@ -0,0 +1,119 @@ +{ + self, + config, + lib, + pkgs, + ... +}: let + cfg = config.services.tx5-signal-server; +in { + options.services.tx5-signal-server = { + enable = lib.mkEnableOption "tx5-signal-server"; + + package = lib.mkOption { + default = self.packages.${pkgs.system}.tx5-signal-srv; + type = lib.types.package; + }; + + address = lib.mkOption { + description = "address to bind"; + type = lib.types.str; + }; + + tls-port = lib.mkOption { + description = "port to bind for incoming TLS connections"; + type = lib.types.int; + }; + + url = lib.mkOption { + description = "url for incoming TLS connections to the signal server"; + type = lib.types.str; + }; + + port = lib.mkOption { + description = "port to bind"; + type = lib.types.int; + }; + + iceServers = lib.mkOption { + description = "webrtc configuration to broadcast"; + type = lib.types.listOf lib.types.attrs; + default = []; + }; + + demo = lib.mkEnableOption "enable demo broadcasting as a stand-in for bootstrapping"; + + configTextFile = lib.mkOption { + default = builtins.toFile "tx5.config.json" (builtins.toJSON { + port = cfg.port; + iceServers.iceServers = cfg.iceServers; + demo = cfg.demo; + }); + }; + }; + + config = lib.mkIf (cfg.enable) { + systemd.services.tx5-signal-server = { + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + environment = { + TMPDIR = "%T"; + CONFIG_PATH = "%T/config.json"; + }; + + serviceConfig = { + DynamicUser = true; + PrivateTmp = true; + ExecStartPre = pkgs.writeShellScript "tx5-start-pre" '' + set -xue + export PATH=${lib.makeBinPath [pkgs.coreutils]} + + cp ${cfg.configTextFile} $CONFIG_PATH + chmod 0400 $CONFIG_PATH + ''; + + ExecStart = "${cfg.package}/bin/tx5-signal-srv --config $CONFIG_PATH"; + Restart = "always"; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."${cfg.url}" = { + serverName = cfg.url; + enableACME = true; + addSSL = true; + + listen = [ + { + addr = "${cfg.address}"; + port = 80; + ssl = false; + } + + { + addr = "${cfg.address}"; + port = 443; + ssl = true; + } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString cfg.port}"; + proxyWebsockets = true; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "acme@holo.host"; + }; + + # staging server has higher retry limits. uncomment the following when debugging ACME challenges. + # certs."${cfg.url}".server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + }; + }; +}