-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathflake.nix
More file actions
68 lines (61 loc) · 1.98 KB
/
flake.nix
File metadata and controls
68 lines (61 loc) · 1.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
{
description = "Kilo Code Backend development environment";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
};
outputs =
{ self, nixpkgs, ... }:
let
systems = [
"aarch64-darwin"
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
mkDevShell =
system:
let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
in
pkgs.mkShell {
name = "kilo-code-backend";
packages = with pkgs; [
git
git-lfs
nodejs_22
corepack_22
dotenvx
_1password-cli
postgresql_18
wrangler
nodePackages.vercel
flyctl
cloudflared
];
env = {
# Node.js TLS: extra CA certificates for the wrangler Node.js process.
# Use the Nix-managed CA bundle so this works on both Linux and macOS.
NODE_EXTRA_CA_CERTS = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
};
shellHook = ''
# workerd's BoringSSL calls SSL_CTX_set_default_verify_paths(), which reads
# SSL_CERT_FILE and falls back to the compiled-in /etc/ssl/cert.pem.
# NixOS doesn't create /etc/ssl/cert.pem, so force-export SSL_CERT_FILE here.
# We use shellHook (not env) because nixpkgs stdenv also sets SSL_CERT_FILE
# internally, which silently wins over the env attribute.
# Guard to Linux only: macOS ships its own trust store and the hard-coded
# /etc/ssl/certs/ca-certificates.crt path does not exist there.
${pkgs.lib.optionalString pkgs.stdenv.isLinux ''
export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
''}
'';
};
in
{
devShells = forAllSystems (system: {
default = mkDevShell system;
});
};
}