Skip to content

Commit b83b1ae

Browse files
LordGrimmauldLordGrimmauld
authored
Merge pull request #9 from Gerg-L/main
refactor: remove flake-utils, various other nit picks
2 parents 8b2946a + 39a7688 commit b83b1ae

File tree

2 files changed

+94
-145
lines changed

2 files changed

+94
-145
lines changed

flake.lock

Lines changed: 6 additions & 61 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

flake.nix

Lines changed: 88 additions & 84 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,6 @@
33

44
inputs = {
55
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small";
6-
flake-utils.url = "github:numtide/flake-utils";
7-
rust-overlay = {
8-
url = "github:oxalica/rust-overlay";
9-
inputs.nixpkgs.follows = "nixpkgs";
10-
};
116
nix-github-actions = {
127
url = "github:nix-community/nix-github-actions";
138
inputs.nixpkgs.follows = "nixpkgs";
@@ -22,22 +17,40 @@
2217
{
2318
self,
2419
nixpkgs,
25-
flake-utils,
26-
rust-overlay,
2720
nix-github-actions,
2821
treefmt-nix,
2922
...
3023
}:
3124
let
32-
cargo-toml = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).package;
25+
inherit (nixpkgs) lib;
26+
cargo-toml = (lib.importTOML ./Cargo.toml).package;
3327
inherit (cargo-toml) name;
34-
35-
build-pkg =
36-
pkgs:
37-
let
38-
inherit (pkgs) lib;
39-
in
40-
pkgs.rustPlatform.buildRustPackage {
28+
forEachSystem =
29+
f:
30+
builtins.listToAttrs (
31+
map
32+
(system: {
33+
name = system;
34+
value = f {
35+
inherit system;
36+
pkgs = nixpkgs.legacyPackages.${system};
37+
};
38+
})
39+
[
40+
"x86_64-linux"
41+
"x86_64-darwin"
42+
"aarch64-linux"
43+
"aarch64-darwin"
44+
]
45+
);
46+
47+
package =
48+
{
49+
lib,
50+
rustPlatform,
51+
...
52+
}:
53+
rustPlatform.buildRustPackage {
4154
inherit name;
4255
inherit (cargo-toml) version;
4356
src = lib.cleanSource ./.;
@@ -55,66 +68,70 @@
5568
};
5669
};
5770

58-
outputs = flake-utils.lib.eachDefaultSystem (
59-
system:
60-
let
61-
overlays = [ (import rust-overlay) ];
62-
pkgs = import nixpkgs {
63-
inherit system overlays;
64-
};
65-
rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
66-
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
67-
in
71+
treefmtEval = (lib.flip treefmt-nix.lib.evalModule) ./treefmt.nix;
72+
in
73+
{
74+
packages = forEachSystem (
75+
{ pkgs, system }:
6876
{
69-
packages.${name} = build-pkg pkgs;
70-
packages.default = self.packages.${system}.${name};
77+
${name} = pkgs.callPackage package { };
78+
default = self.packages.${system}.${name};
79+
}
80+
);
7181

72-
devShells.default = pkgs.mkShell {
73-
buildInputs = [
74-
rustToolchain
82+
devShells = forEachSystem (
83+
{ pkgs, system }:
84+
{
85+
default = pkgs.mkShell {
86+
inputsFrom = [ self.packages.${system}.default ];
87+
packages = [
88+
pkgs.clippy
7589
pkgs.rust-analyzer
90+
pkgs.rustfmt
7691
];
7792
};
93+
}
94+
);
7895

79-
formatter = treefmtEval.config.build.wrapper;
80-
81-
checks = {
82-
formatting = treefmtEval.config.build.check self;
83-
vm = pkgs.testers.runNixOSTest {
84-
name = "run0-sudo-shim-vm-test";
85-
nodes.machine = {
86-
imports = [ self.nixosModules.default ];
87-
security.polkit.persistentAuthentication = true;
88-
security.run0-sudo-shim.enable = true;
89-
90-
users.users = {
91-
admin = {
92-
isNormalUser = true;
93-
extraGroups = [ "wheel" ];
94-
};
95-
noadmin = {
96-
isNormalUser = true;
97-
};
96+
formatter = forEachSystem ({ pkgs, ... }: (treefmtEval pkgs).config.build.wrapper);
97+
98+
checks = forEachSystem (
99+
{ pkgs, system }:
100+
{
101+
formatting = (treefmtEval pkgs).config.build.check self;
102+
vm = pkgs.testers.runNixOSTest {
103+
name = "run0-sudo-shim-vm-test";
104+
nodes.machine = {
105+
imports = [ self.nixosModules.default ];
106+
services.dbus.implementation = "broker";
107+
security = {
108+
polkit.persistentAuthentication = true;
109+
run0-sudo-shim.enable = true;
110+
};
111+
112+
users.users = {
113+
admin = {
114+
isNormalUser = true;
115+
extraGroups = [ "wheel" ];
116+
};
117+
noadmin = {
118+
isNormalUser = true;
98119
};
99120
};
100-
testScript = ''
101-
# machine.succeed('su - admin -c "sudo -v"') # can't yet give password, needs hacks to never ask for password in the test or enter the password
102-
machine.fail('su - noadmin -c "sudo -v"')
103-
'';
104121
};
105-
}
106-
// self.packages.${system};
122+
testScript = ''
123+
# machine.succeed('su - admin -c "sudo -v"') # can't yet give password, needs hacks to never ask for password in the test or enter the password
124+
machine.fail('su - noadmin -c "sudo -v"')
125+
'';
126+
};
107127
}
128+
// self.packages.${system}
108129
);
109-
in
110-
outputs
111-
// {
112-
113130
githubActions = nix-github-actions.lib.mkGithubMatrix {
114-
checks = nixpkgs.lib.getAttrs [ "x86_64-linux" ] outputs.checks;
131+
checks = { inherit (self.checks) x86_64-linux; };
115132
};
116133

117-
overlays.default = final: prev: { ${name} = build-pkg prev; };
134+
overlays.default = final: _: { ${name} = final.callPackage package { }; };
118135

119136
nixosModules.default =
120137
{
@@ -128,12 +145,12 @@
128145
in
129146
{
130147
options.security = {
131-
polkit.persistentAuthentication = lib.mkEnableOption "patch polkit to allow persistent authentication and add rules";
148+
polkit.persistentAuthentication = lib.mkEnableOption "patching polkit to allow persistent authentication and adding rules";
132149
run0-sudo-shim = {
133-
enable = lib.mkEnableOption "enable run0-sudo-shim instead of sudo";
150+
enable = lib.mkEnableOption "run0-sudo-shim instead of sudo";
134151
package = lib.mkPackageOption pkgs "run0-sudo-shim" { } // {
135152
# should be removed when upstreaming to nixpkgs
136-
default = pkgs.run0-sudo-shim or build-pkg pkgs;
153+
default = pkgs.run0-sudo-shim or self.packages.${pkgs.stdenv.system}.default;
137154
};
138155
};
139156
};
@@ -143,23 +160,15 @@
143160
environment.systemPackages = [ cfg.package ];
144161
security.sudo.enable = false;
145162
security.polkit.enable = true;
146-
147-
# https://github.com/NixOS/nixpkgs/pull/419588
148-
security.pam.services.systemd-run0 = {
149-
setLoginUid = true;
150-
pamMount = false;
151-
};
152163
})
153164
(lib.mkIf config.security.polkit.persistentAuthentication {
154165
assertions =
155166
let
156-
mkMessage = (
157-
package: minVer: ''
158-
To provide persistent authentication, Polkit requires `pidfd` support when fetching process details from D-Bus, which is only available in `${package}` version ${minVer} or later.
167+
mkMessage = package: minVer: ''
168+
To provide persistent authentication, Polkit requires `pidfd` support when fetching process details from D-Bus, which is only available in `${package}` version ${minVer} or later.
159169
160-
Please update the package or switch `services.dbus.implementation` in the configuration.
161-
''
162-
);
170+
Please update the package or switch `services.dbus.implementation` in the configuration.
171+
'';
163172
in
164173
[
165174
(lib.mkIf (config.services.dbus.implementation == "dbus") {
@@ -174,14 +183,9 @@
174183

175184
security.polkit.extraConfig = ''
176185
polkit.addRule(function(action, subject) {
177-
if (action.id == "org.freedesktop.policykit.exec") {
178-
return polkit.Result.AUTH_ADMIN_KEEP;
179-
}
180-
});
181-
182-
polkit.addRule(function(action, subject) {
183-
if (action.id.indexOf("org.freedesktop.systemd1.") == 0) {
184-
return polkit.Result.AUTH_ADMIN_KEEP;
186+
if (action.id == "org.freedesktop.policykit.exec" ||
187+
action.id.indexOf("org.freedesktop.systemd1.") {
188+
return polkit.Result.AUTH_ADMIN_KEEP;
185189
}
186190
});
187191
'';

0 commit comments

Comments
 (0)