feat: use nixsgx nix function to create containers

It refactors the way the SGX containers are built. This removes all `Dockerfile` and gramine manifest files. It also enables a single recipe for azure and non-azure variants. Additionally the `teepot-crate.nix` is now the inherited recipe to build the rust `teepot` crate. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 07:03:56 +02:00 · 2024-06-03 16:46:21 +02:00 · 2024-06-03 16:46:21 +02:00 · d0c5950c0e
commit d0c5950c0e
parent 93e3e73d56
30 changed files with 337 additions and 897 deletions
--- a/flake.nix
+++ b/flake.nix
@ -24,22 +24,29 @@
    };

    crane = {
-      url = "github:ipetkov/crane";
+      url = "github:ipetkov/crane?tag=v0.17.3";
      inputs.nixpkgs.follows = "nixsgx-flake/nixpkgs";
    };
  };

  outputs = inputs:
+    let src = ./.; in
    inputs.snowfall-lib.mkFlake {
      inherit inputs;
-      src = ./.;
+      inherit src;

-      package-namespace = "teepot";
+      snowfall.namespace = "teepot";
+
+      channels-config = {
+        allowUnfree = true;
+      };

      overlays = with inputs; [
        nixsgx-flake.overlays.default
        vault-auth-tee-flake.overlays.default
        rust-overlay.overlays.default
+        # somehow the original `src` is not available anymore
+        (final: prev: { teepotCrate = prev.pkgs.callPackage ./teepot-crate.nix { inherit inputs; inherit src; }; })
      ];

      alias = {
@ -62,7 +69,6 @@
          inherit
            (channels.nixpkgs.teepot) cargoDeny;
        };
-
      };
    };
 }