chore: use snowfall lib for nix flake

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 15:53:55 +02:00 · 2024-02-15 10:57:05 +01:00 · 2024-02-15 10:57:05 +01:00 · a43f83d834
commit a43f83d834
parent 1cd15d46d0
6 changed files with 165 additions and 64 deletions
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@ -49,7 +49,7 @@ jobs:
        run: nix run nixpkgs#nixci
      - name: nix docker image
        run: |
-          nix build .#dockerImage
+          nix build .#container-vault-auth-tee
          docker load -i result
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
--- a/flake.lock
+++ b/flake.lock
@ -16,6 +16,22 @@
        "type": "github"
      }
    },
    "flake-compat_2": {
      "flake": false,
      "locked": {
        "lastModified": 1650374568,
        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
@ -52,18 +68,39 @@
        "type": "github"
      }
    },
-    "nix-filter": {
+    "flake-utils-plus_2": {
      "inputs": {
        "flake-utils": "flake-utils_2"
      },
      "locked": {
-        "lastModified": 1705332318,
+        "lastModified": 1696331477,
-        "narHash": "sha256-kcw1yFeJe9N4PjQji9ZeX47jg0p9A0DuU4djKvg1a7I=",
+        "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
        "owner": "gytis-ivaskevicius",
        "repo": "flake-utils-plus",
        "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
        "type": "github"
      },
      "original": {
        "owner": "gytis-ivaskevicius",
        "repo": "flake-utils-plus",
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1694529238,
        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
        "owner": "numtide",
-        "repo": "nix-filter",
+        "repo": "flake-utils",
-        "rev": "3449dc925982ad46246cfc36469baf66e1b64f17",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
-        "repo": "nix-filter",
+        "repo": "flake-utils",
        "type": "github"
      }
    },
@ -106,9 +143,9 @@
    },
    "root": {
      "inputs": {
        "nix-filter": "nix-filter",
        "nixpkgs": "nixpkgs",
-        "nixsgx-flake": "nixsgx-flake"
+        "nixsgx-flake": "nixsgx-flake",
        "snowfall-lib": "snowfall-lib_2"
      }
    },
    "snowfall-lib": {
@ -134,6 +171,29 @@
        "type": "github"
      }
    },
    "snowfall-lib_2": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "flake-utils-plus": "flake-utils-plus_2",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1696432959,
        "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
        "owner": "snowfallorg",
        "repo": "lib",
        "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
        "type": "github"
      },
      "original": {
        "owner": "snowfallorg",
        "repo": "lib",
        "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -148,6 +208,21 @@
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -4,71 +4,39 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
    nix-filter.url = "github:numtide/nix-filter";
    nixsgx-flake = {
      url = "github:matter-labs/nixsgx";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    snowfall-lib = {
      url = "github:snowfallorg/lib?rev=92803a029b5314d4436a8d9311d8707b71d9f0b6";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  outputs = { self, nixpkgs, nixsgx-flake, nix-filter, ... }:
+  outputs = inputs:
-    let
+    inputs.snowfall-lib.mkFlake {
-      system = "x86_64-linux";
+      inherit inputs;
-      filter = nix-filter.lib;
+      src = ./.;
      pkgs = import nixpkgs { inherit system; overlays = [ nixsgx-flake.overlays.default ]; };
      bin = pkgs.buildGoModule {
        buildInputs = with pkgs; [
          nixsgx.sgx-sdk
          nixsgx.sgx-dcap
          nixsgx.sgx-dcap.quote_verify
        ];
-        name = "vault-auth-tee";
+      package-namespace = "vat";
-        src = filter {
+
-          root = ./.;
+      overlays = with inputs; [
-          include = [
+        nixsgx-flake.overlays.default
-            ./go.mod
+      ];
-            ./go.sum
+
-            "cmd"
+      alias = {
-            "test-fixtures"
+        packages = {
-            (filter.matchExt "go")
+          default = "vault-auth-tee";
          ];
        };
-
+        shells = {
-        vendorHash = "sha256-t59C0yzJzFAXNXYOFbta2g5CYlkfvlukq42cxCwLaGY=";
+          default = "vault-auth-tee";
      };
      dockerImage = pkgs.dockerTools.buildLayeredImage {
        name = "vault-auth-tee";
        tag = "test";
        config.Entrypoint = [ "/bin/sh" ];
        contents = pkgs.buildEnv {
          name = "image-root";
          paths = with pkgs.dockerTools; [
            bin
            pkgs.vault
            usrBinEnv
            binSh
            caCertificates
            fakeNss
          ];
          pathsToLink = [ "/bin" "/etc" ];
        };
      };
-    in
+
-    with pkgs; {
+      outputs-builder = channels: {
-      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
+        formatter = channels.nixpkgs.nixpkgs-fmt;
      packages.x86_64-linux = {
        inherit bin dockerImage;
        default = bin;
      };
      devShells.x86_64-linux.default = mkShell {
        inputsFrom = [ bin ];
        nativeBuildInputs = with pkgs; [ dive go_1_21 ];
      };
    };
 }
--- a/packages/container-vault-auth-tee/default.nix
+++ b/packages/container-vault-auth-tee/default.nix
@ -0,0 +1,25 @@
 { pkgs
 , vat
 , vault
 , ...
 }:
 pkgs.dockerTools.buildLayeredImage {
  name = "vault-auth-tee";
  tag = "test";
  config.Entrypoint = [ "/bin/sh" ];
  contents = pkgs.buildEnv {
    name = "image-root";
    paths = with pkgs.dockerTools; [
      vat.vault-auth-tee
      vault
      usrBinEnv
      binSh
      caCertificates
      fakeNss
    ];
    pathsToLink = [ "/bin" "/etc" ];
  };
 }
--- a/packages/vault-auth-tee/default.nix
+++ b/packages/vault-auth-tee/default.nix
@ -0,0 +1,26 @@
 { lib
 , pkgs
 , ...
 }:
 pkgs.buildGoModule {
  buildInputs = with pkgs; [
    nixsgx.sgx-sdk
    nixsgx.sgx-dcap
    nixsgx.sgx-dcap.quote_verify
  ];
  name = "vault-auth-tee";
  src = with lib.fileset; toSource {
    root = ./../..;
    fileset = unions [
      ../../go.mod
      ../../go.sum
      ../../cmd
      ../../test-fixtures
      (fileFilter (file: file.hasExt "go") ./../..)
    ];
  };
  vendorHash = "sha256-t59C0yzJzFAXNXYOFbta2g5CYlkfvlukq42cxCwLaGY=";
 }
--- a/shells/vault-auth-tee/default.nix
+++ b/shells/vault-auth-tee/default.nix
@ -0,0 +1,7 @@
 { lib
 , pkgs
 , ...
 }:
 pkgs.mkShell {
  inputsFrom = [ pkgs.vat.vault-auth-tee ];
 }