chore: use snowfall lib for nix flake

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
2025-07-21 15:53:55 +02:00 · 2024-02-15 10:57:05 +01:00 · 2024-02-15 10:57:05 +01:00 · a43f83d834
commit a43f83d834
parent 1cd15d46d0
6 changed files with 165 additions and 64 deletions
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@ -49,7 +49,7 @@ jobs:
        run: nix run nixpkgs#nixci
      - name: nix docker image
        run: |
-          nix build .#dockerImage
+          nix build .#container-vault-auth-tee
          docker load -i result
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
--- a/flake.lock
+++ b/flake.lock
@ -16,6 +16,22 @@
        "type": "github"
      }
    },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
@ -52,18 +68,39 @@
        "type": "github"
      }
    },
-    "nix-filter": {
+    "flake-utils-plus_2": {
+      "inputs": {
+        "flake-utils": "flake-utils_2"
+      },
      "locked": {
-        "lastModified": 1705332318,
-        "narHash": "sha256-kcw1yFeJe9N4PjQji9ZeX47jg0p9A0DuU4djKvg1a7I=",
+        "lastModified": 1696331477,
+        "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
+        "owner": "gytis-ivaskevicius",
+        "repo": "flake-utils-plus",
+        "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "gytis-ivaskevicius",
+        "repo": "flake-utils-plus",
+        "type": "github"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
        "owner": "numtide",
-        "repo": "nix-filter",
-        "rev": "3449dc925982ad46246cfc36469baf66e1b64f17",
+        "repo": "flake-utils",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
-        "repo": "nix-filter",
+        "repo": "flake-utils",
        "type": "github"
      }
    },
@ -106,9 +143,9 @@
    },
    "root": {
      "inputs": {
-        "nix-filter": "nix-filter",
        "nixpkgs": "nixpkgs",
-        "nixsgx-flake": "nixsgx-flake"
+        "nixsgx-flake": "nixsgx-flake",
+        "snowfall-lib": "snowfall-lib_2"
      }
    },
    "snowfall-lib": {
@ -134,6 +171,29 @@
        "type": "github"
      }
    },
+    "snowfall-lib_2": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-utils-plus": "flake-utils-plus_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1696432959,
+        "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
+        "owner": "snowfallorg",
+        "repo": "lib",
+        "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "snowfallorg",
+        "repo": "lib",
+        "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
+        "type": "github"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
@ -148,6 +208,21 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -4,71 +4,39 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";

-    nix-filter.url = "github:numtide/nix-filter";
-
    nixsgx-flake = {
      url = "github:matter-labs/nixsgx";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    snowfall-lib = {
+      url = "github:snowfallorg/lib?rev=92803a029b5314d4436a8d9311d8707b71d9f0b6";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

-  outputs = { self, nixpkgs, nixsgx-flake, nix-filter, ... }:
-    let
-      system = "x86_64-linux";
-      filter = nix-filter.lib;
-      pkgs = import nixpkgs { inherit system; overlays = [ nixsgx-flake.overlays.default ]; };
-      bin = pkgs.buildGoModule {
-        buildInputs = with pkgs; [
-          nixsgx.sgx-sdk
-          nixsgx.sgx-dcap
-          nixsgx.sgx-dcap.quote_verify
+  outputs = inputs:
+    inputs.snowfall-lib.mkFlake {
+      inherit inputs;
+      src = ./.;
+
+      package-namespace = "vat";
+
+      overlays = with inputs; [
+        nixsgx-flake.overlays.default
      ];

-        name = "vault-auth-tee";
-        src = filter {
-          root = ./.;
-          include = [
-            ./go.mod
-            ./go.sum
-            "cmd"
-            "test-fixtures"
-            (filter.matchExt "go")
-          ];
+      alias = {
+        packages = {
+          default = "vault-auth-tee";
        };
-
-        vendorHash = "sha256-t59C0yzJzFAXNXYOFbta2g5CYlkfvlukq42cxCwLaGY=";
-      };
-
-      dockerImage = pkgs.dockerTools.buildLayeredImage {
-        name = "vault-auth-tee";
-        tag = "test";
-
-        config.Entrypoint = [ "/bin/sh" ];
-
-        contents = pkgs.buildEnv {
-          name = "image-root";
-
-          paths = with pkgs.dockerTools; [
-            bin
-            pkgs.vault
-            usrBinEnv
-            binSh
-            caCertificates
-            fakeNss
-          ];
-          pathsToLink = [ "/bin" "/etc" ];
+        shells = {
+          default = "vault-auth-tee";
        };
      };
-    in
-    with pkgs; {
-      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
-      packages.x86_64-linux = {
-        inherit bin dockerImage;
-        default = bin;
-      };
-      devShells.x86_64-linux.default = mkShell {
-        inputsFrom = [ bin ];
-        nativeBuildInputs = with pkgs; [ dive go_1_21 ];
+
+      outputs-builder = channels: {
+        formatter = channels.nixpkgs.nixpkgs-fmt;
      };
    };
 }
--- a/packages/container-vault-auth-tee/default.nix
+++ b/packages/container-vault-auth-tee/default.nix
@ -0,0 +1,25 @@
+{ pkgs
+, vat
+, vault
+, ...
+}:
+pkgs.dockerTools.buildLayeredImage {
+  name = "vault-auth-tee";
+  tag = "test";
+
+  config.Entrypoint = [ "/bin/sh" ];
+
+  contents = pkgs.buildEnv {
+    name = "image-root";
+
+    paths = with pkgs.dockerTools; [
+      vat.vault-auth-tee
+      vault
+      usrBinEnv
+      binSh
+      caCertificates
+      fakeNss
+    ];
+    pathsToLink = [ "/bin" "/etc" ];
+  };
+}
--- a/packages/vault-auth-tee/default.nix
+++ b/packages/vault-auth-tee/default.nix
@ -0,0 +1,26 @@
+{ lib
+, pkgs
+, ...
+}:
+
+pkgs.buildGoModule {
+  buildInputs = with pkgs; [
+    nixsgx.sgx-sdk
+    nixsgx.sgx-dcap
+    nixsgx.sgx-dcap.quote_verify
+  ];
+
+  name = "vault-auth-tee";
+  src = with lib.fileset; toSource {
+    root = ./../..;
+    fileset = unions [
+      ../../go.mod
+      ../../go.sum
+      ../../cmd
+      ../../test-fixtures
+      (fileFilter (file: file.hasExt "go") ./../..)
+    ];
+  };
+
+  vendorHash = "sha256-t59C0yzJzFAXNXYOFbta2g5CYlkfvlukq42cxCwLaGY=";
+}
--- a/shells/vault-auth-tee/default.nix
+++ b/shells/vault-auth-tee/default.nix
@ -0,0 +1,7 @@
+{ lib
+, pkgs
+, ...
+}:
+pkgs.mkShell {
+  inputsFrom = [ pkgs.vat.vault-auth-tee ];
+}