isle/default.nix

{

  pkgs ? (import ./nix/pkgs.nix).stable,
  bootstrap ? null,

}: rec {

  rootedBootstrap = pkgs.stdenv.mkDerivation {
    name = "cryptic-net-rooted-bootstrap";

    src = bootstrap;

    builder = builtins.toFile "builder.sh" ''
      source $stdenv/setup
      mkdir -p "$out"/share
      cp "$src" "$out"/share/bootstrap.tgz
    '';
  };

  version = pkgs.stdenv.mkDerivation {
    name = "cryptic-net-version";

    buildInputs = [ pkgs.git pkgs.go ];
    src = ./.;
    inherit bootstrap;

    builder = builtins.toFile "builder.sh" ''
      source $stdenv/setup

      versionFile=version

      if [ "$bootstrap" != "" ]; then
        hostName=$(tar -xzf "$bootstrap" --to-stdout ./hostname)
        echo "Built for host:  $hostName" >> "$versionFile"
      fi

      echo "Build date:      $(date)" >> "$versionFile"
      echo "Git status:      $(cd "$src" && git describe --always --long --dirty=' (dirty)')" >> "$versionFile"
      echo "Go version:      $(go version)" >> "$versionFile"
      echo "Build host info: $(uname -srvm)" >> "$versionFile"

      mkdir -p "$out"/share
      cp "$versionFile" "$out"/share
    '';
  };

  goWorkspace = pkgs.callPackage ./go-workspace {};

  dnsmasq = (pkgs.callPackage ./dnsmasq {
    glibcStatic = pkgs.glibc.static;
  }).env;

  garage = (pkgs.callPackage ./garage {}).env;

  waitFor = pkgs.callPackage ./nix/wait-for.nix {};

  appDir = pkgs.buildEnv {
    name = "cryptic-net-AppDir";
    paths = [

      pkgs.pkgsStatic.bash
      pkgs.pkgsStatic.coreutils
      pkgs.pkgsStatic.unixtools.ping
      pkgs.pkgsStatic.netcat # required by waitFor
      pkgs.pkgsStatic.gnutar
      pkgs.pkgsStatic.gzip

      # custom packages from ./pkgs.nix
      pkgs.yq-go
      pkgs.nebula

      ./AppDir
      version
      dnsmasq
      garage
      waitFor
      goWorkspace.crypticNetMain

    ] ++ (if bootstrap != null then [ rootedBootstrap ] else []);
  };

  appimagetool = pkgs.callPackage ./nix/appimagetool.nix {};

  appImage = pkgs.stdenv.mkDerivation {
    name = "cryptic-net-AppImage";
    src = appDir;

    buildInputs = [ appimagetool ];

    ARCH = "x86_64";

    builder = builtins.toFile "build.sh" ''
      source $stdenv/setup
      cp -rL "$src" cryptic-net
      chmod +w cryptic-net -R
      mkdir $out
      appimagetool cryptic-net "$out/cryptic-net"
    '';
  };

  service = pkgs.writeText "cryptic-service" ''
    [Unit]
    Description=cryptic nebula
    Requires=network.target
    After=network.target

    [Service]
    Restart=always
    RestartSec=1s
    User=root
    ExecStart=${appImage}/cryptic-net

    [Install]
    WantedBy=multi-user.target
  '';
}
First public commit There has been over 1 year of commit history leading up to this point, but almost all of that has had some kind network configuration or secrets built into the code. As of today all of that has been removed, and the codebase can finally be published! I am keeping a private copy of the previous commit history, though it's unclear if it will ever be able to be published. 2021-04-20 21:31:37 +00:00			`{`

			`pkgs ? (import ./nix/pkgs.nix).stable,`
			`bootstrap ? null,`

			`}: rec {`

			`rootedBootstrap = pkgs.stdenv.mkDerivation {`
			`name = "cryptic-net-rooted-bootstrap";`

			`src = bootstrap;`

			`builder = builtins.toFile "builder.sh" ''`
			`source $stdenv/setup`
			`mkdir -p "$out"/share`
			`cp "$src" "$out"/share/bootstrap.tgz`
			`'';`
			`};`

			`version = pkgs.stdenv.mkDerivation {`
			`name = "cryptic-net-version";`

			`buildInputs = [ pkgs.git pkgs.go ];`
			`src = ./.;`
			`inherit bootstrap;`

			`builder = builtins.toFile "builder.sh" ''`
			`source $stdenv/setup`

			`versionFile=version`

			`if [ "$bootstrap" != "" ]; then`
			`hostName=$(tar -xzf "$bootstrap" --to-stdout ./hostname)`
			`echo "Built for host: $hostName" >> "$versionFile"`
			`fi`

			`echo "Build date: $(date)" >> "$versionFile"`
			`echo "Git status: $(cd "$src" && git describe --always --long --dirty=' (dirty)')" >> "$versionFile"`
			`echo "Go version: $(go version)" >> "$versionFile"`
			`echo "Build host info: $(uname -srvm)" >> "$versionFile"`

			`mkdir -p "$out"/share`
			`cp "$versionFile" "$out"/share`
			`'';`
			`};`

			`goWorkspace = pkgs.callPackage ./go-workspace {};`

			`dnsmasq = (pkgs.callPackage ./dnsmasq {`
			`glibcStatic = pkgs.glibc.static;`
			`}).env;`

			`garage = (pkgs.callPackage ./garage {}).env;`

			`waitFor = pkgs.callPackage ./nix/wait-for.nix {};`

			`appDir = pkgs.buildEnv {`
			`name = "cryptic-net-AppDir";`
			`paths = [`

			`pkgs.pkgsStatic.bash`
			`pkgs.pkgsStatic.coreutils`
			`pkgs.pkgsStatic.unixtools.ping`
			`pkgs.pkgsStatic.netcat # required by waitFor`
			`pkgs.pkgsStatic.gnutar`
			`pkgs.pkgsStatic.gzip`

			`# custom packages from ./pkgs.nix`
			`pkgs.yq-go`
			`pkgs.nebula`

			`./AppDir`
			`version`
			`dnsmasq`
			`garage`
			`waitFor`
			`goWorkspace.crypticNetMain`

			`] ++ (if bootstrap != null then [ rootedBootstrap ] else []);`
			`};`

			`appimagetool = pkgs.callPackage ./nix/appimagetool.nix {};`

			`appImage = pkgs.stdenv.mkDerivation {`
			`name = "cryptic-net-AppImage";`
			`src = appDir;`

			`buildInputs = [ appimagetool ];`

			`ARCH = "x86_64";`

			`builder = builtins.toFile "build.sh" ''`
			`source $stdenv/setup`
			`cp -rL "$src" cryptic-net`
			`chmod +w cryptic-net -R`
			`mkdir $out`
			`appimagetool cryptic-net "$out/cryptic-net"`
			`'';`
			`};`

			`service = pkgs.writeText "cryptic-service" ''`
			`[Unit]`
			`Description=cryptic nebula`
			`Requires=network.target`
			`After=network.target`

			`[Service]`
			`Restart=always`
			`RestartSec=1s`
			`User=root`
			`ExecStart=${appImage}/cryptic-net`

			`[Install]`
			`WantedBy=multi-user.target`
			`'';`
			`}`