seccomp-sandbox/flake.nix

{
  inputs = {
    fenix = {
      url = "github:nix-community/fenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs.url = "nixpkgs/nixos-unstable";
  };
  outputs = { nixpkgs, fenix, ... }:
    let
      systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
      foreachSystem = nixpkgs.lib.genAttrs systems;

      buildTools = pkgs: with pkgs; [
        pkg-config
        # TODO: cargo-lipo
      ];
      developmentTools = pkgs: with pkgs; [
        # bpf-linker
        # cargo-espflash
        cargo-expand
        # cargo-generate
        # cargo-make
        # cargo-mobile2
        # cargo-tauri
        # cargo-watch
        # TODO: cargo-xcode
        # TODO: create-tauri-app
        # cargo-espflash
        # TODO: kopium
        # TODO: ldproxy
        # TODO: paperclip
        # sea-orm-cli
        # perseus-cli
        # trunk
        # wasm-bindgen-cli
      ];
      libraries = pkgs: with pkgs; [
        libseccomp
      ];

      buildRustPlatform = pkgs: with fenix.packages."${pkgs.stdenv.system}"; let toolchain = combine [ complete.toolchain targets."x86_64-unknown-linux-musl".latest.rust-std ]; in pkgs.makeRustPlatform {
        cargo = toolchain;
        rustc = toolchain;
      };

      buildWithPackages = pkgs: pkgsStatic: (buildRustPlatform pkgsStatic).buildRustPackage rec {
        pname = "x2t-sandbox";
        version = "1.0.0";

        nativeBuildInputs = buildTools pkgs;
        buildInputs = libraries pkgsStatic;

        src = ./.;

        cargoLock = {
          lockFile = ./Cargo.lock;
        };

        meta = with nixpkgs.lib; {
          description = "seccomp sandbox with rules defined at build stage";
          homepage = "https://gitea.jianguoyun.net.cn/guochao/x2t-sandbox";
          license = licenses.unlicense;
          maintainers = [ ];
        };
      };
    in
    rec {
      packages = foreachSystem (system:
        let
          pkgs = import nixpkgs { inherit system; };
        in
        rec {
          x2t-sandbox-musl = buildWithPackages pkgs pkgs.pkgsStatic;
          x2t-sandbox-glibc = buildWithPackages pkgs pkgs;

          default = x2t-sandbox-musl;
        });
      devShells = foreachSystem
        (system:
          let
            pkgs = import nixpkgs { inherit system; };
          in
          with pkgs; rec {
            default = packages."${system}".default.overrideAttrs (prevAttrs: {
              nativeBuildInputs = prevAttrs.nativeBuildInputs ++ (with fenix.packages."${system}".combine; with fenix.packages."${system}"; with pkgs; [
                complete.rust-analyzer
                complete.rust-src
              ]) ++ (developmentTools pkgs);
            });
          });
    };
}
first commit 2023-11-01 16:17:51 +08:00			`{`
			`inputs = {`
			`fenix = {`
			`url = "github:nix-community/fenix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
			`nixpkgs.url = "nixpkgs/nixos-unstable";`
			`};`
			`outputs = { nixpkgs, fenix, ... }:`
			`let`
			`systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];`
			`foreachSystem = nixpkgs.lib.genAttrs systems;`

			`buildTools = pkgs: with pkgs; [`
			`pkg-config`
			`# TODO: cargo-lipo`
			`];`
			`developmentTools = pkgs: with pkgs; [`
			`# bpf-linker`
			`# cargo-espflash`
			`cargo-expand`
			`# cargo-generate`
			`# cargo-make`
			`# cargo-mobile2`
			`# cargo-tauri`
			`# cargo-watch`
			`# TODO: cargo-xcode`
			`# TODO: create-tauri-app`
			`# cargo-espflash`
			`# TODO: kopium`
			`# TODO: ldproxy`
			`# TODO: paperclip`
			`# sea-orm-cli`
			`# perseus-cli`
			`# trunk`
			`# wasm-bindgen-cli`
			`];`
rename project in flake.nix 2023-11-01 22:55:39 +08:00			`libraries = pkgs: with pkgs; [`
first commit 2023-11-01 16:17:51 +08:00			`libseccomp`
			`];`

			`buildRustPlatform = pkgs: with fenix.packages."${pkgs.stdenv.system}"; let toolchain = combine [ complete.toolchain targets."x86_64-unknown-linux-musl".latest.rust-std ]; in pkgs.makeRustPlatform {`
			`cargo = toolchain;`
			`rustc = toolchain;`
			`};`

			`buildWithPackages = pkgs: pkgsStatic: (buildRustPlatform pkgsStatic).buildRustPackage rec {`
fix seccomp and add tracing-mode project feature 2023-11-01 21:53:20 +08:00			`pname = "x2t-sandbox";`
first commit 2023-11-01 16:17:51 +08:00			`version = "1.0.0";`

			`nativeBuildInputs = buildTools pkgs;`
			`buildInputs = libraries pkgsStatic;`

			`src = ./.;`

			`cargoLock = {`
			`lockFile = ./Cargo.lock;`
			`};`

			`meta = with nixpkgs.lib; {`
rename project in flake.nix 2023-11-01 22:55:39 +08:00			`description = "seccomp sandbox with rules defined at build stage";`
			`homepage = "https://gitea.jianguoyun.net.cn/guochao/x2t-sandbox";`
first commit 2023-11-01 16:17:51 +08:00			`license = licenses.unlicense;`
			`maintainers = [ ];`
			`};`
rename project in flake.nix 2023-11-01 22:55:39 +08:00			`};`
first commit 2023-11-01 16:17:51 +08:00			`in`
			`rec {`
			`packages = foreachSystem (system:`
			`let`
			`pkgs = import nixpkgs { inherit system; };`
			`in`
			`rec {`
fix seccomp and add tracing-mode project feature 2023-11-01 21:53:20 +08:00			`x2t-sandbox-musl = buildWithPackages pkgs pkgs.pkgsStatic;`
			`x2t-sandbox-glibc = buildWithPackages pkgs pkgs;`
first commit 2023-11-01 16:17:51 +08:00
fix seccomp and add tracing-mode project feature 2023-11-01 21:53:20 +08:00			`default = x2t-sandbox-musl;`
first commit 2023-11-01 16:17:51 +08:00			`});`
			`devShells = foreachSystem`
			`(system:`
			`let`
			`pkgs = import nixpkgs { inherit system; };`
			`in`
			`with pkgs; rec {`
			`default = packages."${system}".default.overrideAttrs (prevAttrs: {`
rename project in flake.nix 2023-11-01 22:55:39 +08:00			`nativeBuildInputs = prevAttrs.nativeBuildInputs ++ (with fenix.packages."${system}".combine; with fenix.packages."${system}"; with pkgs; [`
first commit 2023-11-01 16:17:51 +08:00			`complete.rust-analyzer`
rename project in flake.nix 2023-11-01 22:55:39 +08:00			`complete.rust-src`
first commit 2023-11-01 16:17:51 +08:00			`]) ++ (developmentTools pkgs);`
			`});`
			`});`
			`};`
			`}`