Rust/flake.nix

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    utils.url = "github:numtide/flake-utils";
    naersk = {
      url = "github:nix-community/naersk";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Used for rust compiler
    rust-overlay = {
      url = "github:oxalica/rust-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    # Advisory db from rust-sec
    advisory-db = {
      url = "github:RustSec/advisory-db";
      flake = false;
    };
  };

  description = "Rust Toolchain and Utility Flake";

  outputs = { self, nixpkgs, utils, ... }@inputs:
    with builtins;
    let
      sources = fromJSON (readFile ./sources/sources.json);
      rustPackageNames = attrNames sources ++ [ "cargo-release" "cargo-deny" ];
      # Build the rust packages we'll be using
    in (utils.lib.eachDefaultSystem (system: {
      packages = let
        pkgs = import nixpkgs {
          inherit system;
          overlays = [ (import inputs.rust-overlay) ];
        };
        rust = pkgs.rust-bin.stable.latest.default.override {
          extensions = [ "llvm-tools-preview" ];
        };
        naersk-lib = inputs.naersk.lib."${system}".override {
          rustc = rust;
          cargo = rust;
        };
      in (mapAttrs (name: source:
        naersk-lib.buildPackage {
          pname = source.pname;
          src = pkgs.fetchCrate source;
          buildInputs = with pkgs;
            [ pkg-config openssl ] ++ lib.optionals stdenv.isDarwin [
              darwin.apple_sdk.frameworks.Security
              pkgs.libiconv
              darwin.apple_sdk.frameworks.SystemConfiguration
            ];
        }) sources) //
      # Packages that naersk has trouble building due to https://github.com/nix-community/naersk/issues/263
      {
        cargo-release = pkgs.cargo-release;
        cargo-deny = pkgs.cargo-deny;
      };
    })) //
    # Now provide our builder functions
    {
      # Build a rust flake with a single crate
      single = { src, crateName, sharedDeps ? (system: [ ])
        , sharedNativeDeps ? (system: [ ]), copyBins ? true, copyLibs ? false
        , postInstall ? (pkgs: false), }:
        utils.lib.eachDefaultSystem (system:
          let
            pkgs = import nixpkgs {
              inherit system;
              overlays = [ (import inputs.rust-overlay) ];
            };
            rust = pkgs.rust-bin.stable.latest.default.override {
              extensions = [ "llvm-tools-preview" ];
            };
            naersk-lib = inputs.naersk.lib."${system}".override {
              rustc = rust;
              cargo = rust;
            };
            buildInputs = (sharedDeps pkgs) ++ (with pkgs;
              [ openssl ] ++ lib.optionals stdenv.isDarwin [
                darwin.apple_sdk.frameworks.Security
                pkgs.libiconv
                darwin.apple_sdk.frameworks.SystemConfiguration
              ]);
            nativeBuildInputs = (sharedNativeDeps pkgs)
              ++ (with pkgs; [ pkg-config cmake ]) ++ (with pkgs;
                lib.optionals stdenv.isDarwin [ fixDarwinDylibNames ]);
            devBase = with pkgs;
              [
                # Build tools
                rust-analyzer
                gnuplot
                # git tooling
                gitFull
                pre-commit
                git-lfs
                git-cliff
                # Formatters
                nixfmt
                python311Packages.mdformat
              ] ++ buildInputs ++ nativeBuildInputs
              # Linux specific tools
              ++ (lib.optionals pkgs.stdenv.isLinux [
                # Profiling
                perf-tools
              ]) ++ map (x: self.packages.${system}.${x}) rustPackageNames;
          in rec {
            # Main binary
            packages.${crateName} = naersk-lib.buildPackage {
              pname = "${crateName}";
              inherit buildInputs nativeBuildInputs copyBins copyLibs;
              postInstall = postInstall pkgs;
              root = src;
            };
            # binary + tests
            packages.tests.${crateName} = naersk-lib.buildPackage {
              pname = "${crateName}";
              inherit buildInputs nativeBuildInputs copyBins copyLibs;
              root = src;
              doCheck = true;
            };
            # Docs
            packages.docs.${crateName} = naersk-lib.buildPackage {
              pname = "${crateName}";
              inherit buildInputs nativeBuildInputs copyBins copyLibs;
              root = src;
              dontBuild = true;
              doDoc = true;
              doDocFail = true;
            };

            # Set the default package to the main binary
            defaultPackage = packages.${crateName};

            # CI tasks
            packages.lints = {
              # lint formatting
              format.${crateName} = with import nixpkgs { inherit system; };
                stdenv.mkDerivation {
                  name = "format lint";
                  src = src;
                  inherit buildInputs copyBins copyLibs;
                  nativeBuildInputs = with pkgs;
                    [ rust-bin.stable.latest.default ] ++ nativeBuildInputs;
                  dontConfigure = true;
                  buildPhase = "cargo fmt -- --check";
                  installPhase = "mkdir -p $out; echo 'done'";
                };
              # audit against stored advisory db
              audit.${crateName} = with import nixpkgs { inherit system; };
                stdenv.mkDerivation {
                  name = "audit lint";
                  src = src;
                  inherit buildInputs copyBins copyLibs;
                  nativeBuildInputs = with pkgs;
                    [ rust-bin.stable.latest.default ] ++ nativeBuildInputs;
                  dontConfigure = true;
                  buildPhase = ''
                    export HOME=$TMP
                    mkdir -p ~/.cargo
                    cp -r ${advisory-db} ~/.cargo/advisory-db
                    cargo audit -n
                  '';
                  installPhase = "mkdir -p $out; echo 'done'";
                };
              # Clippy
              clippy.${crateName} = naersk-lib.buildPackage {
                pname = "${crateName}";
                root = src;
                inherit buildInputs nativeBuildInputs copyBins copyLibs;
                cargoTestCommands = (old: [ "cargo $cargo_options clippy" ]);
                doCheck = true;
                dontBuild = true;
              };
            };

            # Development environments
            devShell = pkgs.mkShell {
              inputsFrom = builtins.attrValues packages;
              buildInputs = [ rust ] ++ devBase ++ buildInputs
                ++ nativeBuildInputs;
            };

          });
    };
}