Add flake.nix for updater

updater/.envrc

@@ -0,0 +1,5 @@
+# reload when these files change
+watch_file flake.nix
+watch_file flake.lock
+# load the flake devShell
+eval "$(nix print-dev-env)"

updater/flake.lock

@@ -0,0 +1,135 @@
+{
+  "nodes": {
+    "advisory-db": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1669556130,
+        "narHash": "sha256-6qRQVSgpw+Tw17TroiUg8nAte9/KVDH+v30MOOd+pQU=",
+        "owner": "RustSec",
+        "repo": "advisory-db",
+        "rev": "a66a3049c98395410a2afadf0382882b0a04d8b1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "RustSec",
+        "repo": "advisory-db",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "naersk": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1662220400,
+        "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
+        "owner": "nix-community",
+        "repo": "naersk",
+        "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "naersk",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1669597967,
+        "narHash": "sha256-R+2NaDkXsYkOpFOhmVR8jBZ77Pq55Z6ilaqwFLLn000=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "be9e3762e719211368d186f547f847737baad720",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "advisory-db": "advisory-db",
+        "flake-compat": "flake-compat",
+        "naersk": "naersk",
+        "nixpkgs": "nixpkgs",
+        "rust-overlay": "rust-overlay",
+        "utils": "utils"
+      }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1669689198,
+        "narHash": "sha256-YsWu3C9IGbH3+xguTzEDyQorFe/igr6FGZ+Q5T2ocxE=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "4e093ce661a63aca4bcbace33695225eae4ef4e4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

updater/flake.nix

@@ -0,0 +1,188 @@
+{
+  description = "updater";
+
+  nixConfig = {
+    extra-substituters = [ "https://nix-cache.mccarty.io/" ];
+    extra-trusted-public-keys =
+      [ "nathan-nix-cache:R5/0GiItBM64sNgoFC/aSWuAopOAsObLcb/mwDf335A=" ];
+  };
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    utils.url = "github:numtide/flake-utils";
+    flake-compat = {
+      url = "github:edolstra/flake-compat";
+      flake = false;
+    };
+    naersk = {
+      url = "github:nix-community/naersk";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    # Used for rust compiler
+    rust-overlay = {
+      url = "github:oxalica/rust-overlay";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    # Advisory db from rust-sec
+    advisory-db = {
+      url = "github:RustSec/advisory-db";
+      flake = false;
+    };
+  };
+
+  outputs =
+    { self, nixpkgs, flake-compat, utils, naersk, rust-overlay, advisory-db }:
+    utils.lib.eachDefaultSystem (system:
+      let
+        crateName = "updater";
+        pkgs = import nixpkgs {
+          inherit system;
+          overlays = [ (import rust-overlay) ];
+
+        };
+        rust = pkgs.rust-bin.stable.latest.default.override {
+          extensions = [ "llvm-tools-preview" ];
+        };
+        naersk-lib = naersk.lib."${system}".override {
+          rustc = rust;
+          cargo = rust;
+        };
+        cargo-llvm-cov = naersk-lib.buildPackage {
+          pname = "cargo-llvm-cov";
+          src = pkgs.fetchzip {
+            url =
+              "https://crates.io/api/v1/crates/cargo-llvm-cov/0.5.0/download";
+            extension = ".tar.gz";
+            sha256 = "sha256-ifnwiOuFnpryYxLgescpxN8CzgFzSZlY+RlbyW7ND6g=";
+          };
+        };
+        cargo-nextest = naersk-lib.buildPackage {
+          pname = "cargo-nextest";
+          src = pkgs.fetchzip {
+            url =
+              "https://crates.io/api/v1/crates/cargo-nextest/0.9.37/download";
+            extension = ".tar.gz";
+            sha256 = "sha256-1tEEZipJ8GqQqESKD9664Pax4evIp+G2tOpZuh6xN3U=";
+          };
+        };
+        devBase = with pkgs; [
+          # Build tools
+          openssl
+          pkg-config
+          rust-analyzer
+          cmake
+          gnuplot
+          # git tooling
+          gitFull
+          pre-commit
+          git-lfs
+          git-cliff
+          # Cargo addons
+          cargo-llvm-cov
+          cargo-nextest
+          cargo-release
+          cargo-udeps
+          cargo-audit
+          # Formatters
+          nixpkgs-fmt
+          python39Packages.mdformat
+          # for ci reasons
+          bash
+          cacert
+          # Sourcehut
+          hut
+        ];
+        sharedDeps = with pkgs;
+          [
+
+          ];
+        sharedNativeDeps = with pkgs;
+          [
+
+          ];
+      in rec {
+        # Main binary
+        packages.${crateName} = naersk-lib.buildPackage {
+          pname = "${crateName}";
+          buildInputs = sharedDeps;
+          nativeBuildInputs = sharedNativeDeps;
+          root = ./.;
+        };
+        # binary + tests
+        packages.tests.${crateName} = naersk-lib.buildPackage {
+          pname = "${crateName}";
+          buildInputs = sharedDeps;
+          nativeBuildInputs = sharedNativeDeps;
+          root = ./.;
+          doCheck = true;
+        };
+
+        packages.docs.${crateName} = naersk-lib.buildPackage {
+          pname = "${crateName}";
+          buildInputs = sharedDeps;
+          nativeBuildInputs = sharedNativeDeps;
+          root = ./.;
+          dontBuild = true;
+          doDoc = true;
+          doDocFail = true;
+        };
+
+        defaultPackage = packages.${crateName};
+
+        # Make some things eaiser to do in CI
+        packages.lints = {
+          # lint formatting
+          format.${crateName} = with import nixpkgs { inherit system; };
+            stdenv.mkDerivation {
+              name = "format lint";
+              src = self;
+              nativeBuildInputs = with pkgs;
+                [ rust-bin.stable.latest.default ] ++ sharedNativeDeps;
+              buildInputs = sharedDeps;
+              buildPhase = "cargo fmt -- --check";
+              installPhase = "mkdir -p $out; echo 'done'";
+            };
+          # audit against stored advisory db
+          audit.${crateName} = with import nixpkgs { inherit system; };
+            stdenv.mkDerivation {
+              name = "format lint";
+              src = self;
+              nativeBuildInputs = with pkgs;
+                [ rust-bin.stable.latest.default cargo-audit ]
+                ++ sharedNativeDeps;
+              buildInputs = sharedDeps;
+              buildPhase = ''
+                export HOME=$TMP
+                mkdir -p ~/.cargo
+                cp -r ${advisory-db} ~/.cargo/advisory-db
+                cargo audit -n
+              '';
+              installPhase = "mkdir -p $out; echo 'done'";
+            };
+          # Clippy
+          clippy.${crateName} = naersk-lib.buildPackage {
+            pname = "${crateName}";
+            root = ./.;
+            buildInputs = sharedDeps;
+            nativeBuildInputs = sharedNativeDeps;
+            cargoTestCommands = (old: [ "cargo $cargo_options clippy" ]);
+            doCheck = true;
+            dontBuild = true;
+          };
+        };
+
+        devShell = pkgs.mkShell {
+          inputsFrom = builtins.attrValues self.packages.${system};
+          buildInputs = [ rust ] ++ devBase ++ sharedDeps ++ sharedNativeDeps;
+        };
+
+        packages.nightlyRustShell = pkgs.mkShell {
+          buildInputs = [
+            (pkgs.rust-bin.selectLatestNightlyWith (toolchain:
+              toolchain.default.override {
+                extensions = [ "rust-src" "clippy" "llvm-tools-preview" ];
+              }))
+          ] ++ devBase ++ sharedDeps ++ sharedNativeDeps;
+        };
+      });
+}