diff options
Diffstat (limited to 'default.nix')
-rw-r--r-- | default.nix | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/default.nix b/default.nix new file mode 100644 index 000000000000..866b3fa6bfe9 --- /dev/null +++ b/default.nix @@ -0,0 +1,134 @@ +# This file sets up the top-level package set by traversing the package tree +# (see //nix/readTree for details) and constructing a matching attribute set +# tree. + +{ nixpkgsBisectPath ? null, ... }@args: + +let + inherit (builtins) + attrValues + concatMap + elem + elemAt + filter + ; + + # This definition of fix is identical to <nixpkgs>.lib.fix, but the global + # package set is not available here. + fix = f: let x = f x; in x; + + # readTree argument filter to generally disallow access to //users + # from other depot parts. Exceptions can be added for specific + # (full) paths. + depotArgsFilter = args: parts: + if (elemAt parts 0) == "users" || elem parts [ + # whitby is allowed to access //users for two reasons: + # + # 1. Users host their SSH key sets in //users. + # 2. tazjin's website is currently hosted on whitby because + # camden is in storage. + # + [ "ops" "machines" "whitby" ] + + # Due to evaluation order this also affects these targets. + # TODO(tazjin): Can this one be removed somehow? + [ "ops" "nixos" ] + [ "ops" "machines" "all-systems" ] + ] + then args + else args // { + depot = args.depot // { + users = throw '' + Access to items from the //users folder is not permitted from + other depot paths. Code under //users is not considered stable + or dependable in the wider depot context. + + If a project under //users is required by something else, + please move it to a different depot path. + + At location: //${builtins.concatStringsSep "/" parts} + ''; + }; + }; + + readDepot = depotArgs: import ./nix/readTree {} { + args = depotArgs; + path = ./.; + filter = depotArgsFilter; + scopedArgs = { + __findFile = _: _: throw "Do not import from NIX_PATH in the depot!"; + }; + }; + + # To determine build targets, we walk through the depot tree and + # fetch attributes that were imported by readTree and are buildable. + # + # Any build target that contains `meta.ci = false` will be skipped. + + # Is this tree node eligible for build inclusion? + eligible = node: (node ? outPath) && (node.meta.ci or true); + + # Walk the tree starting with 'node', recursively extending the list + # of build targets with anything that looks buildable. + # + # Any tree node can specify logical targets by exporting a + # 'meta.targets' attribute containing a list of keys in itself. This + # enables target specifications that do not exist on disk directly. + gather = node: + if node ? __readTree then + # Include the node itself if it is eligible. + (if eligible node then [ node ] else []) + # Include eligible children of the node + ++ concatMap gather (attrValues node) + # Include specified sub-targets of the node + ++ filter eligible (map + (k: (node."${k}" or {}) // { + # Keep the same tree location, but explicitly mark this + # node as a subtarget. + __readTree = node.__readTree; + __subtarget = k; + }) + (node.meta.targets or [])) + else []; + +in fix(self: (readDepot { + depot = self; + + # Pass third_party as 'pkgs' (for compatibility with external + # imports for certain subdirectories) + pkgs = self.third_party.nixpkgs; + + # Expose lib attribute to packages. + lib = self.third_party.nixpkgs.lib; + + # Pass arguments passed to the entire depot through, for packages + # that would like to add functionality based on this. + # + # Note that it is intended for exceptional circumstance, such as + # debugging by bisecting nixpkgs. + externalArgs = args; +}) // { + # Make the path to the depot available for things that might need it + # (e.g. NixOS module inclusions) + path = ./.; + + # List of all buildable targets, for CI purposes. + # + # Note: To prevent infinite recursion, this *must* be a nested + # attribute set (which does not have a __readTree attribute). + ci.targets = gather (self // { + # remove the pipelines themselves from the set over which to + # generate pipelines because that also leads to infinite + # recursion. + ops = self.ops // { pipelines = null; }; + + # remove nixpkgs from the set, for obvious reasons. + third_party = self.third_party // { nixpkgs = null; }; + }); + + # Derivation that gcroots all depot targets. + ci.gcroot = self.third_party.nixpkgs.symlinkJoin { + name = "depot-gcroot"; + paths = self.ci.targets; + }; +}) |