# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, system, ... }@ch: let nixpkgsConfig = { allowUnfree = true; checkMeta = false; permittedInsecurePackages = [ "nodejs-16.20.2" # for openvscode-server "envoy-1.27.3" "envoy-1.27.3-deps.tar.gz" # for authentik? "python3.10-requests-2.29.0" "python3.10-cryptography-40.0.2" "python3.11-requests-2.29.0" "python3.11-cryptography-40.0.2" ]; packageOverrides = pkgs: rec { factorio = pkgs.factorio.override depot.ops.secrets.factorio; factorio-experimental = pkgs.factorio-experimental.override depot.ops.secrets.factorio; ntfy = (pkgs.ntfy.override { withXmpp = false; withSlack = false; python39 = pkgs.python3; }).overridePythonAttrs (oldAttrs: { doCheck = false; checkPhase = ""; patches = oldAttrs.patches ++ [ ./ntfy-0001-Swap-from-inspect.getargspec-to-inspect.signature-fo.patch ./ntfy-0003-Swap-description-file-for-description_file-to-make-s.patch ]; }); delve = pkgs.delve.overrideAttrs (oldAttrs: { meta = oldAttrs.meta // { platforms = oldAttrs.meta.platforms ++ [ "aarch64-linux" ]; }; }); sofia_sip = pkgs.sofia_sip.overrideAttrs (oldAttrs: { src = pkgs.fetchFromGitHub { owner = "lukegb"; repo = "sofia-sip"; rev = "2e1e3117f4ab1b7dff7e2a70b238ba2ff7a90d11"; # tls-sni branch sha256 = "0llayw2a5nir0zx3hx4wf3kvyjfb5gksxv6wagwfbc0cca5qp1nc"; }; }); freeswitch = pkgs.freeswitch.overrideAttrs (oldAttrs: { src = pkgs.fetchFromGitHub { owner = "lukegb"; repo = "freeswitch"; rev = "4f5a64c7912364ccb1059c64463daf06aaf49745"; # rtp-avpf-moz-variable sha256 = "1jdyk6d80jmsg6qn7hw58088yydn78g3kn3lmgg8argihb69pf2i"; }; }); }; }; nixpkgs = import ./nixpkgs { inherit system; config = nixpkgsConfig; }; crate2nixSrc = nixpkgs.fetchFromGitHub { owner = "kolloch"; repo = "crate2nix"; rev = "e07af104b8e41d1cd7e41dc7ac3fdcdf4953efae"; hash = "sha256:07syygn1rc5n1big7hf42pzgm5wc1r0mzglzvlbcb7rkzgqqhbqx"; }; naerskSrc = nixpkgs.fetchFromGitHub { owner = "nmattia"; repo = "naersk"; rev = "e0fe990b478a66178a58c69cf53daec0478ca6f9"; sha256 = "sha256:0qjyfmw5v7s6ynjns4a61vlyj9cghj7vbpgrp9147ngb1f8krz2c"; }; poetry2nixSrcRaw = nixpkgs.fetchFromGitHub { owner = "nix-community"; repo = "poetry2nix"; rev = "3c92540611f42d3fb2d0d084a6c694cd6544b609"; hash = "sha256:1jfrangw0xb5b8sdkimc550p3m98zhpb1fayahnr7crg74as4qyq"; }; poetry2nixSrc = nixpkgs.runCommand "poetry2nix-patched" { patches = [ ./poetry2nix-cryptography-42.0.4.patch ]; src = poetry2nixSrcRaw; } '' cp -R $src $out chmod -R +w $out cd $out for p in $patches; do patch -p1 < "$p" done ''; tvlDepot = import ./tvl { nixpkgsBisectPath = ./nixpkgs; inherit nixpkgsConfig; nixpkgsSystem = system; }; in rec { inherit nixpkgsConfig nixpkgs; nixos = import ./nixpkgs/nixos; nixeval = import ./nixpkgs/nixos/lib/eval-config.nix; buildGo = let orig = import ./tvl/nix/buildGo { pkgs = nixpkgs; inherit gopkgs; }; in orig // { program = { dockerData ? [], ... }@args: let origOut = orig.program (nixpkgs.lib.filterAttrs (n: v: n != "dockerData") args); in origOut // { dockerImage = nixpkgs.dockerTools.buildImage { name = args.name; copyToRoot = nixpkgs.buildEnv { name = "${args.name}-env"; paths = dockerData; }; config = { Entrypoint = [ "${origOut}/bin/${args.name}" ]; Env = [ "SSL_CERT_FILE=${nixpkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; }; }; }; }; readTree = import ./tvl/nix/readTree {}; gopkgs = readTree { args = ch; path = ./gopkgs; }; bat_syntaxes = tvlDepot.third_party.bat_syntaxes; cheddar = tvlDepot.tools.cheddar; buildGo2 = tvlDepot.nix.buildGo2; naersk = nixpkgs.callPackage naerskSrc {}; crate2nix = import "${crate2nixSrc}" { pkgs = ch.depot.pkgs; }; poetry2nix = import "${poetry2nixSrc}" { pkgs = ch.depot.pkgs; }; lanzaboote = import ./lanzaboote.nix { pkgs = nixpkgs; }; }