{ description = "kyouma.net website"; inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; inputs.flake-utils.url = "github:numtide/flake-utils"; nixConfig = { extra-substituters = [ "https://cache.kyouma.net" ]; extra-trusted-public-keys = [ "cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=" ]; }; outputs = { self, nixpkgs, flake-utils }: { overlays.default = final: prev: rec { vid = final.stdenv.mkDerivation { name = "kyouma-www-vid"; src = ./.; buildInputs = [ final.yt-dlp ]; buildPhase = '' yt-dlp -f 136+251 C4oApBlw7Gc --merge-output-format mp4 -o "media/sunnyday-avc.mp4" yt-dlp -f 398+251 C4oApBlw7Gc --merge-output-format mp4 -o "media/sunnyday-av1.mp4" ''; installPhase = ''cp -r media $out''; outputHashMode = "recursive"; outputHashAlgo = "sha256"; outputHash = "UnX6az6x8vJR2MJ+Fti7BftZaXFdg91++CGSFkF++e4="; }; kyouma-www = final.stdenv.mkDerivation { pname = "kyouma-www"; version = self.shortRev or (toString self.lastModifiedDate); src = ./.; buildPhase = ''''; installPhase = ''cp -r src $out''; }; }; nixosModules.default = { config, options, pkgs, lib, ... }: with lib; let cfg = config.services.vyosBld; bldFlags = (attrsets.mapAttrsToList (flag: opt: "--" + flag + " " + opt) cfg.buildFlags); vyosBuildScript = pkgs.writeShellScript "build-vyos" '' cleanup() { rmdir "$root" } root="$(mktemp -d)" trap cleanup EXIT iso_name="vyos-${cfg.buildFlags.version}-${cfg.buildFlags.architecture}.iso" bld_dir="$root/vyos-build" docker_cmd="${pkgs.docker}/bin/docker run --rm -it --privileged -v $bld_dir:/vyos -w /vyos vyos/vyos-build:current" git clone -b current --single-branch https://github.com/vyos/vyos-build $root $docker_cmd sudo ./build-vyos-image ${cfg.flavor} ${builtins.concatStringsSep " " bldFlags} $docker_cmd sudo chown -R ${builtins.toString config.users.users.vyos-bld.uid}:${builtins.toString config.users.groups.vyos-bld.gid} /vyos cp $bld_dir/build/$iso_name ${cfg.output} mapfile -t old_isos < <(ls ${cfg.output} | head -n -${builtins.toString cfg.keep}) for i in ''${old_isos[@]}; do rm -r ${cfg.output}/''${old_iso[$i]} done ''; in { options.services.vyosBld = { enable = mkEnableOption "VyOS automatic build"; output = mkOption { type = types.str; default = "/nix/var/vyos-build"; description = "Where the iso should be copied"; }; keep = mkOption { type = types.number; default = 5; description = "Amount of versions to keep"; }; buildFreq = mkOption { type = types.str; default = "*-*-* 4:20:00"; description = "How often a new Image should be build. See {manpage}`systemd.timer(5)`"; }; flavor = mkOption { type = types.str; default = "iso"; description = "See VyOS build docs"; }; buildFlags = mkOption { type = types.attrs; default = ""; description = "Build Flags see https://docs.vyos.io/en/latest/contributing/build-vyos.html example: { build-by = 'mail@server.tld' }"; }; }; config = with lib; mkIf cfg.enable { users = { users.vyos-bld = { isSystemUser = true; group = "vyos-bld"; }; groups.vyos-bld = {}; }; virtualisation.docker = { daemon.settings = { ipv6 = true; fixed-cidr-v6 = "fd00::/80"; }; autoPrune = { enable = true; flags = [ "--all" "--filter until=24h" ]; }; rootless = { enable = true; setSocketVariable = true; }; }; networking.firewall.extraCommands = ''ip6tables -t nat -A POSTROUTING -s fd00::/80 ! -o docker0 -j MASQUERADE''; systemd = { services.docker.after = [ "firewall.service" ]; services.vyosBld = { serviceConfig = { User = "vyos-bld"; Group = "vyos-bld"; ExecStart = vyosBuildScript; PrivateTmp = true; ProtectHome = true; }; }; timers.vyosBld = { wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = cfg.buildFreq; }; }; }; }; } ; hydraJobs = { inherit (self) packages; }; } // flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; overlays = [ self.overlays.default ]; }; in rec { packages = { inherit (pkgs) vid kyouma-www; default = packages.kyouma-www; }; }); }