diff --git a/CHANGELOG.md b/CHANGELOG.md index a7cd700..45ee713 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - [#36](https://github.com/tweag/genealogos/pull/36) include nixtract's new narinfo information - [#38](https://github.com/tweag/genealogos/pull/38) display nixtract's status information when running - [#44](https://github.com/tweag/genealogos/pull/44) adds two functions to the `Backend` trait to set options +- [#48](https://github.com/tweag/genealogos/pull/48) added a NixOS module to our flake ### Changed - [#41](https://github.com/tweag/genealogos/pull/41) reworked the Genealogos fronend, paving the way for supporting other bom formats diff --git a/Cargo.lock b/Cargo.lock index aca9de6..4e2fff4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -91,9 +91,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.81" +version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0952808a6c2afd1aa8947271f3a60f1a6763c7b912d210184c5149b5cf147247" +checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519" [[package]] name = "async-stream" @@ -190,9 +190,9 @@ checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "bumpalo" -version = "3.15.4" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ff69b9dd49fd426c69a0db9fc04dd934cdb6645ff000864d98f7e2af8830eaa" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "bytemuck" @@ -208,9 +208,9 @@ checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "cc" -version = "1.0.91" +version = "1.0.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fd97381a8cc6493395a5afc4c691c1084b3768db713b73aa215217aa245d153" +checksum = "2678b2e3449475e95b0aa6f9b506a28e61b3dc8996592b983695e8ebb58a8b41" [[package]] name = "cfg-if" @@ -448,9 +448,9 @@ checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" [[package]] name = "encoding_rs" -version = "0.8.33" +version = "0.8.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7268b386296a025e474d5140678f75d6de9493ae55a5d709eeb9dd08149945e1" +checksum = "b45de904aa0b010bce2ab45264d0631681847fa7b6f2eaa7dab7619943bc4f59" dependencies = [ "cfg-if", ] @@ -502,9 +502,9 @@ checksum = "658bd65b1cf4c852a3cc96f18a8ce7b5640f6b703f905c7d74532294c2a63984" [[package]] name = "figment" -version = "0.10.15" +version = "0.10.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7270677e7067213e04f323b55084586195f18308cd7546cfac9f873344ccceb6" +checksum = "fdefe49ed1057d124dc81a0681c30dd07de56ad96e32adc7b64e8f28eaab31c4" dependencies = [ "atomic 0.6.0", "pear", @@ -706,9 +706,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a06fddc2749e0528d2813f95e050e87e52c8cbbae56223b9babf73b3e53b0cc6" +checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" dependencies = [ "cfg-if", "js-sys", @@ -1097,7 +1097,7 @@ dependencies = [ [[package]] name = "nixtract" version = "0.2.0" -source = "git+https://github.com/tweag/nixtract.git#e9e0a1b47177e4e8550fd056e052ed91c2194c13" +source = "git+https://github.com/tweag/nixtract.git#689ed98961c15217d91120cc0792e3c58796ab55" dependencies = [ "clap", "clap-verbosity-flag", @@ -1390,9 +1390,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -2018,9 +2018,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.34" +version = "0.3.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749" +checksum = "ef89ece63debf11bc32d1ed8d078ac870cbeb44da02afb02a9ff135ae7ca0582" dependencies = [ "deranged", "itoa", @@ -2039,9 +2039,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.17" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774" +checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf" dependencies = [ "num-conv", "time-core", diff --git a/README.md b/README.md index 88666de..47320ed 100644 --- a/README.md +++ b/README.md @@ -142,6 +142,16 @@ Changing this default can be done using the settings button in the top of the we The Web UI currently only supports analyzing from a flake ref and attribute path, analyzing from a trace file is not yet supported. +### NixOS Module +The flake in this project provides a NixOS Module to host Genealogos. +Once the module has been added to your NixOS configuration, Genealogos can be enabled with: + +```nix +services.genealogos.enable = true; +``` + +For further options see `./nix/genealogos-module.nix`. + ## Contributing Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**. diff --git a/flake.nix b/flake.nix index 397cd26..a422a79 100644 --- a/flake.nix +++ b/flake.nix @@ -25,90 +25,31 @@ cyclonedx = pkgs.callPackage ./nix/cyclonedx.nix { }; nixtract-cli = nixtract.defaultPackage.${system}; - # Here we start the crane stuff - common-crane-args = { - pname = "genealogos"; - src = crane-lib.cleanCargoSource (crane-lib.path ./.); - strictDeps = true; - - cargoArtifacts = cargo-artifacts; - - # Genealogos uses the reqwest crate to query for narinfo on the substituters. - # reqwest depends on openssl. - nativeBuildInputs = with pkgs; [ pkg-config ]; - buildInputs = with pkgs; [ openssl ]; - }; - - cargo-artifacts = crane-lib.buildDepsOnly common-crane-args; - - workspace = (common-crane-args // { - cargoBuildCommand = "${pkgs.cargo-hack}/bin/cargo-hack hack build --profile release"; - cargoTestCommand = "${pkgs.cargo-hack}/bin/cargo-hack hack test --profile release"; - }); - - # Crane buildPackage arguments for every crate - crates = { - genealogos = (common-crane-args // { - cargoExtraArgs = "-p genealogos"; - }); - genealogos-cli = (common-crane-args // { - pname = "genealogos-cli"; - cargoExtraArgs = "-p genealogos-cli"; - passthru.exePath = "/bin/genealogos"; - }); - genealogos-api = (common-crane-args // { - pname = "genealogos-api"; - cargoExtraArgs = "-p genealogos-api"; - }); + crane-outputs = import ./nix/crane.nix { + inherit pkgs crane-lib nixtract-cli cyclonedx; }; - rust-packages = - builtins.mapAttrs (_: crane-lib.buildPackage) crates; in rec { - checks = - # Builds - rust-packages - # Clippy - // builtins.mapAttrs - (_: args: crane-lib.cargoClippy (args // { - cargoClippyExtraArgs = "--all-targets -- --deny warnings"; - })) - crates - # Doc - // builtins.mapAttrs (_: crane-lib.cargoDoc) crates - # fmt - // builtins.mapAttrs (_: crane-lib.cargoFmt) crates; - - packages = - rust-packages // { - default = packages.genealogos; - - workspace = crane-lib.buildPackage workspace; - - update-fixture-output-files = pkgs.writeShellApplication { - name = "update-fixture-output-files"; - runtimeInputs = [ (packages.genealogos-cli.overrideAttrs (_: { doCheck = false; })) pkgs.jq ]; - text = builtins.readFile ./scripts/update-fixture-output-files.sh; - }; - update-fixture-input-files = pkgs.writeShellApplication { - name = "update-fixture-input-files"; - runtimeInputs = [ nixtract-cli ]; - text = builtins.readFile ./scripts/update-fixture-input-files.sh; - }; - verify-fixture-files = pkgs.writeShellApplication { - name = "verify-fixture-files"; - runtimeInputs = [ cyclonedx ]; - text = builtins.readFile ./scripts/verify-fixture-files.sh; - }; + inherit (crane-outputs) checks packages; + overlays.default = import ./nix/overlays.nix { + inherit crane-lib; + }; + nixosModules.default = import ./nix/genealogos-module.nix { inherit (crane-outputs.packages) genealogos-api; }; + nixosConfigurations.genealogos-test = nixpkgs.lib.nixosSystem + { + inherit system; + modules = [ + ./nix/configuration.nix + nixosModules.default + ]; }; apps.default = utils.lib.mkApp { - drv = packages.genealogos-cli; + drv = crane-outputs.packages.genealogos-cli; }; - devShells.default = crane-lib.devShell { - inherit checks; + inherit (crane-outputs) checks; packages = with pkgs; [ rust-analyzer diff --git a/nix/configuration.nix b/nix/configuration.nix new file mode 100644 index 0000000..5a77ebf --- /dev/null +++ b/nix/configuration.nix @@ -0,0 +1,26 @@ +{ ... }: + +{ + virtualisation.vmVariant = { + virtualisation = { + memorySize = 2048; # Use 2048MiB memory. + cores = 3; + forwardPorts = [ + { + from = "host"; + guest.port = 8000; + host.port = 8000; + } + ]; + }; + }; + + users.users.alice = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + password = "genealogos"; + }; + + services.genealogos.enable = true; +} + diff --git a/nix/crane.nix b/nix/crane.nix new file mode 100644 index 0000000..e7b8b18 --- /dev/null +++ b/nix/crane.nix @@ -0,0 +1,94 @@ +# This file contains everything related to building our packages with crane. +# It returns a few things; the build packages and the checks +{ pkgs +, crane-lib +, nixtract-cli ? null +, cyclonedx ? null +}: +let + common-crane-args = { + pname = "genealogos"; + src = crane-lib.cleanCargoSource (crane-lib.path ../.); + strictDeps = true; + + cargoArtifacts = cargo-artifacts; + + # Genealogos uses the reqwest crate to query for narinfo on the substituters. + # reqwest depends on openssl. + nativeBuildInputs = with pkgs; [ pkg-config ]; + buildInputs = with pkgs; [ openssl ]; + }; + + cargo-artifacts = crane-lib.buildDepsOnly common-crane-args; + + workspace = (common-crane-args // { + cargoBuildCommand = "${pkgs.cargo-hack}/bin/cargo-hack hack build --profile release"; + cargoTestCommand = "${pkgs.cargo-hack}/bin/cargo-hack hack test --profile release"; + }); + + # Crane buildPackage arguments for every crate + crates = { + genealogos = (common-crane-args // { + cargoExtraArgs = "-p genealogos"; + }); + genealogos-cli = (common-crane-args // { + pname = "genealogos-cli"; + cargoExtraArgs = "-p genealogos-cli"; + passthru.exePath = "/bin/genealogos"; + nativeBuildInputs = common-crane-args.nativeBuildInputs ++ [ pkgs.makeWrapper ]; + preFixup = '' + wrapProgram $out/bin/genealogos \ + --prefix PATH : ${pkgs.lib.makeBinPath [ pkgs.nix ]} + ''; + }); + genealogos-api = (common-crane-args // { + pname = "genealogos-api"; + cargoExtraArgs = "-p genealogos-api"; + nativeBuildInputs = common-crane-args.nativeBuildInputs ++ [ pkgs.makeWrapper ]; + preFixup = '' + wrapProgram $out/bin/genealogos-api \ + --prefix PATH : ${pkgs.lib.makeBinPath [ pkgs.nix ]} + ''; + }); + }; + rust-packages = + builtins.mapAttrs (_: crane-lib.buildPackage) crates; +in +rec { + checks = + # Builds + rust-packages + # Clippy + // builtins.mapAttrs + (_: args: crane-lib.cargoClippy (args // { + cargoClippyExtraArgs = "--all-targets -- --deny warnings"; + })) + crates + # Doc + // builtins.mapAttrs (_: crane-lib.cargoDoc) crates + # fmt + // builtins.mapAttrs (_: crane-lib.cargoFmt) crates; + + packages = + rust-packages // { + default = packages.genealogos; + + workspace = crane-lib.buildPackage workspace; + + update-fixture-output-files = pkgs.writeShellApplication { + name = "update-fixture-output-files"; + runtimeInputs = [ (packages.genealogos-cli.overrideAttrs (_: { doCheck = false; })) pkgs.jq ]; + text = builtins.readFile ../scripts/update-fixture-output-files.sh; + }; + update-fixture-input-files = pkgs.writeShellApplication { + name = "update-fixture-input-files"; + runtimeInputs = [ nixtract-cli ]; + text = builtins.readFile ../scripts/update-fixture-input-files.sh; + }; + verify-fixture-files = pkgs.writeShellApplication { + name = "verify-fixture-files"; + runtimeInputs = [ cyclonedx ]; + text = builtins.readFile ../scripts/verify-fixture-files.sh; + }; + }; +} diff --git a/nix/genealogos-module.nix b/nix/genealogos-module.nix new file mode 100644 index 0000000..39b2a8d --- /dev/null +++ b/nix/genealogos-module.nix @@ -0,0 +1,34 @@ +{ genealogos-api }: +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.genealogos; +in +{ + options = { + services.genealogos = { + enable = mkEnableOption + (mdDoc "Genealogos, a Nix sbom generator"); + + package = mkOption { + type = types.package; + default = genealogos-api; + description = mdDoc '' + The genealogos-api package to use. + ''; + }; + }; + }; + + config = mkIf (cfg.enable) { + systemd.services.genealogos = + { + description = "Genealogos sbom generator"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig.ExecStart = "${cfg.package}/bin/genealogos-api"; + }; + }; +} diff --git a/nix/overlays.nix b/nix/overlays.nix new file mode 100644 index 0000000..9843b7c --- /dev/null +++ b/nix/overlays.nix @@ -0,0 +1,8 @@ +{ crane-lib }: +final: prev: +let + crane-outputs = import ./crane.nix { pkgs = prev; inherit crane-lib; }; +in +{ + genealogos-api = crane-outputs.packages.genealogos-api; +}