diff --git a/.gitignore b/.gitignore index 057a1eb..52533a2 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,6 @@ fido2luks.bash fido2luks.elv fido2luks.fish -fido2luks.zsh \ No newline at end of file +fido2luks.zsh +result +result-* diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..71f9fe9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1612192764, + "narHash": "sha256-7EnLtZQWP6511G1ZPA7FmJlqAr3hWsAYb24tvTvJ/ec=", + "owner": "nmattia", + "repo": "naersk", + "rev": "6e149bfd726a8ebefa415f2d713ba6d942435abd", + "type": "github" + }, + "original": { + "owner": "nmattia", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1611910458, + "narHash": "sha256-//j54S14v9lp3YKizS1WZW3WKwLjGTzvwhHfUAaRBPQ=", + "path": "/nix/store/z5g10k571cc5q9yvr0bafzswp0ggawjw-source", + "rev": "6e7f25001fe6874f7ae271891f709bbf50a22c45", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "naersk": "naersk", + "nixpkgs": "nixpkgs", + "utils": "utils" + } + }, + "utils": { + "locked": { + "lastModified": 1610051610, + "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..cc6df56 --- /dev/null +++ b/flake.nix @@ -0,0 +1,61 @@ +{ + description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"; + + inputs = { + utils.url = "github:numtide/flake-utils"; + naersk = { + url = "github:nmattia/naersk"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, utils, naersk }: + let + root = ./.; + pname = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).package.name; + forPkgs = pkgs: + let + naersk-lib = naersk.lib."${pkgs.system}"; + buildInputs = with pkgs; [ cryptsetup ]; + LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib"; + nativeBuildInputs = with pkgs; [ + pkgconfig + clang + ]; + in + rec { + # `nix build` + packages.${pname} = naersk-lib.buildPackage { + inherit pname root buildInputs nativeBuildInputs LIBCLANG_PATH; + }; + defaultPackage = packages.${pname}; + + # `nix run` + apps.${pname} = utils.lib.mkApp { + drv = packages.${pname}; + }; + defaultApp = apps.${pname}; + + # `nix flake check` + checks = { + fmt = with pkgs; runCommandLocal "${pname}-fmt" { buildInputs = [ cargo rustfmt nixpkgs-fmt ]; } '' + cd ${root} + cargo fmt -- --check + nixpkgs-fmt --check *.nix + touch $out + ''; + }; + + # `nix develop` + devShell = pkgs.mkShell { + nativeBuildInputs = with pkgs; [ rustc cargo rustfmt nixpkgs-fmt ] ++ nativeBuildInputs; + inherit buildInputs LIBCLANG_PATH; + }; + }; + forSystem = system: forPkgs nixpkgs.legacyPackages."${system}"; + in + (utils.lib.eachSystem [ "aarch64-linux" "i686-linux" "x86_64-linux" ] forSystem) // { + overlay = final: prev: (forPkgs final).packages; + }; + +}