From a8364e89e318d1a7e2b0bb1bb8368eac7cbb5ba6 Mon Sep 17 00:00:00 2001 From: TEC Date: Wed, 10 Jan 2024 02:09:49 +0800 Subject: [PATCH] Switch to alternative custom caddy Method Might as well use the to-be-upstreamed alternative build: https://github.com/NixOS/nixpkgs/pull/259275 As a bonus, this doesn't require the sandbox any more. --- README.org | 6 +-- modules/caddy.nix | 5 +- packages/caddy.nix | 119 +++++++++++++++++++++++++++++++++++---------- 3 files changed, 99 insertions(+), 31 deletions(-) diff --git a/README.org b/README.org index 96bd41a..a1e51d0 100644 --- a/README.org +++ b/README.org @@ -46,6 +46,6 @@ Deploying is simply a matter of entering the deploy nix shell =nix develop= and =deploy .#golgi.system=. In order for this image to be built, the sandbox will need to be set to =false= or -=relaxed= (for the custom zsh and Caddy builds). This can be done by adding the -line ~sandbox = relaxed~ to =/etc/nix/nix.conf=. Just note that the nix-daemon will -need to be restarted for this new setting to take full effect. +=relaxed= (for the custom zsh build). This can be done by adding the line ~sandbox = relaxed~ +to =/etc/nix/nix.conf=. Just note that the nix-daemon will need to be restarted +for this new setting to take full effect. diff --git a/modules/caddy.nix b/modules/caddy.nix index e6ca420..84bc25c 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -10,8 +10,9 @@ with lib; { enable = true; package = pkgs.callPackage ../packages/caddy.nix { - plugins = [ - "github.com/tecosaur/caddy-fs-git@3e897ed" + externalPlugins = [ + {name = "caddy-fs-git"; repo = "github.com/tecosaur/caddy-fs-git"; + version = "ef9d0ab232f4fe5d7e86312cbba45ff8afea98a1";} ]; }; virtualHosts."tecosaur.net".extraConfig = '' diff --git a/packages/caddy.nix b/packages/caddy.nix index d47a2d7..662e3a6 100644 --- a/packages/caddy.nix +++ b/packages/caddy.nix @@ -1,37 +1,104 @@ -{ config, pkgs, plugins, ... }: +{ lib +, buildGoModule +, fetchFromGitHub +, gnused +, nixosTests +, caddy +, testers +, installShellFiles +, externalPlugins ? [] +, vendorHash ? "sha256-O0j6LwUQGa+NnotR2QpSIbNH+RI9y8mRrNoxbJqTw8k=" +}: -with pkgs; - -stdenv.mkDerivation rec { - # Disable the Nix build sandbox for this specific build. - # This means the build can freely talk to the Internet. - # Requires the sandbox to be set to false/"relaxed". - __noChroot = true; +let + attrsToModules = attrs: + builtins.map ({name, repo, version}: "${repo}") attrs; + attrsToSources = attrs: + builtins.map ({name, repo, version}: "${repo}@${version}") attrs; +in buildGoModule rec { pname = "caddy"; - # https://github.com/NixOS/nixpkgs/issues/113520 - version = "latest"; - dontUnpack = true; + version = "2.7.6"; - nativeBuildInputs = [ git go xcaddy ]; + dist = fetchFromGitHub { + owner = "caddyserver"; + repo = "dist"; + rev = "v${version}"; + hash = "sha256-uY6MU8iXfGK6+HP2Lc+3iPE5wY35NbGp8pMZWpNVPSg="; + }; - configurePhase = '' - export GOCACHE=$TMPDIR/go-cache - export GOPATH="$TMPDIR/go" + src = fetchFromGitHub { + owner = "caddyserver"; + repo = "caddy"; + rev = "v${version}"; + hash = "sha256-th0R3Q1nGT0q5PGOygtD1/CpJmrT5TYagrwQR4t/Fvg="; + }; + + inherit vendorHash; + + subPackages = [ "cmd/caddy" ]; + + ldflags = [ + "-s" "-w" + "-X github.com/caddyserver/caddy/v2.CustomVersion=${version}" + ]; + + nativeBuildInputs = [ gnused installShellFiles ]; + + modBuildPhase = '' + for module in ${builtins.toString (attrsToModules externalPlugins)}; do + sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go + done + for plugin in ${builtins.toString (attrsToSources externalPlugins)}; do + go get $plugin + done + + go generate + go mod vendor ''; - buildPhase = let - pluginArgs = lib.concatMapStringsSep " " (plugin: "--with ${plugin}") plugins; - in '' - runHook preBuild - ${xcaddy}/bin/xcaddy build latest ${pluginArgs} - runHook postBuild + modInstallPhase = '' + mv -t vendor go.mod go.sum + cp -r --reflink=auto vendor "$out" ''; + preBuild = '' + chmod -R u+w vendor + [ -f vendor/go.mod ] && mv -t . vendor/go.{mod,sum} + go generate - installPhase = '' - runHook preInstall - mkdir -p $out/bin - mv caddy $out/bin - runHook postInstall + for module in ${builtins.toString (attrsToModules externalPlugins)}; do + sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go + done ''; + + postInstall = '' + install -Dm644 ${dist}/init/caddy.service ${dist}/init/caddy-api.service -t $out/lib/systemd/system + + substituteInPlace $out/lib/systemd/system/caddy.service --replace "/usr/bin/caddy" "$out/bin/caddy" + substituteInPlace $out/lib/systemd/system/caddy-api.service --replace "/usr/bin/caddy" "$out/bin/caddy" + + $out/bin/caddy manpage --directory manpages + installManPage manpages/* + + installShellCompletion --cmd caddy \ + --bash <($out/bin/caddy completion bash) \ + --fish <($out/bin/caddy completion fish) \ + --zsh <($out/bin/caddy completion zsh) + ''; + + passthru.tests = { + inherit (nixosTests) caddy; + version = testers.testVersion { + command = "${caddy}/bin/caddy version"; + package = caddy; + }; + }; + + meta = with lib; { + homepage = "https://caddyserver.com"; + description = "Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS"; + license = licenses.asl20; + mainProgram = "caddy"; + maintainers = with maintainers; [ Br1ght0ne emilylange techknowlogick ]; + }; }