diff options
Diffstat (limited to '.config/nixpkgs/shells')
-rw-r--r-- | .config/nixpkgs/shells/ansible.nix | 20 | ||||
-rw-r--r-- | .config/nixpkgs/shells/ansible/shell.nix | 29 | ||||
-rw-r--r-- | .config/nixpkgs/shells/bubblewrap/shell.nix | 36 | ||||
-rw-r--r-- | .config/nixpkgs/shells/cake/shell.nix | 212 | ||||
-rw-r--r-- | .config/nixpkgs/shells/coreboot.nix | 119 | ||||
-rw-r--r-- | .config/nixpkgs/shells/coreboot/shell.nix | 108 | ||||
-rw-r--r-- | .config/nixpkgs/shells/falcon/shell.nix (renamed from .config/nixpkgs/shells/falcon.nix) | 29 | ||||
-rw-r--r-- | .config/nixpkgs/shells/firejail/shell.nix | 48 | ||||
-rw-r--r-- | .config/nixpkgs/shells/larynx-server/shell.nix | 54 | ||||
-rw-r--r-- | .config/nixpkgs/shells/larynx/shell.nix | 54 | ||||
-rw-r--r-- | .config/nixpkgs/shells/mermaid-live-editor/shell.nix | 74 | ||||
-rw-r--r-- | .config/nixpkgs/shells/nixops.nix | 19 | ||||
-rw-r--r-- | .config/nixpkgs/shells/nsjail/shell.nix | 52 | ||||
-rw-r--r-- | .config/nixpkgs/shells/planner/shell.nix | 68 | ||||
-rw-r--r-- | .config/nixpkgs/shells/proot/shell.nix | 52 | ||||
-rw-r--r-- | .config/nixpkgs/shells/pure/shell.nix | 22 | ||||
-rw-r--r-- | .config/nixpkgs/shells/scribus/shell.nix | 96 | ||||
-rw-r--r-- | .config/nixpkgs/shells/tilp2/shell.nix | 66 |
18 files changed, 987 insertions, 171 deletions
diff --git a/.config/nixpkgs/shells/ansible.nix b/.config/nixpkgs/shells/ansible.nix deleted file mode 100644 index 5da5e38..0000000 --- a/.config/nixpkgs/shells/ansible.nix +++ /dev/null @@ -1,20 +0,0 @@ -with import <nixpkgs> { }; - -let project = "${builtins.getEnv "HOME"}/Shares/Projects/infrastructure/ansible"; - -in mkShell rec { - name = "ansible-mitogen"; - buildInputs = [ python38.pkgs.pip ansible_2_9 ]; - shellHook = '' - export virtualenvs=$HOME/.local/share/virtualenvs - mkdir -p $virtualenvs - python -m venv $virtualenvs/ansible-mitogen - . $virtualenvs/ansible-mitogen/bin/activate - python -m pip install mitogen==0.2.9 - export ANSIBLE_STRATEGY_PLUGINS=$virtualenvs/ansible-mitogen/lib/python3.8/site-packages/ansible_mitogen/plugins - export ANSIBLE_STRATEGY=mitogen_linear - export PS1='\h (${name}) \W \$ ' - cd '${project}' || exit 1 - ssh -T git@github.com - ''; -} diff --git a/.config/nixpkgs/shells/ansible/shell.nix b/.config/nixpkgs/shells/ansible/shell.nix new file mode 100644 index 0000000..96eb244 --- /dev/null +++ b/.config/nixpkgs/shells/ansible/shell.nix @@ -0,0 +1,29 @@ +let + + # nix-shell -E 'import (builtins.fetchurl "$url")' + + name = "nix-shell.ansible"; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/21.11/nixos-21.11.336020.2128d0aa28e/nixexprs.tar.xz"; + sha256 = "0w8plbxms0di6gnh0k2yhj0pgxzxas7g5x0m01zjzixf16i2bapj"; + }) { }; + + project = "${builtins.getEnv "HOME"}/Shares/Projects/infrastructure/ansible"; + + python = pkgs.python39.withPackages (ps: with ps; [ mitogen ]); + +in pkgs.mkShell { + + inherit name; + + buildInputs = [ python pkgs.ansible_2_10 ]; + + shellHook = '' + export ANSIBLE_STRATEGY_PLUGINS=${python}/lib/*/site-packages/ansible_mitogen/plugins + export ANSIBLE_STRATEGY=mitogen_linear + export PS1='\h (${name}) \W \$ ' + cd '${project}' || exit 1 + ssh -T git@github.com + ''; +} diff --git a/.config/nixpkgs/shells/bubblewrap/shell.nix b/.config/nixpkgs/shells/bubblewrap/shell.nix new file mode 100644 index 0000000..aee8a8b --- /dev/null +++ b/.config/nixpkgs/shells/bubblewrap/shell.nix @@ -0,0 +1,36 @@ +let + + # nix-shell -E 'import (builtins.fetchurl "$url")' + # https://github.com/containers/bubblewrap/blob/main/demos/bubblewrap-shell.sh + # https://manpages.debian.org/testing/bubblewrap/bwrap.1.en.html + + name = "nix-shell.bubblewrap"; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz"; + sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg"; + }) { }; + + bubblewrap = arguments@{ ... }: pkgs.writeShellApplication { + inherit name; + text = '' + PATH=${pkgs.lib.strings.makeBinPath [ pkgs.bubblewrap ]} + bwrap \ + '' + pkgs.lib.strings.concatStringsSep " \\\n" + (pkgs.lib.attrsets.mapAttrsToList (argument: value: "--${argument} ${value} ") + arguments) + "/bin/sh\n"; + }; + + jail = bubblewrap { + clearenv = ""; + setenv = "PATH ${pkgs.lib.strings.makeBinPath [ pkgs.busybox ]}"; + ro-bind = "/nix /nix" + " --ro-bind /bin /bin"; + }; + +in pkgs.mkShell { + inherit name; + shellHook = '' + printf '%s\n' "${jail}/bin/${jail.name}" + exec "${jail}/bin/${jail.name}" + ''; +} diff --git a/.config/nixpkgs/shells/cake/shell.nix b/.config/nixpkgs/shells/cake/shell.nix new file mode 100644 index 0000000..2991136 --- /dev/null +++ b/.config/nixpkgs/shells/cake/shell.nix @@ -0,0 +1,212 @@ +let + + # nix-shell -E 'import (builtins.fetchurl "$url")' + # NIX_CONFIG="sandbox = relaxed" nix-shell --option builders '' shell.nix + + name = "nix-shell.cake"; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/23.11/nixos-23.11.6510.a5e4bbcb4780/nixexprs.tar.xz"; + sha256 = "0f73pbh4j89wgk7rn9xp0q8ybw15zkhw0prjz5r37aaryjs8hnbd"; + }) { }; + + alpine = pkgs.fetchurl { + url = "https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.1-x86_64.tar.gz"; + sha256 = "sha256-GFEjzrbn0I8kSf/1VD2yBv+3nezYFGCNOZrUR+CPop4="; + }; + + cook = { name, src, contents ? [ ], path ? [ ], script ? "", prepare ? "", cleanup ? "" }: pkgs.stdenvNoCC.mkDerivation { + __noChroot = true; + inherit name src contents; + phases = [ "installPhase" ]; + buildInputs = [ pkgs.proot pkgs.rsync pkgs.tree pkgs.kmod ]; + bootstrap = pkgs.writeScript "bootstrap-${name}" '' + ${script} + rm "$0" + ''; + PROOT_NO_SECCOMP = "1"; + installPhase = '' + set -euo pipefail + mkdir --parents rootfs $out/rootfs + tar --extract --file=${src} -C rootfs + + ${prepare} + + cp $bootstrap rootfs/bootstrap + proot --cwd=/ --root-id --rootfs=rootfs /usr/bin/env - /bin/sh -euc 'BASH_VERSION= . /etc/profile && /bootstrap' + printf 'PATH=${pkgs.lib.strings.makeBinPath path}:$PATH' >> rootfs/etc/profile + + [ -n "$contents" ] && { + printf "\n" + for paths in $contents; do + printf "Cooking... Adding %s \n" "$paths" + rsync --copy-dirlinks --relative --archive --chown=0:0 "$paths/" "rootfs" || exit 1 + done + printf "\n" + } || printf '\n%s\n' 'No contents to cook.'; + + ${cleanup} + + printf '\n%s\n\n' "$(du --all --max-depth 1 --human-readable rootfs | sort --human-numeric-sort)" + cp --recursive --no-target-directory rootfs $out/rootfs + ''; + }; + + bake = { name, image, size ? "1G", debug ? false, kernel ? pkgs.linux, options ? [ ], modules ? [ ], uuid ? "99999999-9999-9999-9999-999999999999" }: let + initrd = cook { + name = "initrd-${name}"; + src = alpine; + script = '' + rm -rf home opt media root run srv tmp var + printf '#!/bin/sh -eu + mount -t devtmpfs none /dev + mount -t proc none /proc + mount -t sysfs none /sys + sh /lib/modules/initrd/init + ${pkgs.lib.optionalString (debug) "sh +m"} + mount -r "$(findfs UUID=${uuid})" /mnt + mount -o move /dev /mnt/dev + umount /proc /sys + exec switch_root /mnt /sbin/init + ' > init + chmod +x init + find . ! -name bootstrap ! -name initramfs.cpio | cpio -H newc -ov > initramfs.cpio + gzip -9 initramfs.cpio + ''; + prepare = '' + modules='${pkgs.lib.strings.concatMapStringsSep " " (module: module) modules}' + initrd_directory=rootfs/lib/modules/initrd + [ -n "$modules" ] && { + mkdir --parents "$initrd_directory" + printf "\n" + for module in $modules; do + module_file=$(find ${kernel} -name "$module.ko*" -type f) + module_basename=$(basename "$module_file") + printf "Cooking initrd... Adding module %s \n" "$module" + cp "$module_file" "$initrd_directory" || exit 1 + printf 'insmod /lib/modules/initrd/%s\n' "$module_basename" >> "$initrd_directory/init" + done + } || printf '\n%s\n' 'No modules to cook.' + ''; + }; in pkgs.writeScript name '' + set -euo pipefail + PATH=${pkgs.lib.strings.makeBinPath [ + pkgs.coreutils + pkgs.e2fsprogs + pkgs.gawk + pkgs.rsync + pkgs.syslinux + pkgs.tree + pkgs.utillinux + ]} + IMAGE=${name}.img + LOOP=/dev/loop0 + ROOTFS=rootfs + rm "$IMAGE" || true + fallocate --length ${size} $IMAGE && chmod o+rw "$IMAGE" + printf 'o\nn\np\n1\n2048\n\na\nw\n' | fdisk "$IMAGE" + dd bs=440 count=1 conv=notrunc if=${pkgs.syslinux}/share/syslinux/mbr.bin of="$IMAGE" + mkdir --parents "$ROOTFS" + umount --verbose "$ROOTFS" || true + losetup --detach "$LOOP" || true + losetup --offset "$((2048 * 512))" "$LOOP" "$IMAGE" + mkfs.ext4 -U ${uuid} "$LOOP" + mount --verbose "$LOOP" "$ROOTFS" + rsync --archive --chown=0:0 "${image}/rootfs/" "$ROOTFS"; + mkdir --parents "$ROOTFS/boot" + cp ${kernel}/bzImage "$ROOTFS/boot/vmlinux" + cp ${initrd}/rootfs/initramfs.cpio.gz "$ROOTFS/boot/initrd" + printf ' + DEFAULT linux + LABEL linux + LINUX /boot/vmlinux + INITRD /boot/initrd + APPEND ${pkgs.lib.strings.concatMapStringsSep " " (option: option) options} + ' > "$ROOTFS/boot/syslinux.cfg" + extlinux --heads 64 --sectors 32 --install $ROOTFS/boot + printf '\n%s\n\n' "$(du --max-depth 1 --human-readable $ROOTFS | sort --human-numeric-sort)" + umount --verbose "$ROOTFS" + rm -r "$ROOTFS" + losetup --detach "$LOOP" + ''; + + system = cook { + name = "alpine"; + src = alpine; + contents = [ pkgs.glibc pkgs.gawk ]; + path = [ pkgs.gawk ]; + script = '' + cat /etc/alpine-release + sed -i 's/#ttyS0/ttyS0/' /etc/inittab + printf 'migh7Lib\nmigh7Lib\n' | adduser alpine + ''; + }; + + machine = cook { + name = "alpine"; + src = alpine; + contents = [ pkgs.glibc pkgs.gawk ]; + path = [ pkgs.gawk ]; + script = '' + apk update + apk upgrade + apk add openrc + cat /etc/alpine-release + sed -i 's/#ttyS0/ttyS0/' /etc/inittab + printf 'migh7Lib\nmigh7Lib\n' | adduser alpine + ''; + }; + + virtual-machine = bake { + name = "alpine-machine"; + image = machine; + kernel = pkgs.linuxPackages_5_10.kernel; + options = [ "console=tty1" "console=ttyS0" ]; + size = "128M"; + modules = [ + "virtio" + "virtio_ring" + "virtio_blk" + "virtio_pci" + "jbd2" + "mbcache" + "crc16" + "crc32c_generic" + "ext4" + ]; + }; + + container = { rootfs, binds ? [ ], options ? [] }: + pkgs.writeScript name '' + set -euxo pipefail + PATH=${pkgs.lib.strings.makeBinPath [ pkgs.proot ]} + proot \ + --cwd=/ \ + --rootfs='${rootfs}' \ + ${pkgs.lib.strings.concatMapStringsSep " " (option: "--bind=${option}") binds} \ + ${pkgs.lib.strings.concatMapStringsSep " " (value: value) options} \ + /usr/bin/env - /bin/sh -c '. /etc/profile && sh' + ''; + +in pkgs.mkShell { + + inherit name; + + buildInputs = [ pkgs.proot pkgs.qemu ]; + + shellHook = '' + export PS1='\h (${name}) \W \$ ' + + # sudo ${virtual-machine} + # doas ${virtual-machine} + # qemu-system-x86_64 -nographic -drive if=virtio,file=./${virtual-machine.name}.img,format=raw + # qemu-system-x86_64 -curses -drive if=virtio,file=./${virtual-machine.name}.img,format=raw + + ${container { + rootfs = "${system}/rootfs"; + binds = [ "/proc" "/dev" ]; + options = [ "--verbose=0" ]; + }} + exit + ''; +} diff --git a/.config/nixpkgs/shells/coreboot.nix b/.config/nixpkgs/shells/coreboot.nix deleted file mode 100644 index 57ca4e5..0000000 --- a/.config/nixpkgs/shells/coreboot.nix +++ /dev/null @@ -1,119 +0,0 @@ -# Shell derivation condensed from https://git.petabyte.dev/petabyteboy/corenix - -with import (builtins.fetchTarball { - url = "https://releases.nixos.org/nixos/20.09/nixos-20.09.3824.dec334fa196/nixexprs.tar.xz"; - sha256 = "1i38d1z672gzn73k6gsas2zjbbradg06w7dw3zs9f64l0hr3qd94"; }) { }; - -let - - architecture = "i386"; - url = "https://review.coreboot.org/coreboot"; - project = "${builtins.getEnv "HOME"}/Shares/Projects/coreboot"; - - dependencies = { fetchurl }: [ - rec { name = "Python-3.8.5.tar.xz"; archive = fetchurl { sha256 = "1c43dbv9lvlp3ynqmgdi4rh8q94swanhqarqrdx62zmigpakw073"; url = "https://www.python.org/ftp/python/3.8.5/${name}"; }; } - rec { name = "acpica-unix2-20200717.tar.gz"; archive = fetchurl { sha256 = "0jyy71szjr40c8v40qqw6yh3gfk8d6sl3nay69zrn5d88i3r0jca"; url = "https://acpica.org/sites/acpica/files/${name}"; }; } - rec { name = "binutils-2.35.tar.xz"; archive = fetchurl { sha256 = "119g6340ksv1jkg6bwaxdp2whhlly22l9m30nj6y284ynjgna48v"; url = "https://ftpmirror.gnu.org/binutils/${name}"; }; } - rec { name = "clang-10.0.1.src.tar.xz"; archive = fetchurl { sha256 = "091bvcny2lh32zy8f3m9viayyhb2zannrndni7325rl85cwgr6pr"; url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/${name}"; }; } - rec { name = "clang-tools-extra-10.0.1.src.tar.xz"; archive = fetchurl { sha256 = "06n1yp638rh24xdxv9v2df0qajxbjz4w59b7dd4ky36drwmpi4yh"; url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/${name}"; }; } - rec { name = "cmake-3.18.1.tar.gz"; archive = fetchurl { sha256 = "0215srmc9l7ygwdpfms8yx0wbd96qgz2d58ykmdiarvysf5k7qy0"; url = "https://cmake.org/files/v3.18/${name}"; }; } - rec { name = "compiler-rt-10.0.1.src.tar.xz"; archive = fetchurl { sha256 = "1yjqjri753w0fzmxcyz687nvd97sbc9rsqrxzpq720na47hwh3fr"; url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/${name}"; }; } - rec { name = "expat-2.2.9.tar.bz2"; archive = fetchurl { sha256 = "0dx2m58gkj7cadk51lmp54ma7cqjhff4kjmwv8ks80j3vj2301pi"; url = "https://downloads.sourceforge.net/sourceforge/expat/${name}"; }; } - rec { name = "gcc-8.3.0.tar.xz"; archive = fetchurl { sha256 = "0b3xv411xhlnjmin2979nxcbnidgvzqdf4nbhix99x60dkzavfk4"; url = "https://ftpmirror.gnu.org/gcc/gcc-8.3.0/${name}"; }; } - rec { name = "gdb-9.2.tar.xz"; archive = fetchurl { sha256 = "0mf5fn8v937qwnal4ykn3ji1y2sxk0fa1yfqi679hxmpg6pdf31n"; url = "https://ftpmirror.gnu.org/gdb/${name}"; }; } - rec { name = "gmp-6.2.0.tar.xz"; archive = fetchurl { sha256 = "09hmg8k63mbfrx1x3yy6y1yzbbq85kw5avbibhcgrg9z3ganr3i5"; url = "https://ftpmirror.gnu.org/gmp/${name}"; }; } - rec { name = "llvm-10.0.1.src.tar.xz"; archive = fetchurl { sha256 = "1wydhbp9kyjp5y0rc627imxgkgqiv3dfirbqil9dgpnbaw5y7n65"; url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.1/${name}"; }; } - rec { name = "mpc-1.2.0.tar.gz"; archive = fetchurl { sha256 = "19pxx3gwhwl588v496g3aylhcw91z1dk1d5x3a8ik71sancjs3z9"; url = "https://ftpmirror.gnu.org/mpc/${name}"; }; } - rec { name = "mpfr-4.1.0.tar.xz"; archive = fetchurl { sha256 = "0zwaanakrqjf84lfr5hfsdr7hncwv9wj0mchlr7cmxigfgqs760c"; url = "https://ftpmirror.gnu.org/mpfr/${name}"; }; } - rec { name = "nasm-2.15.03.tar.bz2"; archive = fetchurl { sha256 = "0y6p3d5lhmwzvgi85f00sz6c485ir33zd1nskzxby4pikcyk9rq4"; url = "https://www.nasm.us/pub/nasm/releasebuilds/2.15.03/${name}"; }; } - ]; - - toolchain = stdenv.mkDerivation rec { - pname = "crossgcc-${architecture}"; - version = "4.13"; - src = fetchgit { - inherit url; - rev = version; - sha256 = "0xwzwplyf2zc267ddprh7963p582q3jrdvxc7r4cwzj0lhgrv6rv"; - fetchSubmodules = true; - }; - - nativeBuildInputs = [ curl m4 flex bison zlib gnat ]; - - buildPhase = '' - mkdir -p util/crossgcc/tarballs - ${lib.concatMapStringsSep "\n" - (file: "ln -s ${file.archive} util/crossgcc/tarballs/${file.name}") - (callPackage dependencies { })} - NIX_HARDENING_ENABLE="$\{NIX_HARDENING_ENABLE/ format/\}" make crossgcc-i386 CPUS=$(nproc) - ''; - - installPhase = '' - runHook preInstall - cp -r util/crossgcc $out - runHook postInstall - ''; - }; - -in mkShell { - - name = "coreboot"; - - buildInputs = [ git coreboot-utils flashrom me_cleaner ncurses qemu m4 flex bison zlib gnat ]; - - shellHook = '' - export PS1='\h (coreboot) \W \$ ' - - mkdir -p '${project}' - git clone '${url}' '${project}' || true - cd '${project}' || exit 1 - - [ ! -L util/crossgcc ] && rm -rf util/crossgcc - ln -sf ${toolchain} util/crossgcc - - printf " - **** COMMANDS **** - - # view toolchain help - make help_toolchain - - # clear old configuration - make distclean - - # build i386, Aarch64, and RISC-V toolchain - make crossgcc-i386 CPUS=$(nproc) - make crossgcc-aarch64 CPUS=$(nproc) - make crossgcc-riscv CPUS=$(nproc) - - # build coreinfo payload - make -C payloads/coreinfo olddefconfig - make -C payloads/coreinfo - - # setup configurtion - make nconfig - select 'Mainboard' menu - Beside 'Mainboard vendor' should be '(Emulation)' - Beside 'Mainboard model' should be 'QEMU x86 i440fx/piix4' - select < Exit > - - select 'Payload' menu - select 'Add a Payload' - choose 'An Elf executable payload' - select 'Payload path and filename' - enter 'payloads/coreinfo/build/coreinfo.elf' - select < Exit > - select < Exit > - select < Yes > - - # check configuration - make savedefconfig - cat defconfig - - # build coreboot - make - - # test image in qemu - qemu-system-x86_64 -bios build/coreboot.rom -serial stdio - " - ''; -} diff --git a/.config/nixpkgs/shells/coreboot/shell.nix b/.config/nixpkgs/shells/coreboot/shell.nix new file mode 100644 index 0000000..242c621 --- /dev/null +++ b/.config/nixpkgs/shells/coreboot/shell.nix @@ -0,0 +1,108 @@ +let + + # Shell derivation condensed from https://git.petabyte.dev/petabyteboy/corenix + + # nix-shell -E 'import (builtins.fetchurl "$url")' + + name = "nix-shell.coreboot"; + architecture = "i386"; + url = "https://review.coreboot.org/coreboot"; + project = "${builtins.getEnv "HOME"}/Shares/Projects/coreboot"; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/20.09/nixos-20.09.3824.dec334fa196/nixexprs.tar.xz"; + sha256 = "1i38d1z672gzn73k6gsas2zjbbradg06w7dw3zs9f64l0hr3qd94"; }) {}; + + dependencies = { fetchurl }: [ + rec { name = "llvm-${version}.src.tar.xz"; version = "11.0.0"; archive = fetchurl { sha256 = "0s94lwil98w7zb7cjrbnxli0z7gklb312pkw74xs1d6zk346hgwi"; url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${version}/${name}"; }; } + rec { name = "clang-${version}.src.tar.xz"; version = "11.0.0"; archive = fetchurl { sha256 = "091bvcny2lh32zy8f3m9viayyhb2zannrndni7325rl85cwgr6pr"; url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${version}/${name}"; }; } + rec { name = "clang-tools-extra-${version}.src.tar.xz"; version = "11.0.0"; archive = fetchurl { sha256 = "02bcwwn54661madhq4nxc069s7p7pj5gpqi8ww50w3anbpviilzy"; url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${version}/${name}"; }; } + rec { name = "compiler-rt-${version}.src.tar.xz"; version = "11.0.0"; archive = fetchurl { sha256 = "1yjqjri753w0fzmxcyz687nvd97sbc9rsqrxzpq720na47hwh3fr"; url = "https://github.com/llvm/llvm-project/releases/download/llvmorg-${version}/${name}"; }; } + rec { name = "Python-${version}.tar.xz"; version = "3.8.5"; archive = fetchurl { sha256 = "1c43dbv9lvlp3ynqmgdi4rh8q94swanhqarqrdx62zmigpakw073"; url = "https://www.python.org/ftp/python/${version}/${name}"; }; } + rec { name = "acpica-unix2-${version}.tar.gz"; version = "20200925"; archive = fetchurl { sha256 = "18n6129fkgj85piid7v4zxxksv3h0amqp4p977vcl9xg3bq0zd2w"; url = "https://acpica.org/sites/acpica/files/${name}"; }; } + rec { name = "binutils-${version}.tar.xz"; version = "2.35.1"; archive = fetchurl { sha256 = "01w6xvfy7sjpw8j08k111bnkl27j760bdsi0wjvq44ghkgdr3v9w"; url = "https://ftpmirror.gnu.org/binutils/${name}"; }; } + rec { name = "cmake-${version}.1.tar.gz"; version = "3.18"; archive = fetchurl { sha256 = "0215srmc9l7ygwdpfms8yx0wbd96qgz2d58ykmdiarvysf5k7qy0"; url = "https://cmake.org/files/v${version}/${name}"; }; } + rec { name = "expat-${version}.tar.bz2"; version = "2.2.9"; archive = fetchurl { sha256 = "0dx2m58gkj7cadk51lmp54ma7cqjhff4kjmwv8ks80j3vj2301pi"; url = "https://distfiles.macports.org/expat/${name}"; }; } + rec { name = "gcc-${version}.tar.xz"; version = "8.3.0"; archive = fetchurl { sha256 = "0b3xv411xhlnjmin2979nxcbnidgvzqdf4nbhix99x60dkzavfk4"; url = "https://ftpmirror.gnu.org/gcc/gcc-${version}/${name}"; }; } + rec { name = "gdb-${version}.tar.xz"; version = "9.2"; archive = fetchurl { sha256 = "0mf5fn8v937qwnal4ykn3ji1y2sxk0fa1yfqi679hxmpg6pdf31n"; url = "https://ftpmirror.gnu.org/gdb/${name}"; }; } + rec { name = "gmp-${version}.tar.xz"; version = "6.2.0"; archive = fetchurl { sha256 = "09hmg8k63mbfrx1x3yy6y1yzbbq85kw5avbibhcgrg9z3ganr3i5"; url = "https://ftpmirror.gnu.org/gmp/${name}"; }; } + rec { name = "mpc-${version}.tar.gz"; version = "1.2.0"; archive = fetchurl { sha256 = "19pxx3gwhwl588v496g3aylhcw91z1dk1d5x3a8ik71sancjs3z9"; url = "https://ftpmirror.gnu.org/mpc/${name}"; }; } + rec { name = "mpfr-${version}.tar.xz"; version = "4.1.0"; archive = fetchurl { sha256 = "0zwaanakrqjf84lfr5hfsdr7hncwv9wj0mchlr7cmxigfgqs760c"; url = "https://ftpmirror.gnu.org/mpfr/${name}"; }; } + rec { name = "nasm-${version}.tar.bz2"; version = "2.15.05"; archive = fetchurl { sha256 = "1l1gxs5ncdbgz91lsl4y7w5aapask3w02q9inayb2m5bwlwq6jrw"; url = "https://www.nasm.us/pub/nasm/releasebuilds/${version}/${name}"; }; } + ]; + + toolchain = pkgs.stdenv.mkDerivation rec { + pname = "crossgcc-${architecture}"; + version = "4.14"; + src = pkgs.fetchgit { + inherit url; + rev = version; + fetchSubmodules = true; + sha256 = "00xr74yc0kj9rrqa1a8b7bih865qlp9i4zs67ysavkfrjrwwssxm"; + }; + + hardeningDisable = [ "format" ]; + nativeBuildInputs = builtins.attrValues { inherit (pkgs) curl m4 flex bison zlib gnat; }; + + buildPhase = '' + mkdir --parents util/crossgcc/tarballs + ${pkgs.lib.concatMapStringsSep "\n" (file: "ln -s ${file.archive} util/crossgcc/tarballs/${file.name}") (pkgs.callPackage dependencies { })} + sed "s/SOURCE_DATE_EPOCH := .*/SOURCE_DATE_EPOCH := $SOURCE_DATE_EPOCH/" --in-place Makefile + make crossgcc-${architecture} CPUS=$(nproc) + ''; + + installPhase = '' + runHook preInstall + cp -r util/crossgcc $out + runHook postInstall + ''; + }; + +in pkgs.mkShell { + + inherit name; + + buildInputs = builtins.attrValues { inherit (pkgs) git coreboot-utils flashrom me_cleaner ncurses qemu m4 flex bison zlib gnat; }; + + shellHook = '' + export PS1='\h (${name}) \W \$ ' + mkdir -p '${project}' + git clone '${url}' '${project}' || true + cd '${project}' || exit 1 + rm -rf util/crossgcc + git fetch --all + git reset --hard origin/master + git checkout ${toolchain.version} + rm -rf util/crossgcc + ln -sf ${toolchain} util/crossgcc + sed -i 's|$(OBJCOPY) --strip-$(STRIP) $< $@|$(OBJCOPY) --strip-debug $< $@|g' payloads/libpayload/Makefile.payload + + printf ' + flashrom --programmer internal # read BIOS chipset internally if possible + flashrom --programmer internal --read backup.rom --chip $chipset # read BIOS internally if possible with selected chipset + flashrom --programmer internal --read backup1.rom --chip $chipset + flashrom --programmer internal --read backup2.rom --chip $chipset + flashrom --programmer internal --read backup3.rom --chip $chipset + flashrom --programmer ch341a_spi --read backup.rom --chip $chipset # use an external programmer if internal does not work + sha256sum *.rom # check BIOS hashes for exactness + me_cleaner.py --soft-disable backup.rom # clean management engine and overwrite bios inplace + ifdtool --extract backup.rom # split regions of cleaned bios + + # Rename and move descriptor.bin, gbe.bin, me.bin into 3rdparty/blobs/mainboard/$vendor/$model where + # $vendor and $model are variable (for example lenovo/t420). Create folders if they do not exist. + # To test in qemu select model/vendor Emulation/QEMU x86 i440fx/piix4 in nconfig. + # In real world situations, one might only read and write internally to the bios region. + + flashrom --programmer internal --read bios.rom --chip $chipset --ifd --image bios + flashrom --programmer internal --write bios.rom --chip $chipset --ifd --image bios + + make distclean # clear old configuration + make clean # clear old compilation and keep configuration + make nconfig # setup configurtion + cat .config # check configuration + make # build coreboot + qemu-system-x86_64 -bios build/coreboot.rom -serial stdio # test image in qemu + + ' + ''; +} diff --git a/.config/nixpkgs/shells/falcon.nix b/.config/nixpkgs/shells/falcon/shell.nix index 0d1a76e..7bd0b54 100644 --- a/.config/nixpkgs/shells/falcon.nix +++ b/.config/nixpkgs/shells/falcon/shell.nix @@ -1,19 +1,24 @@ -with import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/360e2af4f87.tar.gz"; - sha256 = "1i3i9cpn6m3r07pgw4w3xinbqmxkm7pmnqjlz96x424ngbc21sg2"; }) {}; - let + + # nix-shell -E 'import (builtins.fetchurl "$url")' + + name = "nix-shell.falcon-kernel"; + + pkgs = import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/360e2af4f87.tar.gz"; + sha256 = "1i3i9cpn6m3r07pgw4w3xinbqmxkm7pmnqjlz96x424ngbc21sg2"; }) {}; + project = "${builtins.getEnv "HOME"}/Desktop/moto-falcon/lineageos-kernel/lineageos-motorala-msm8226"; - toolchain = stdenv.mkDerivation rec { + toolchain = pkgs.stdenv.mkDerivation rec { name = "gcc-linaro-4.9.4"; src = builtins.fetchTarball { url = "https://releases.linaro.org/components/toolchain/binaries/4.9-2017.01/arm-linux-gnueabihf/gcc-linaro-4.9.4-2017.01-x86_64_arm-linux-gnueabihf.tar.xz"; sha256 = "11zznrx0hkq34bn7x7kxn5q9icrf22vqgmd1ifxmdskm2g14x3l8"; }; dontBuild = true; - buildInputs = [ python2 zlib ncurses5 expat lzma ]; - nativeBuildInputs = [ autoPatchelfHook ]; + buildInputs = builtins.attrValues { inherit (pkgs) python2 zlib ncurses5 expat lzma; }; + nativeBuildInputs = builtins.attrValues { inherit (pkgs) autoPatchelfHook; }; installPhase = '' runHook preInstall mkdir $out @@ -22,18 +27,16 @@ let ''; }; -in - -mkShell { +in pkgs.mkShell { - name = "falcon-kernel"; + inherit name; - buildInputs = [ gnumake ncurses ]; + buildInputs = builtins.attrValues { inherit (pkgs) gnumake ncurses; }; shellHook = '' export CROSS_COMPILE=${toolchain}/bin/arm-linux-gnueabihf- export ARCH=arm - export PS1='\h (falcon kernel) \W \$ ' + export PS1='\h (${name}) \W \$ ' cd '${project}' || exit 1 ''; } diff --git a/.config/nixpkgs/shells/firejail/shell.nix b/.config/nixpkgs/shells/firejail/shell.nix new file mode 100644 index 0000000..4f5e5e1 --- /dev/null +++ b/.config/nixpkgs/shells/firejail/shell.nix @@ -0,0 +1,48 @@ +let + + # nix-shell -E 'import (builtins.fetchurl "$url")' + # https://www.man7.org/linux/man-pages/man1/Firejail.1.html + + name = "nix-shell.firejail"; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz"; + sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg"; + }) { }; + + firejail = { + rootfs ? "rootfs", + options ? [ ], + path ? [ pkgs.busybox ], + entrypoint ? "/bin/sh" + }: + pkgs.writeShellApplication { + inherit name; + text = '' + set -euxo pipefail + PATH=${pkgs.lib.strings.makeBinPath [ pkgs.firejail pkgs.coreutils ]} + mkdir --parents '${rootfs}' + firejail \ + --chroot '${rootfs}' \ + ${pkgs.lib.strings.concatMapStringsSep " " (value: value) options} \ + -- /usr/bin/env --ignore-environment ${ + pkgs.writeScript "entrypoint-${name}" '' + set -eu + export PATH=${pkgs.lib.strings.makeBinPath path} + ${entrypoint} + '' + }; + ''; + }; + + jail = firejail { + options = [ ]; + }; + +in pkgs.mkShell { + inherit name; + shellHook = '' + printf '%s\n' "${jail}/bin/${jail.name}" + exec "${jail}/bin/${jail.name}" + ''; +} diff --git a/.config/nixpkgs/shells/larynx-server/shell.nix b/.config/nixpkgs/shells/larynx-server/shell.nix new file mode 100644 index 0000000..9021e47 --- /dev/null +++ b/.config/nixpkgs/shells/larynx-server/shell.nix @@ -0,0 +1,54 @@ +let + + name = "nix-shell.larynx-server"; + + nixpkgs = import <nixpkgs> { }; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz"; + sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg"; + }) { }; + + larynx = pkgs.stdenvNoCC.mkDerivation rec { + name = "larynx"; + version = "1.1.0"; + sourceRoot = "."; + + src = pkgs.dockerTools.exportImage { + fromImage = pkgs.dockerTools.pullImage rec { + imageName = "rhasspy/larynx"; + imageDigest = "sha256:ada5b443e2446b38ba61d764ec37c0ed78d46e659a011243967e7cc8e52311e3"; + sha256 = "sha256-TbaHNNMRGp4SWYC06WSmNr3igpiJagDKoD3TEnttYt8="; + finalImageName = imageName; + finalImageTag = version; + }; + diskSize = "3072"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + + installPhase = '' + mkdir --parents $out/bin/larynx/app + cp --recursive home/larynx/app/.venv $out/bin/larynx/app + cp --recursive home/larynx/app/larynx $out/bin/larynx/app + ''; + }; + + fhs = pkgs.buildFHSUserEnv { + name = "larynx-server"; + runScript = "${pkgs.writeScriptBin name '' + export PYTHONPATH=/bin/larynx/app + /bin/larynx/app/.venv/bin/python3 -m larynx.server + ''}/bin/${name}"; + targetPkgs = pkgs: [ + larynx + pkgs.python39 + ]; + profile = "export FHS=1"; + }; + +in pkgs.mkShell { + inherit fhs; + inherit name; + shellHook = "exec ${fhs}/bin/${fhs.name}"; +} diff --git a/.config/nixpkgs/shells/larynx/shell.nix b/.config/nixpkgs/shells/larynx/shell.nix new file mode 100644 index 0000000..ac2e940 --- /dev/null +++ b/.config/nixpkgs/shells/larynx/shell.nix @@ -0,0 +1,54 @@ +let + + name = "nix-shell.larynx"; + + nixpkgs = import <nixpkgs> { }; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz"; + sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg"; + }) { }; + + larynx = pkgs.stdenvNoCC.mkDerivation rec { + name = "larynx"; + version = "1.1.0"; + sourceRoot = "."; + + src = pkgs.dockerTools.exportImage { + fromImage = pkgs.dockerTools.pullImage rec { + imageName = "rhasspy/larynx"; + imageDigest = "sha256:ada5b443e2446b38ba61d764ec37c0ed78d46e659a011243967e7cc8e52311e3"; + sha256 = "sha256-TbaHNNMRGp4SWYC06WSmNr3igpiJagDKoD3TEnttYt8="; + finalImageName = imageName; + finalImageTag = version; + }; + diskSize = "3072"; + }; + + phases = [ "unpackPhase" "installPhase" ]; + + installPhase = '' + mkdir --parents $out/bin/larynx/app + cp --recursive home/larynx/app/.venv $out/bin/larynx/app + cp --recursive home/larynx/app/larynx $out/bin/larynx/app + ''; + }; + + fhs = pkgs.buildFHSUserEnv { + name = "larynx"; + runScript = "${pkgs.writeScriptBin name '' + export PYTHONPATH=/bin/larynx/app + /bin/larynx/app/.venv/bin/python3 -m larynx "$@" + ''}/bin/${name}"; + targetPkgs = pkgs: [ + larynx + pkgs.python39 + ]; + profile = "export FHS=1"; + }; + +in pkgs.mkShell { + inherit fhs; + inherit name; + shellHook = "exec ${fhs}/bin/${fhs.name}"; +} diff --git a/.config/nixpkgs/shells/mermaid-live-editor/shell.nix b/.config/nixpkgs/shells/mermaid-live-editor/shell.nix new file mode 100644 index 0000000..db89a42 --- /dev/null +++ b/.config/nixpkgs/shells/mermaid-live-editor/shell.nix @@ -0,0 +1,74 @@ +let + + name = "nix-shell.mermaid-live-editor"; + version = "bf6c54c00e84d8c7d541920607db72f50d775ba5"; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz"; + sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg"; + }) { }; + + package = pkgs.callPackage ({ lib, stdenv, fetchgit, mkYarnModules }: + + stdenv.mkDerivation rec { + inherit version; + pname = "mermaid-live-editor-node-modules"; + + src = fetchgit { + rev = version; + url = "https://github.com/mermaid-js/mermaid-live-editor.git"; + sha256 = "sha256-SadZzBruGKh4LCR9vr87vl/HBEgVN8Qczi9+thGmNCE="; + }; + + node_modules = mkYarnModules { + inherit pname version; + yarnLock = "${src}/yarn.lock"; + packageJSON = "${src}/package.json"; + }; + + installPhase = '' + runHook preInstall + mkdir $out + cp --recursive --no-target-directory ${node_modules} $out + cd $out/node_modules + chmod +w . + ln --symbolic mermaid-live-editor/node_modules/svelte-preprocess . + runHook postInstall + ''; + + meta = with lib; { + homepage = url; + license = licenses.mit; + description = "Edit, preview and share mermaid charts/diagrams. New implementation of the live editor."; + }; + }) { }; + + shell = pkgs.writeShellApplication { + inherit name; + text = '' + /usr/bin/env --ignore-environment /bin/sh -c ${ + pkgs.writeScript name '' + export PS1='\h (${name}) \W \$ ' + export PATH=${ + pkgs.lib.strings.makeBinPath [ + package + pkgs.busybox + pkgs.git + pkgs.yarn + ] + } + git clone https://github.com/mermaid-js/mermaid-live-editor.git + cd mermaid-live-editor + git checkout '${version}' + ln -sf '${package}/node_modules' + stat .svelte-kit || yarn build + yarn preview + '' + }; + ''; + }; + +in pkgs.mkShell { + inherit name; + shellHook = "exec ${shell}/bin/${shell.name}"; +} diff --git a/.config/nixpkgs/shells/nixops.nix b/.config/nixpkgs/shells/nixops.nix deleted file mode 100644 index 03756cd..0000000 --- a/.config/nixpkgs/shells/nixops.nix +++ /dev/null @@ -1,19 +0,0 @@ -with import <nixpkgs> { }; - -let - - version = "20.09"; - project = "${builtins.getEnv "HOME"}/Shares/Projects/infrastructure"; - channel = (import "${project}/nixos/versions.nix")."${version}".channel; - -in mkShell { - name = "nixops-${version}"; - shellHook = '' - export VAULT_ADDR='http://vault.test' - export NIX_PATH=${channel}/nixexprs.tar.xz - export _NIX_CHANNEL=${channel} - export PS1='\h (nixos ${version} ''${_NIX_CHANNEL##*.}) \W \$ ' - cd '${project}' || exit 1 - ssh -T git@github.com - ''; -} diff --git a/.config/nixpkgs/shells/nsjail/shell.nix b/.config/nixpkgs/shells/nsjail/shell.nix new file mode 100644 index 0000000..d954588 --- /dev/null +++ b/.config/nixpkgs/shells/nsjail/shell.nix @@ -0,0 +1,52 @@ +let + + # nix-shell -E 'import (builtins.fetchurl "$url")' + # https://nsjail.dev/ + + name = "nix-shell.nsjail"; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz"; + sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg"; + }) { }; + + nsjail = { + rootfs ? "rootfs", + options ? [ ], + path ? [ pkgs.busybox ], + entrypoint ? "/bin/sh" + }: + pkgs.writeShellApplication { + inherit name; + text = '' + set -euxo pipefail + PATH=${pkgs.lib.strings.makeBinPath [ pkgs.nsjail pkgs.coreutils ]} + mkdir --parents '${rootfs}' + nsjail \ + --chroot "$(pwd)"/'${rootfs}' \ + ${pkgs.lib.strings.concatMapStringsSep " " (value: value) options} \ + -- /usr/bin/env --ignore-environment ${ + pkgs.writeScript "entrypoint-${name}" '' + set -eu + export PATH=${pkgs.lib.strings.makeBinPath path} + ${entrypoint} + '' + }; + ''; + }; + + jail = nsjail { + options = [ + "--bindmount_ro /nix" + "--bindmount_ro /usr" + "--bindmount_ro /bin" + ]; + }; + +in pkgs.mkShell { + inherit name; + shellHook = '' + printf '%s\n' "${jail}/bin/${jail.name}" + exec "${jail}/bin/${jail.name}" + ''; +} diff --git a/.config/nixpkgs/shells/planner/shell.nix b/.config/nixpkgs/shells/planner/shell.nix new file mode 100644 index 0000000..079beda --- /dev/null +++ b/.config/nixpkgs/shells/planner/shell.nix @@ -0,0 +1,68 @@ +let + + name = "nix-shell.planner"; + + pkgs = (import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/21.11/nixos-21.11.336020.2128d0aa28e/nixexprs.tar.xz"; + sha256 = "0w8plbxms0di6gnh0k2yhj0pgxzxas7g5x0m01zjzixf16i2bapj"; + }) { }); + + package = pkgs.callPackage ({ lib, stdenvNoCC, fetchgit, pkgconfig, intltool + , automake111x, autoconf, libtool, gnome2, libxslt, python2, gcc48 }: + stdenvNoCC.mkDerivation rec { + pname = "planner"; + version = "de43d655f9f8103993129cde9de3d0e080d0546c"; + src = fetchgit { + url = "https://gitlab.gnome.org/World/planner.git"; + sha256 = "1zpcswdpcjhllk7phy3z1zyxcgqr4pp0vf5fgpg5f3gqpk4xvwyg"; + rev = version; + }; + nativeBuildInputs = [ + autoconf + automake111x + gnome2.gnome-common + gnome2.gtk-doc + gnome2.scrollkeeper + intltool + libtool + pkgconfig + ]; + buildInputs = [ + gcc48 + gnome2.GConf + gnome2.gtk + gnome2.libglade + gnome2.libgnomecanvas + gnome2.libgnomeui + libxslt + python2.pkgs.pygtk + ]; + enableParallelBuilding = true; + preConfigure = "./autogen.sh"; + makeFlags = [ "CFLAGS=-DGLIB_DISABLE_DEPRECATION_WARNINGS" ]; + configureFlags = [ "--enable-python" "--enable-python-plugin" ]; + meta = with lib; { + description = "Project management application for GNOME"; + homepage = "https://wiki.gnome.org/Apps/Planner"; + license = licenses.gpl2Plus; + platforms = platforms.all; + }; + }) { }; + + shell = pkgs.writeShellApplication { + inherit name; + text = '' + /usr/bin/env --ignore-environment /bin/sh -c ${ + pkgs.writeScript name '' + export PS1='\h (${name}) \W \$ ' + export PATH=${pkgs.lib.strings.makeBinPath [ package pkgs.busybox ]} + /bin/sh + '' + }; + ''; + }; + +in pkgs.mkShell { + inherit name package; + shellHook = "exec ${shell}/bin/${shell.name}"; +} diff --git a/.config/nixpkgs/shells/proot/shell.nix b/.config/nixpkgs/shells/proot/shell.nix new file mode 100644 index 0000000..46ed76f --- /dev/null +++ b/.config/nixpkgs/shells/proot/shell.nix @@ -0,0 +1,52 @@ +let + + # nix-shell -E 'import (builtins.fetchurl "$url")' + # https://manpages.ubuntu.com/manpages/trusty/man1/proot.1.html + + name = "nix-shell.proot"; + + pkgs = import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/22.11/nixos-22.11.466.596a8e828c5/nixexprs.tar.xz"; + sha256 = "1367bad5zz0mfm4czb6p0s0ni38f0x1ffh02z76rx4nranipqbgg"; + }) { }; + + proot = { + rootfs ? "rootfs", + binds ? [ ], + options ? [ ], + path ? [ pkgs.busybox ], + entrypoint ? "/bin/sh" + }: + pkgs.writeShellApplication { + inherit name; + text = '' + set -euxo pipefail + PATH=${pkgs.lib.strings.makeBinPath [ pkgs.proot pkgs.coreutils ]} + mkdir --parents '${rootfs}' + proot \ + --rootfs='${rootfs}' \ + ${pkgs.lib.strings.concatMapStringsSep " " (option: "--bind=${option}") binds} \ + ${pkgs.lib.strings.concatMapStringsSep " " (value: value) options} \ + /usr/bin/env --ignore-environment ${ + pkgs.writeScript "entrypoint-${name}" '' + set -eu + export HISTFILE=/dev/null + export PATH=${pkgs.lib.strings.makeBinPath path} + ${entrypoint} + '' + }; + ''; + }; + + jail = proot { + binds = [ "/nix" "/usr" "/bin" ]; + options = [ "--cwd=/" "--verbose=0" ]; + }; + +in pkgs.mkShell { + inherit name; + shellHook = '' + printf '%s\n' "${jail}/bin/${jail.name}" + exec "${jail}/bin/${jail.name}" + ''; +} diff --git a/.config/nixpkgs/shells/pure/shell.nix b/.config/nixpkgs/shells/pure/shell.nix new file mode 100644 index 0000000..2e58365 --- /dev/null +++ b/.config/nixpkgs/shells/pure/shell.nix @@ -0,0 +1,22 @@ +let + + name = "nix-shell.pure"; + pkgs = import <nixpkgs> { }; + + shell = pkgs.writeShellApplication { + inherit name; + text = '' + /usr/bin/env --ignore-environment /bin/sh -c ${ + pkgs.writeScript name '' + export PS1='\h (${name}) \W \$ ' + export PATH=${pkgs.lib.strings.makeBinPath [ pkgs.busybox ]} + /bin/sh + '' + }; + ''; + }; + +in pkgs.mkShell { + inherit name; + shellHook = "exec ${shell}/bin/${shell.name}"; +} diff --git a/.config/nixpkgs/shells/scribus/shell.nix b/.config/nixpkgs/shells/scribus/shell.nix new file mode 100644 index 0000000..9658c0a --- /dev/null +++ b/.config/nixpkgs/shells/scribus/shell.nix @@ -0,0 +1,96 @@ +let + + name = "nix-shell.scribus"; + + pkgs = (import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/21.11/nixos-21.11.336020.2128d0aa28e/nixexprs.tar.xz"; + sha256 = "0w8plbxms0di6gnh0k2yhj0pgxzxas7g5x0m01zjzixf16i2bapj"; + }) { }); + + package = pkgs.callPackage ({ lib, stdenv, fetchurl, pkg-config, freetype, lcms, libtiff + , libxml2, gnome2, qt4, python2, cups, fontconfig, libjpeg, zlib, libpng + , xorg, cairo, podofo, hunspell, boost, cmake, imagemagick, ghostscript }: + + let + icon = fetchurl { + url = "https://gist.githubusercontent.com/ejpcmac/a74b762026c9bc4000be624c3d085517/raw/18edc497c5cb6fdeef1c8aede37a0ee68413f9d3/scribus-icon-centered.svg"; + sha256 = "0hq3i7c2l50445an9glhhg47kj26y16svfajc6naqn307ph9vzc3"; + }; + pythonEnv = python2.withPackages (ps: [ ps.tkinter ps.pillow ]); + in stdenv.mkDerivation rec { + pname = "scribus"; + version = "1.4.8"; + + src = fetchurl { + url = "mirror://sourceforge/${pname}/${pname}/${pname}-${version}.tar.xz"; + sha256 = "0bq433myw6h1siqlsakxv6ghb002rp3mfz5k12bg68s0k6skn992"; + }; + + nativeBuildInputs = [ pkg-config cmake ]; + buildInputs = with xorg; [ + boost + cairo + cups + fontconfig + freetype + gnome2.libart_lgpl + hunspell + imagemagick + lcms + libX11 + libXau + libXaw + libXdmcp + libXext + libXi + libXinerama + libXtst + libjpeg + libpng + libpthreadstubs + libtiff + libxml2 + podofo + pythonEnv + qt4 + zlib + ]; + + postPatch = '' + substituteInPlace scribus/util_ghostscript.cpp \ + --replace 'QString gsName("gs");' \ + 'QString gsName("${ghostscript}/bin/gs");' + ''; + + postInstall = '' + for i in 16 24 48 64 96 128 256 512; do + mkdir -p $out/share/icons/hicolor/''${i}x''${i}/apps + convert -background none -resize ''${i}x''${i} ${icon} $out/share/icons/hicolor/''${i}x''${i}/apps/scribus.png + done + ''; + + meta = { + platforms = lib.platforms.linux; + description = "Desktop Publishing (DTP) and Layout program for Linux"; + homepage = "https://www.scribus.net"; + license = lib.licenses.gpl2; + }; + }) { }; + + shell = pkgs.writeShellApplication { + inherit name; + text = '' + /usr/bin/env --ignore-environment /bin/sh -c ${ + pkgs.writeScript name '' + export PS1='\h (${name}) \W \$ ' + export PATH=${pkgs.lib.strings.makeBinPath [ package pkgs.busybox ]} + /bin/sh + '' + }; + ''; + }; + +in pkgs.mkShell { + inherit name package; + shellHook = "exec ${shell}/bin/${shell.name}"; +} diff --git a/.config/nixpkgs/shells/tilp2/shell.nix b/.config/nixpkgs/shells/tilp2/shell.nix new file mode 100644 index 0000000..f57bc3b --- /dev/null +++ b/.config/nixpkgs/shells/tilp2/shell.nix @@ -0,0 +1,66 @@ +let + + name = "nix-shell.tilp2"; + + pkgs = (import (builtins.fetchTarball { + url = "https://releases.nixos.org/nixos/21.11/nixos-21.11.336020.2128d0aa28e/nixexprs.tar.xz"; + sha256 = "0w8plbxms0di6gnh0k2yhj0pgxzxas7g5x0m01zjzixf16i2bapj"; + }) { }); + + package = pkgs.callPackage ({ stdenv, lib, fetchurl, fetchpatch + , autoreconfHook, pkg-config, intltool, glib, gnome2, gtk2, gfm + , libticables2, libticalcs2, libticonv, libtifiles2 }: + + stdenv.mkDerivation rec { + pname = "tilp2"; + version = "1.18"; + src = fetchurl { + url = "mirror://sourceforge/tilp/${pname}-${version}.tar.bz2"; + sha256 = "0isf73bjwk06baz2gm3vpdh600gqck9ca4aqxzb089dmxriv6fkv"; + }; + + patches = fetchpatch { + name = "remove-broken-kde-support.patch"; + url = "https://aur.archlinux.org/cgit/aur.git/plain/remove-broken-kde-support.patch?h=tilp"; + sha256 = "1fn6vh7r45spkwpmkvffkbn7zrcsdrs5mjmspd5rwi3jc12cy3ny"; + }; + + nativeBuildInputs = [ autoreconfHook pkg-config intltool ]; + + buildInputs = [ + glib + gtk2 + gnome2.libglade + gfm + libticables2 + libticalcs2 + libticonv + libtifiles2 + ]; + + meta = with lib; { + changelog = "http://lpg.ticalc.org/prj_tilp/news.html"; + description = "Transfer data between Texas Instruments graphing calculators and a computer"; + homepage = "http://lpg.ticalc.org/prj_tilp/"; + license = licenses.gpl2Plus; + platforms = with platforms; linux ++ darwin; + }; + }) { }; + + shell = pkgs.writeShellApplication { + inherit name; + text = '' + /usr/bin/env --ignore-environment /bin/sh -c ${ + pkgs.writeScript name '' + export PS1='\h (${name}) \W \$ ' + export PATH=${pkgs.lib.strings.makeBinPath [ package pkgs.busybox ]} + /bin/sh + '' + }; + ''; + }; + +in pkgs.mkShell { + inherit name package; + shellHook = "exec ${shell}/bin/${shell.name}"; +} |