diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | cmd/goget/main.go | 2 | ||||
| -rw-r--r-- | flake.nix | 35 | ||||
| -rw-r--r-- | go.mod | 8 | ||||
| -rw-r--r-- | go.sum | 16 | ||||
| -rw-r--r-- | nix/modules/goget.nix | 66 | ||||
| -rw-r--r-- | nix/overlay.nix | 5 | ||||
| -rw-r--r-- | nix/packages/default.nix | 5 | ||||
| -rw-r--r-- | nix/packages/goget.nix | 31 |
9 files changed, 163 insertions, 6 deletions
@@ -1 +1,2 @@ .pre-commit-config.yaml +/result diff --git a/cmd/goget/main.go b/cmd/goget/main.go index ae8b3a6..3f17448 100644 --- a/cmd/goget/main.go +++ b/cmd/goget/main.go @@ -53,7 +53,7 @@ func main() { }() s := &http.Server{ - Addr: ":8080", + Addr: ":8070", Handler: handler(), ReadTimeout: 10 * time.Second, WriteTimeout: 10 * time.Second, @@ -19,10 +19,37 @@ flake-utils, pre-commit-hooks, }: - flake-utils.lib.eachDefaultSystem ( + let + # Import our packages and overlay + overlay = import ./nix/overlay.nix; + + # Import NixOS modules + nixosModules = { + goget = import ./nix/modules/goget.nix; + default = { + imports = [ + ./nix/modules/goget.nix + ]; + }; + }; + in + { + # Export the overlay for others to use + overlays.default = overlay; + + # Export NixOS modules + inherit nixosModules; + nixosModule = nixosModules.default; + } + // flake-utils.lib.eachDefaultSystem ( system: let - pkgs = import nixpkgs { inherit system; }; + pkgs = import nixpkgs { + inherit system; + overlays = [ overlay ]; + }; + + packages = import ./nix/packages { inherit pkgs; }; treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; @@ -40,6 +67,10 @@ ]; in { + packages = packages // { + default = packages.goget; + }; + formatter = treefmtEval.config.build.wrapper; checks = { @@ -2,17 +2,19 @@ module go.fcuny.net/x go 1.24.5 -require golang.org/x/text v0.28.0 +require ( + github.com/prometheus/client_golang v1.23.0 + golang.org/x/mod v0.27.0 + golang.org/x/text v0.28.0 +) require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/prometheus/client_golang v1.23.0 // indirect github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/common v0.65.0 // indirect github.com/prometheus/procfs v0.16.1 // indirect - golang.org/x/mod v0.27.0 // indirect golang.org/x/sys v0.33.0 // indirect google.golang.org/protobuf v1.36.6 // indirect ) @@ -2,8 +2,18 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= +github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= @@ -12,6 +22,10 @@ github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2 github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ= golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc= golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= @@ -20,3 +34,5 @@ golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/nix/modules/goget.nix b/nix/modules/goget.nix new file mode 100644 index 0000000..3ed5e04 --- /dev/null +++ b/nix/modules/goget.nix @@ -0,0 +1,66 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.services.goget; +in +{ + options.services.goget = { + enable = mkEnableOption "goget service"; + + package = mkPackageOption pkgs "goget" { }; + + port = mkOption { + type = types.port; + default = 8070; + description = "Port to listen on"; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Whether to open the firewall for the goget service"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.goget = { + description = "goget service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + wants = [ "network.target" ]; + + serviceConfig = { + Type = "exec"; + DynamicUser = true; + ExecStart = "${cfg.package}/bin/goget"; + Restart = "always"; + RestartSec = "5"; + + # Security settings + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + }; +} diff --git a/nix/overlay.nix b/nix/overlay.nix new file mode 100644 index 0000000..6789627 --- /dev/null +++ b/nix/overlay.nix @@ -0,0 +1,5 @@ +final: prev: +let + packages = import ./packages { pkgs = final; }; +in +packages diff --git a/nix/packages/default.nix b/nix/packages/default.nix new file mode 100644 index 0000000..e598fa1 --- /dev/null +++ b/nix/packages/default.nix @@ -0,0 +1,5 @@ +{ pkgs }: + +{ + goget = pkgs.callPackage ./goget.nix { }; +} diff --git a/nix/packages/goget.nix b/nix/packages/goget.nix new file mode 100644 index 0000000..c767740 --- /dev/null +++ b/nix/packages/goget.nix @@ -0,0 +1,31 @@ +{ + lib, + buildGoModule, +}: + +buildGoModule rec { + pname = "goget"; + version = "0.1.0"; # Consider deriving from git tags: version = builtins.substring 0 8 self.rev; + + src = ../..; + + vendorHash = "sha256-pStRgjhjjZdsYSnYMcWNbHSF7CJ3+7ZQradZgBfi5Gw="; + + subPackages = [ "cmd/goget" ]; + + ldflags = [ + "-s" + "-w" + ]; + + doCheck = false; + + meta = with lib; { + description = "A Go tool for getting things"; # Update with actual description + homepage = "https://github.com/yourusername/yourrepo"; # Update with your repo + license = licenses.mit; + maintainers = with maintainers; [ fcuny ]; + platforms = platforms.unix; + mainProgram = "goget"; + }; +} |