osm-revert/shell.nix at main · Zaczero/osm-revert · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
{ }:

let
  # Update packages with `nixpkgs-update` command
  pkgs =
    import
      (fetchTarball "https://github.com/NixOS/nixpkgs/archive/16c7794d0a28b5a37904d55bcca36003b9109aaa.tar.gz")
      { };

  pythonLibs = with pkgs; [
    stdenv.cc.cc.lib
  ];
  python' =
    with pkgs;
    (symlinkJoin {
      name = "python";
      paths = [ python313 ];
      buildInputs = [ makeWrapper ];
      postBuild = ''
        wrapProgram "$out/bin/python3.13" --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath pythonLibs}"
      '';
    });

  packages' = with pkgs; [
    python'
    esbuild
    uv
    ruff
    curl
    jq

    (writeShellScriptBin "run" ''
      python -m gunicorn web.main:app \
        --worker-class uvicorn.workers.UvicornWorker \
        --graceful-timeout 5 \
        --keep-alive 300 \
        --access-logfile -
    '')
    (writeShellScriptBin "make-bundle" ''
      # authorized.js
      HASH=$(esbuild web/static/js/authorized.js --bundle --minify | sha256sum | head -c8 ; echo "") && \
      esbuild web/static/js/authorized.js --bundle --minify --sourcemap --charset=utf8 --outfile=web/static/js/authorized.$HASH.js && \
      find web/templates -type f -exec sed -r 's|src="/static/js/authorized\..*?js"|src="/static/js/authorized.'$HASH'.js"|g' -i {} \;

      # style.css
      HASH=$(esbuild web/static/css/style.css --bundle --minify | sha256sum | head -c8 ; echo "") && \
      esbuild web/static/css/style.css --bundle --minify --sourcemap --charset=utf8 --outfile=web/static/css/style.$HASH.css && \
      find web/templates -type f -exec sed -r 's|href="/static/css/style\..*?css"|href="/static/css/style.'$HASH'.css"|g' -i {} \;
    '')
    (writeShellScriptBin "nixpkgs-update" ''
      set -e
      hash=$(
        curl -sSL \
          https://prometheus.nixos.org/api/v1/query \
          -d 'query=channel_revision{channel="nixpkgs-unstable"}' \
        | jq -r ".data.result[0].metric.revision")
      sed -i "s|nixpkgs/archive/[0-9a-f]\\{40\\}|nixpkgs/archive/$hash|" shell.nix
      echo "Nixpkgs updated to $hash"
    '')
  ];

  shell' = with pkgs; ''
    export NIX_SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
    export SSL_CERT_FILE=$NIX_SSL_CERT_FILE

    export TZ=UTC
    export NIX_ENFORCE_NO_NATIVE=0
    export PYTHONNOUSERSITE=1
    export PYTHONPATH=""

    current_python=$(readlink -e .venv/bin/python || echo "")
    current_python=''${current_python%/bin/*}
    [ "$current_python" != "${python'}" ] && rm -rf .venv/

    echo "Installing Python dependencies"
    export UV_PYTHON="${python'}/bin/python"
    uv sync --frozen
    source .venv/bin/activate
    export UV_PYTHON="$VIRTUAL_ENV/bin/python"

    if [ -f .env ]; then
      echo "Loading .env file"
      set -a; . .env; set +a
    else
      echo "Skipped loading .env file (not found)"
    fi
  '';
in
pkgs.mkShell {
  buildInputs = packages';
  shellHook = shell';
}