-
Notifications
You must be signed in to change notification settings - Fork 6
/
shell.nix
85 lines (75 loc) · 2.79 KB
/
shell.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
{}:
let
# Update packages with `nixpkgs-update` command
pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc.tar.gz") { };
pythonLibs = with pkgs; [
stdenv.cc.cc.lib
];
python' = with pkgs; (symlinkJoin {
name = "python";
paths = [ python313 ];
buildInputs = [ makeWrapper ];
postBuild = ''
wrapProgram "$out/bin/python3.13" --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath pythonLibs}"
'';
});
packages' = with pkgs; [
python'
esbuild
uv
ruff
(writeShellScriptBin "run" ''
python -m gunicorn web.main:app \
--worker-class uvicorn.workers.UvicornWorker \
--graceful-timeout 5 \
--keep-alive 300 \
--access-logfile -
'')
(writeShellScriptBin "make-bundle" ''
# authorized.js
HASH=$(esbuild web/static/js/authorized.js --bundle --minify | sha256sum | head -c8 ; echo "") && \
esbuild web/static/js/authorized.js --bundle --minify --sourcemap --charset=utf8 --outfile=web/static/js/authorized.$HASH.js && \
find web/templates -type f -exec sed -r 's|src="/static/js/authorized\..*?js"|src="/static/js/authorized.'$HASH'.js"|g' -i {} \;
# style.css
HASH=$(esbuild web/static/css/style.css --bundle --minify | sha256sum | head -c8 ; echo "") && \
esbuild web/static/css/style.css --bundle --minify --sourcemap --charset=utf8 --outfile=web/static/css/style.$HASH.css && \
find web/templates -type f -exec sed -r 's|href="/static/css/style\..*?css"|href="/static/css/style.'$HASH'.css"|g' -i {} \;
'')
(writeShellScriptBin "nixpkgs-update" ''
set -e
hash=$(
curl --silent --location \
https://prometheus.nixos.org/api/v1/query \
-d "query=channel_revision{channel=\"nixpkgs-unstable\"}" | \
grep --only-matching --extended-regexp "[0-9a-f]{40}")
sed -i -E "s|/nixpkgs/archive/[0-9a-f]{40}\.tar\.gz|/nixpkgs/archive/$hash.tar.gz|" shell.nix
echo "Nixpkgs updated to $hash"
'')
];
shell' = with pkgs; ''
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
export PYTHONNOUSERSITE=1
export TZ=UTC
current_python=$(readlink -e .venv/bin/python || echo "")
current_python=''${current_python%/bin/*}
[ "$current_python" != "${python'}" ] && rm -rf .venv/
echo "Installing Python dependencies"
export UV_COMPILE_BYTECODE=1
export UV_PYTHON="${python'}/bin/python"
uv sync --frozen
echo "Activating Python virtual environment"
source .venv/bin/activate
if [ -f .env ]; then
echo "Loading .env file"
set -o allexport
source .env set
set +o allexport
else
echo "Skipped loading .env file (not found)"
fi
'';
in
pkgs.mkShell {
buildInputs = packages';
shellHook = shell';
}