diff options
Diffstat (limited to '')
| -rw-r--r-- | trivionomicon/.gitignore | 2 | ||||
| -rw-r--r-- | trivionomicon/COPYING (renamed from COPYING) | 0 | ||||
| -rw-r--r-- | trivionomicon/doctrine/default.nix (renamed from doctrine/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/doctrine/lib/default.nix (renamed from doctrine/lib/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/doctrine/lib/import-all.nix (renamed from doctrine/lib/import-all.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/doctrine/lib/mk-module.nix (renamed from doctrine/lib/mk-module.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/flake.lock | 61 | ||||
| -rw-r--r-- | trivionomicon/flake.nix | 197 | ||||
| -rw-r--r-- | trivionomicon/modules/athena-bccr/default.nix (renamed from modules/athena-bccr/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/athena-bccr/hm.nix (renamed from modules/athena-bccr/hm.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/athena-bccr/options.nix (renamed from modules/athena-bccr/options.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/athena-bccr/sys.nix (renamed from modules/athena-bccr/sys.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/default.nix (renamed from modules/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/laptop/default.nix (renamed from modules/laptop/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/laptop/sys.nix (renamed from modules/laptop/sys.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/sway/default.nix (renamed from modules/sway/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/sway/options.nix (renamed from modules/sway/options.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/sway/sys.nix (renamed from modules/sway/sys.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/thinkpad/default.nix (renamed from modules/thinkpad/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/thinkpad/sys.nix (renamed from modules/thinkpad/sys.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/yubico/default.nix (renamed from modules/yubico/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/yubico/hm.nix (renamed from modules/yubico/hm.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/modules/yubico/sys.nix (renamed from modules/yubico/sys.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch | 25 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/LaunchGaudi.java | 12 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/default.nix | 30 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/firmador.nix | 57 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/gaudi-env.nix | 62 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/releases.nix | 12 | ||||
| -rw-r--r-- | trivionomicon/pkgs/athena-bccr/unwrapped.nix | 226 | ||||
| -rw-r--r-- | trivionomicon/pkgs/default.nix | 9 | ||||
| -rw-r--r-- | trivionomicon/pkgs/spliit/default.nix | 76 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/.gitignore (renamed from templates/system-flake/.gitignore) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/flake.nix (renamed from templates/system-flake/flake.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/home/default.nix (renamed from templates/system-flake/home/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/home/platform/me@foo/default.nix (renamed from templates/system-flake/home/platform/me@foo/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/pkgs/config/default.nix (renamed from templates/system-flake/pkgs/config/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/pkgs/config/unfree.nix (renamed from templates/system-flake/pkgs/config/unfree.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/pkgs/default.nix (renamed from templates/system-flake/pkgs/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/pkgs/hello-world/Makefile (renamed from templates/system-flake/pkgs/hello-world/Makefile) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/pkgs/hello-world/default.nix (renamed from templates/system-flake/pkgs/hello-world/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/pkgs/hello-world/hello-world.c (renamed from templates/system-flake/pkgs/hello-world/hello-world.c) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/pkgs/lib/default.nix (renamed from templates/system-flake/pkgs/lib/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/pkgs/lib/fibonacci.nix (renamed from templates/system-flake/pkgs/lib/fibonacci.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/sys/default.nix (renamed from templates/system-flake/sys/default.nix) | 0 | ||||
| -rw-r--r-- | trivionomicon/templates/system-flake/sys/platform/foo/default.nix (renamed from templates/system-flake/sys/platform/foo/default.nix) | 0 |
46 files changed, 769 insertions, 0 deletions
diff --git a/trivionomicon/.gitignore b/trivionomicon/.gitignore new file mode 100644 index 0000000..f094862 --- /dev/null +++ b/trivionomicon/.gitignore @@ -0,0 +1,2 @@ +!**/.keep +result diff --git a/COPYING b/trivionomicon/COPYING index f288702..f288702 100644 --- a/COPYING +++ b/trivionomicon/COPYING diff --git a/doctrine/default.nix b/trivionomicon/doctrine/default.nix index b4c72b8..b4c72b8 100644 --- a/doctrine/default.nix +++ b/trivionomicon/doctrine/default.nix diff --git a/doctrine/lib/default.nix b/trivionomicon/doctrine/lib/default.nix index f189e21..f189e21 100644 --- a/doctrine/lib/default.nix +++ b/trivionomicon/doctrine/lib/default.nix diff --git a/doctrine/lib/import-all.nix b/trivionomicon/doctrine/lib/import-all.nix index 423dd9c..423dd9c 100644 --- a/doctrine/lib/import-all.nix +++ b/trivionomicon/doctrine/lib/import-all.nix diff --git a/doctrine/lib/mk-module.nix b/trivionomicon/doctrine/lib/mk-module.nix index f76ccfe..f76ccfe 100644 --- a/doctrine/lib/mk-module.nix +++ b/trivionomicon/doctrine/lib/mk-module.nix diff --git a/trivionomicon/flake.lock b/trivionomicon/flake.lock new file mode 100644 index 0000000..8730827 --- /dev/null +++ b/trivionomicon/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1754292888, + "narHash": "sha256-1ziydHSiDuSnaiPzCQh1mRFBsM2d2yRX9I+5OPGEmIE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ce01daebf8489ba97bd1609d185ea276efdeb121", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/trivionomicon/flake.nix b/trivionomicon/flake.nix new file mode 100644 index 0000000..1a20e9e --- /dev/null +++ b/trivionomicon/flake.nix @@ -0,0 +1,197 @@ +{ + inputs = { + flake-utils.url = "github:numtide/flake-utils"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + }; + + outputs = { + self, + nixpkgs, + flake-utils, + }: let + mapOverlayOverride = namespace: overlay: final: prev: let + overlayPkgs = overlay final prev; + in + { + "${namespace}" = builtins.removeAttrs overlayPkgs ["override"]; + } + // (overlayPkgs.override or {}); + in + flake-utils.lib.eachDefaultSystem (system: { + formatter = (import nixpkgs {inherit system;}).alejandra; + + packages = + (import nixpkgs { + inherit system; + overlays = [(mapOverlayOverride "local" (import ./pkgs))]; + }).local; + }) + // { + templates = let + system-flake = { + path = ./templates/system-flake; + description = "Opinionated flake for a NixOS system with Home Manager"; + }; + in { + inherit system-flake; + + default = system-flake; + }; + + overlays = let + overlay = mapOverlayOverride "trivium" (import ./pkgs); + in { + default = overlay; + trivium = overlay; + }; + + homeManagerModules.default = ./modules; + nixosModules.default = ./modules; + + lib = { + mkSystemFlake = { + flakes, + system, + formatter ? "alejandra", + localOverlayPath ? /. + "${flakes.self}" + /pkgs, + nixpkgsConfigPath ? localOverlayPath + /config, + nixosSourcePath ? /. + "${flakes.self}" + /sys, + nixosPlatformsPath ? + if nixosSourcePath != null + then nixosSourcePath + /platform + else null, + hmSourcePath ? /. + "${flakes.self}" + /home, + hmPlatformsPath ? + if hmSourcePath != null + then hmSourcePath + /platform + else null, + }: let + optionalFlake = name: + if flakes ? "${name}" + then flakes.${name} + else null; + + requireFlake = name: + if flakes ? "${name}" + then flakes.${name} + else throw "Required flake input '${name}' is required but was not provided"; + + nur = optionalFlake "nur"; + nixpkgs = requireFlake "nixpkgs"; + unstable = optionalFlake "unstable"; + + home-manager = + if hmSourcePath != null + then requireFlake "home-manager" + else null; + + pkgs = importPkgs nixpkgs; + + importPkgs = flake: + import flake ({ + inherit system; + + config = import ./pkgs/config nixpkgs.lib; + overlays = let + conditions = [ + { + overlay = nur.overlays.default; + condition = nur != null; + } + # NB: Preserve the relative order + { + overlay = self.overlays.trivium; + condition = true; + } + { + overlay = flakes.self.overlays.default; + condition = true; + } + ]; + in + builtins.map (cond: cond.overlay) (builtins.filter (cond: cond.condition) conditions); + } + // ( + if nixpkgsConfigPath != null + then { + config = import nixpkgsConfigPath {inherit (nixpkgs) lib;}; + } + else {} + )); + + inherit (pkgs.trivium.lib) importAll; + in + with pkgs.lib; + { + formatter.${system} = + if formatter == "alejandra" + then pkgs.alejandra + else if formatter == "nixpkgs-fmt" + then pkgs.nixpkgs-fmt + else throw "Unknown formatter: '${formatter}'"; + + packages.${system} = pkgs.local; + + overlays.default = final: prev: let + overlay = + if localOverlayPath != null + then import localOverlayPath + else (final: prev: {}); + in + mapOverlayOverride "local" overlay final prev + // optionalAttrs (unstable != null) { + unstable = importPkgs unstable; + }; + } + // optionalAttrs (nixosSourcePath != null) { + nixosConfigurations = let + nixosSystem = {modules}: + makeOverridable nixpkgs.lib.nixosSystem { + inherit modules pkgs system; + + specialArgs = { + inherit flakes; + }; + }; + + hostConfig = platform: + nixosSystem { + modules = [ + self.nixosModules.default + nixosSourcePath + platform + ]; + }; + in + mapAttrs (_: hostConfig) (importAll {root = nixosPlatformsPath;}); + } + // optionalAttrs (hmSourcePath != null) { + homeConfigurations = let + registry = {...}: { + config.nix.registry = + mapAttrs + (_: value: {flake = value;}) + flakes; + }; + + home = name: platform: + home-manager.lib.homeManagerConfiguration { + inherit pkgs; + + extraSpecialArgs = { + inherit flakes; + }; + + modules = [ + self.homeManagerModules.default + hmSourcePath + platform + registry + ]; + }; + in + mapAttrs home (importAll {root = hmPlatformsPath;}); + }; + }; + }; +} diff --git a/modules/athena-bccr/default.nix b/trivionomicon/modules/athena-bccr/default.nix index 93c5660..93c5660 100644 --- a/modules/athena-bccr/default.nix +++ b/trivionomicon/modules/athena-bccr/default.nix diff --git a/modules/athena-bccr/hm.nix b/trivionomicon/modules/athena-bccr/hm.nix index 0678e3c..0678e3c 100644 --- a/modules/athena-bccr/hm.nix +++ b/trivionomicon/modules/athena-bccr/hm.nix diff --git a/modules/athena-bccr/options.nix b/trivionomicon/modules/athena-bccr/options.nix index eb61cf5..eb61cf5 100644 --- a/modules/athena-bccr/options.nix +++ b/trivionomicon/modules/athena-bccr/options.nix diff --git a/modules/athena-bccr/sys.nix b/trivionomicon/modules/athena-bccr/sys.nix index 631185d..631185d 100644 --- a/modules/athena-bccr/sys.nix +++ b/trivionomicon/modules/athena-bccr/sys.nix diff --git a/modules/default.nix b/trivionomicon/modules/default.nix index 0c0fd4c..0c0fd4c 100644 --- a/modules/default.nix +++ b/trivionomicon/modules/default.nix diff --git a/modules/laptop/default.nix b/trivionomicon/modules/laptop/default.nix index b908d47..b908d47 100644 --- a/modules/laptop/default.nix +++ b/trivionomicon/modules/laptop/default.nix diff --git a/modules/laptop/sys.nix b/trivionomicon/modules/laptop/sys.nix index 252f49c..252f49c 100644 --- a/modules/laptop/sys.nix +++ b/trivionomicon/modules/laptop/sys.nix diff --git a/modules/sway/default.nix b/trivionomicon/modules/sway/default.nix index 9f49e7c..9f49e7c 100644 --- a/modules/sway/default.nix +++ b/trivionomicon/modules/sway/default.nix diff --git a/modules/sway/options.nix b/trivionomicon/modules/sway/options.nix index e433039..e433039 100644 --- a/modules/sway/options.nix +++ b/trivionomicon/modules/sway/options.nix diff --git a/modules/sway/sys.nix b/trivionomicon/modules/sway/sys.nix index 9c8b664..9c8b664 100644 --- a/modules/sway/sys.nix +++ b/trivionomicon/modules/sway/sys.nix diff --git a/modules/thinkpad/default.nix b/trivionomicon/modules/thinkpad/default.nix index e210947..e210947 100644 --- a/modules/thinkpad/default.nix +++ b/trivionomicon/modules/thinkpad/default.nix diff --git a/modules/thinkpad/sys.nix b/trivionomicon/modules/thinkpad/sys.nix index bc96146..bc96146 100644 --- a/modules/thinkpad/sys.nix +++ b/trivionomicon/modules/thinkpad/sys.nix diff --git a/modules/yubico/default.nix b/trivionomicon/modules/yubico/default.nix index 71bed70..71bed70 100644 --- a/modules/yubico/default.nix +++ b/trivionomicon/modules/yubico/default.nix diff --git a/modules/yubico/hm.nix b/trivionomicon/modules/yubico/hm.nix index 8d06368..8d06368 100644 --- a/modules/yubico/hm.nix +++ b/trivionomicon/modules/yubico/hm.nix diff --git a/modules/yubico/sys.nix b/trivionomicon/modules/yubico/sys.nix index 3cd009f..3cd009f 100644 --- a/modules/yubico/sys.nix +++ b/trivionomicon/modules/yubico/sys.nix diff --git a/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch b/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch new file mode 100644 index 0000000..e7fc5d5 --- /dev/null +++ b/trivionomicon/pkgs/athena-bccr/0001-Remove-CheckUpdatePlugin-from-default-list.patch @@ -0,0 +1,25 @@ +From 5e7eb46f46af6a29a2aea19db722ebc28baede25 Mon Sep 17 00:00:00 2001 +From: Alejandro Soto <alejandro@34project.org> +Date: Sat, 21 Jun 2025 22:37:19 -0600 +Subject: [PATCH] Remove CheckUpdatePlugin from default list + +--- + src/main/java/cr/libre/firmador/Settings.java | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/main/java/cr/libre/firmador/Settings.java b/src/main/java/cr/libre/firmador/Settings.java +index e5ddf01..a028d6e 100644 +--- a/src/main/java/cr/libre/firmador/Settings.java ++++ b/src/main/java/cr/libre/firmador/Settings.java +@@ -81,7 +81,7 @@ public class Settings { + + public Settings() { + activePlugins.add("cr.libre.firmador.plugins.DummyPlugin"); +- activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); ++ // activePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); + availablePlugins.add("cr.libre.firmador.plugins.DummyPlugin"); + availablePlugins.add("cr.libre.firmador.plugins.CheckUpdatePlugin"); + } +-- +2.49.0 + diff --git a/trivionomicon/pkgs/athena-bccr/LaunchGaudi.java b/trivionomicon/pkgs/athena-bccr/LaunchGaudi.java new file mode 100644 index 0000000..e4bcdbf --- /dev/null +++ b/trivionomicon/pkgs/athena-bccr/LaunchGaudi.java @@ -0,0 +1,12 @@ +// Los del BCCR no se molestaron en ponerle un main al Agente Gaudi porque el +// actualizador (que a su vez sí tiene main) carga el jar en memoria y crea una +// instancia de Inicializador usando reflexión. El actualizador no es relevante +// en Nix. En todo caso, dicho actualizador es sumamente frágil y me daría +// demasiada pereza arreglarlo, así que en su lugar usamos este stub para +// launchear Gaudi. + +public class LaunchGaudi { + public static void main(String[] args) { + new InicializadorCliente.Inicializador(""); + } +} diff --git a/trivionomicon/pkgs/athena-bccr/default.nix b/trivionomicon/pkgs/athena-bccr/default.nix new file mode 100644 index 0000000..a5f79ca --- /dev/null +++ b/trivionomicon/pkgs/athena-bccr/default.nix @@ -0,0 +1,30 @@ +{ + callPackage, + lib, +}: let + latest = "deb64-rev26"; + + releases = lib.mapAttrs (name: release: release // {name = name;}) (import ./releases.nix); + + overrideUnwrapped = default: new: let + args = default // new; + unwrappedPkgs = lib.filterAttrs (name: _: ! lib.elem name ["override" "overrideDerivation"]) (callPackage ./unwrapped.nix args); + in + lib.fix (unwrapped: lib.mapAttrs (_: pkg: callPackage pkg unwrapped) unwrappedPkgs) + // { + override = overrideUnwrapped args; + }; + + pkgsForRelease = release: let + ase-pkcs11 = unwrapped.ase-idprotect.lib; + libasep11 = "${ase-pkcs11}/lib/x64-athena/libASEP11.so"; + unwrapped = overrideUnwrapped {inherit release;} {}; + in { + inherit ase-pkcs11 libasep11; + inherit (unwrapped) ase-idprotect bccr-cacerts; + + gaudi = callPackage ./gaudi-env.nix {inherit unwrapped;}; + firmador = callPackage ./firmador.nix {inherit libasep11;}; + }; +in + lib.mapAttrs (_: pkgsForRelease) (releases // {latest = releases.${latest};}) diff --git a/trivionomicon/pkgs/athena-bccr/firmador.nix b/trivionomicon/pkgs/athena-bccr/firmador.nix new file mode 100644 index 0000000..d280b56 --- /dev/null +++ b/trivionomicon/pkgs/athena-bccr/firmador.nix @@ -0,0 +1,57 @@ +{ + fetchgit, + lib, + makeWrapper, + maven, + openjdk, + wrapGAppsHook, + libasep11 ? null, +}: let + jdk = openjdk.override { + enableJavaFX = true; + }; + + version = "1.9.8"; +in + maven.buildMavenPackage { + pname = "firmador"; + inherit version; + + src = fetchgit { + url = "https://codeberg.org/firmador/firmador"; + rev = version; + hash = "sha256-xdiVPjihRADPK4nG+WQHWsDzVYLCeN6ouQ6SDtjf1qQ="; + }; + + patches = [ + ./0001-Remove-CheckUpdatePlugin-from-default-list.patch + ]; + + mvnHash = "sha256-h1zoStTgaE7toWWKq0Y0ahOORyltChwjmaMYjLgs1VE="; + + nativeBuildInputs = [ + makeWrapper + wrapGAppsHook + ]; + + postPatch = lib.optionalString (libasep11 != null) '' + sed -i 's@/usr/lib/x64-athena/libASEP11.so@${libasep11}@g' src/main/java/cr/libre/firmador/CRSigner.java + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin $out/share/java + install -Dm644 target/firmador.jar $out/share/java + + makeWrapper ${jdk}/bin/java $out/bin/firmador \ + --add-flags "-jar $out/share/java/firmador.jar" + + runHook postInstall + ''; + + meta = { + homepage = "https://firmador.libre.cr"; + license = lib.licenses.gpl3Plus; + }; + } diff --git a/trivionomicon/pkgs/athena-bccr/gaudi-env.nix b/trivionomicon/pkgs/athena-bccr/gaudi-env.nix new file mode 100644 index 0000000..0ca1b82 --- /dev/null +++ b/trivionomicon/pkgs/athena-bccr/gaudi-env.nix @@ -0,0 +1,62 @@ +{ + buildFHSEnv, + curl, + lib, + writeShellScriptBin, + gaudiHash ? null, + unwrapped, +}: let + unwrappedWithGaudi = unwrapped.override {inherit gaudiHash;}; +in + buildFHSEnv { + name = "gaudi"; + + targetPkgs = pkgs: [ + unwrappedWithGaudi.ase-idprotect.lib + unwrappedWithGaudi.gaudi + + (writeShellScriptBin "launch-gaudi" '' + set -o errexit + set -o pipefail + set -o nounset + + PATH="${lib.makeBinPath [curl]}:$PATH" + + echo "$0: testing for incompatible releases..." >&2 + + jar_name=bccr-firma-fva-clienteMultiplataforma.jar + url="https://www.firmadigital.go.cr/Bccr.Firma.Fva.Actualizador.ClienteFirmadorJava//recursosLiberica17/actualizador/$jar_name" + ca_file="${unwrappedWithGaudi.bccr-cacerts}/root-ca.pem" + url_hash=$(curl -sS --cacert "$ca_file" "$url" | sha256sum | cut -d' ' -f1) + jar_path="${unwrappedWithGaudi.gaudi}/share/java/$jar_name" + jar_hash=$(sha256sum "$jar_path" | cut -d' ' -f1) + + if [ "$url_hash" != "$jar_hash" ]; then + last_modified=$(curl -sS --head --cacert "$ca_file" "$url" | grep -i '^last-modified:' | head -1) + + echo "$0: sha256 mismatch for $jar_path due to server-side update" >&2 + echo "$0: expected: $url_hash" >&2 + echo "$0: actual: $jar_hash" >&2 + echo "$0: $last_modified" >&2 + echo "$0: run the following to download the new client JAR, then update your derivation:" >&2 + echo "$0: \$ ${unwrappedWithGaudi.update-gaudi}" >&2 + + exit 1 + fi + + cache_path_1="''${XDG_CACHE_HOME:-$HOME/.cache}/Agente-GAUDI" + cache_path_2="''${XDG_CACHE_HOME:-$HOME/.cache}/Firmador-BCCR" + + for cache_path in "$cache_path_1" "$cache_path_2"; do + mkdir -p "$cache_path" + ln -sf -- ${unwrappedWithGaudi.gaudi}/share/java/bccr-firma-fva-clienteMultiplataforma.jar "$cache_path" + done + + cp -f --no-preserve=mode -t "$cache_path_1" -- "${unwrappedWithGaudi.gaudi}/share/java/config.properties" + + exec gaudi + '') + ]; + + runScript = "launch-gaudi"; + } diff --git a/trivionomicon/pkgs/athena-bccr/releases.nix b/trivionomicon/pkgs/athena-bccr/releases.nix new file mode 100644 index 0000000..e965172 --- /dev/null +++ b/trivionomicon/pkgs/athena-bccr/releases.nix @@ -0,0 +1,12 @@ +{ + "deb64-rev26" = { + # nix hash convert --hash-algo sha256 --from base16 --to sri $(sha256sum sfd_ClientesLinux_DEB64_Rev26.zip | cut -d' ' -f1) + hash = "sha256-ZPWP9TqJQ5coJAPzUSiaXKVItBWlqFM4smCjOf+gqQM="; + basename = "sfd_ClientesLinux_DEB64_Rev26"; + + srcPaths = { + gaudi = "Firma Digital/Agente GAUDI/agente-gaudi_20.0_amd64.deb"; + idprotect = "Firma Digital/PinTool/IDProtect PINTool 7.24.02/DEB/idprotectclient_7.24.02-0_amd64.deb"; + }; + }; +} diff --git a/trivionomicon/pkgs/athena-bccr/unwrapped.nix b/trivionomicon/pkgs/athena-bccr/unwrapped.nix new file mode 100644 index 0000000..d6f3f38 --- /dev/null +++ b/trivionomicon/pkgs/athena-bccr/unwrapped.nix @@ -0,0 +1,226 @@ +{ + lib, + requireFile, + release, + gaudiHash ? null, + ... +}: let + inherit (release) srcPaths; + + src = requireFile { + url = "https://soportefirmadigital.com"; + name = "${release.basename}.zip"; + + inherit (release) hash; + }; + + gaudiUpdateSrc = {update-gaudi}: + requireFile { + url = "${update-gaudi}"; + name = "gaudi-update-${release.name}.zip"; + + hash = gaudiHash; + }; + + moduleFromDeb = name: args @ { + stdenv, + dpkg, + unzip, + srcPath, + ... + }: + stdenv.mkDerivation ({ + pname = "${name}-unwrapped"; + version = release.name; + + inherit src; + + nativeBuildInputs = [dpkg unzip] ++ (args.nativeBuildInputs or []); + + postUnpack = '' + dpkg -x ${lib.escapeShellArg "${release.basename}/${srcPath}"} ${lib.escapeShellArg release.basename} + ''; + } + // lib.removeAttrs args ["stdenv" "dpkg" "unzip" "srcPath" "nativeBuildInputs"]); +in { + ase-idprotect = { + autoPatchelfHook, + dpkg, + fontconfig, + freetype, + pcsclite, + stdenv, + unzip, + xorg, + zlib, + ... + }: + moduleFromDeb "ase-idprotect" { + inherit dpkg stdenv unzip; + srcPath = srcPaths.idprotect; + + buildInputs = [ + fontconfig + freetype + pcsclite + stdenv.cc.cc.lib + xorg.libX11 + xorg.libXext + zlib + ]; + + nativeBuildInputs = [ + autoPatchelfHook + ]; + + outputs = ["out" "lib"]; + + installPhase = '' + runHook preInstall + + install -m755 -d $out/bin $lib/{etc,lib/x64-athena} + install -m755 usr/bin/IDProtect{_Manager,PINTool} $out/bin/ + install -m755 usr/lib/x64-athena/* $lib/lib/x64-athena + cp -r etc/Athena $lib/etc/Athena + + runHook postInstall + ''; + + preFixup = '' + patchelf --set-rpath $lib/lib/x64-athena $out/bin/* + ''; + }; + + gaudi = { + autoPatchelfHook, + dpkg, + makeWrapper, + openjdk, + pkgs, + stdenv, + unzip, + writeShellScriptBin, + update-gaudi, + ... + }: let + jdk = openjdk.override { + enableJavaFX = true; + openjfx_jdk = pkgs."openjfx${lib.head (lib.splitString "." openjdk.version)}".override {withWebKit = true;}; + }; + + fakeSudo = writeShellScriptBin "sudo" ""; + gaudiUpdate = gaudiUpdateSrc {inherit update-gaudi;}; + in + moduleFromDeb "gaudi" { + inherit dpkg stdenv unzip; + srcPath = srcPaths.gaudi; + + nativeBuildInputs = [ + autoPatchelfHook + jdk + makeWrapper + ]; + + preBuild = lib.optionalString (gaudiHash != null) '' + unzip -o ${gaudiUpdate} -d opt/Agente-GAUDI/lib/app + ''; + + buildPhase = '' + runHook preBuild + + install -m755 -d $out/{bin,opt/Firmador-BCCR/lib} + cp -r opt/Agente-GAUDI/lib/app $out/opt/Firmador-BCCR/lib/app + + # Preserves the original filename and avoids <hash>-LaunchGaudi.java + ln -s ${./LaunchGaudi.java} LaunchGaudi.java + + javac \ + -cp opt/Agente-GAUDI/lib/app/bccr-firma-fva-clienteMultiplataforma.jar \ + -d $out/opt/Firmador-BCCR/lib/app \ + LaunchGaudi.java + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + install -m755 -d $out/{share,opt/Firmador-BCCR/lib/runtime/lib} + install -m755 -D opt/Agente-GAUDI/bin/Agente-GAUDI $out/opt/Firmador-BCCR/bin/Agente-GAUDI + install -m755 -D opt/Agente-GAUDI/lib/libapplauncher.so $out/opt/Firmador-BCCR/lib/libapplauncher.so + + ln -s ../opt/Firmador-BCCR/lib/app $out/share/java + ln -s Firmador-BCCR $out/opt/Agente-GAUDI + ln -s ${jdk}/lib/openjdk/lib/libjli.so $out/opt/Firmador-BCCR/lib/runtime/lib/libjli.so + + makeWrapper ${jdk}/bin/java $out/bin/gaudi \ + --prefix PATH : ${fakeSudo}/bin \ + --add-flags "-cp $out/share/java:$out/share/java/bccr-firma-fva-clienteMultiplataforma.jar" \ + --add-flags "-Djavax.net.ssl.trustStore=$out/opt/Firmador-BCCR/lib/app/bccr.cacerts" \ + --add-flags "LaunchGaudi" + + runHook postInstall + ''; + }; + + bccr-cacerts = { + openssl, + stdenv, + unzip, + ... + }: + stdenv.mkDerivation { + pname = "bccr-cacerts"; + version = release.name; + + inherit src; + + nativeBuildInputs = [ + openssl + unzip + ]; + + installPhase = '' + cp -r Firma\ Digital/Certificados $out + openssl x509 -in $out/CA\ RAIZ\ NACIONAL\ -\ COSTA\ RICA\ v2.crt -out $out/root-ca.pem -text + ''; + }; + + update-gaudi = { + wget, + writeShellScript, + zip, + bccr-cacerts, + ... + }: + writeShellScript "update-gaudi" '' + set -o errexit + set -o pipefail + set -o nounset + + temp_dir="$(mktemp -d)" + trap 'cd / && rm -rf -- "$temp_dir"' EXIT + cd "$temp_dir" + + PATH="${lib.makeBinPath [wget zip]}:$PATH" + ca_cert="${bccr-cacerts}/root-ca.pem" + base_url="https://www.firmadigital.go.cr/Bccr.Firma.Fva.Actualizador.ClienteFirmadorJava//recursosLiberica17/actualizador" + + wget --ca-certificate="$ca_cert" "$base_url/bccr.cacerts" + wget --ca-certificate="$ca_cert" "$base_url/config.properties" + wget --ca-certificate="$ca_cert" "$base_url/bccr-firma-fva-clienteMultiplataforma.jar" + wget --ca-certificate="$ca_cert" "$base_url/ServicioActualizadorClienteBCCR.jar" + + # https://gist.github.com/stokito/c588b8d6a6a0aee211393d68eea678f2 + TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} + + zip_path="$PWD/gaudi-update-${release.name}.zip" + TZ=UTC zip -q --move --recurse-paths --symlinks -X "$zip_path" . + TZ=UTC touch -a -m -t 198002010000.00 "$zip_path" + + set -x + nix-store --add-fixed sha256 "$zip_path" + set +x + + echo -e "\ngaudiHash: $(nix-hash --to-sri --type sha256 $(sha256sum "$zip_path" | cut -d' ' -f1))" + ''; +} diff --git a/trivionomicon/pkgs/default.nix b/trivionomicon/pkgs/default.nix new file mode 100644 index 0000000..484ca77 --- /dev/null +++ b/trivionomicon/pkgs/default.nix @@ -0,0 +1,9 @@ +final: prev: +with prev.lib; let + inherit (final) callPackage; +in { + override = {}; + + athena-bccr = callPackage ./athena-bccr {}; + spliit = callPackage ./spliit {}; +} diff --git a/trivionomicon/pkgs/spliit/default.nix b/trivionomicon/pkgs/spliit/default.nix new file mode 100644 index 0000000..280e820 --- /dev/null +++ b/trivionomicon/pkgs/spliit/default.nix @@ -0,0 +1,76 @@ +{ + buildNpmPackage, + fetchFromGitHub, + nodePackages, + lib, + writeShellScriptBin, + pkgs, +}: let + schemaEngine = "${pkgs.prisma-engines}/bin/schema-engine"; + queryEngineBin = "${pkgs.prisma-engines}/bin/query-engine"; + queryEngineLib = "${pkgs.prisma-engines}/lib/libquery_engine.node"; + buildFlags = ["--ignore-scripts"]; +in + buildNpmPackage { + pname = "spliit2"; + version = "master-20250420"; + + src = fetchFromGitHub { + repo = "spliit"; + owner = "spliit-app"; + + rev = "a11efc79c13298c0d282e47496d132538752405f"; + hash = "sha256-v4gaPzLzBbbqw/LDYxe1fiyficcrqcGOop23YPiTrdc="; + }; + + npmDepsHash = "sha256-sd0/7ruNUFxUKTeTwx/v8Vc/G3llkXP6RSDE78h3qVU="; + + nativeBuildInputs = [pkgs.openssl]; + + npmRebuildFlags = buildFlags; + + PRISMA_SCHEMA_ENGINE_BINARY = schemaEngine; + PRISMA_QUERY_ENGINE_BINARY = queryEngineBin; + PRISMA_QUERY_ENGINE_LIBRARY = queryEngineLib; + + preBuild = '' + cp -v scripts/build.env .env + + npx prisma generate + ''; + + npmBuildFlags = buildFlags; + + postInstall = '' + cp -r .next public package.json next.config.mjs $out/lib/node_modules/spliit2 + + install -Dvm755 -t $out/bin ${lib.getExe (writeShellScriptBin "spliit2" '' + set -euxo pipefail + + cd @out@/lib/node_modules/spliit2 + + export PATH="$PWD/node_modules/.bin:$PATH" + export NEXT_TELEMETRY_DISABLED=1 + + export PRISMA_SCHEMA_ENGINE_BINARY="${schemaEngine}" + export PRISMA_QUERY_ENGINE_BINARY="${queryEngineBin}" + export PRISMA_QUERY_ENGINE_LIBRARY="${queryEngineLib}" + + prisma migrate deploy + next start + '')} + + substituteInPlace $out/bin/spliit2 \ + --replace @out@ $out + + wrapProgram $out/bin/spliit2 \ + --prefix PATH : ${lib.makeBinPath [pkgs.openssl]} + ''; + + meta = { + description = "Free and Open Source Alternative to Splitwise. Share expenses with your friends and family."; + homepage = "https://spliit.app"; + license = lib.licenses.mit; + maintainers = with lib.maintainers; []; + }; + } diff --git a/templates/system-flake/.gitignore b/trivionomicon/templates/system-flake/.gitignore index 21f979d..21f979d 100644 --- a/templates/system-flake/.gitignore +++ b/trivionomicon/templates/system-flake/.gitignore diff --git a/templates/system-flake/flake.nix b/trivionomicon/templates/system-flake/flake.nix index 6afe06f..6afe06f 100644 --- a/templates/system-flake/flake.nix +++ b/trivionomicon/templates/system-flake/flake.nix diff --git a/templates/system-flake/home/default.nix b/trivionomicon/templates/system-flake/home/default.nix index 49439c7..49439c7 100644 --- a/templates/system-flake/home/default.nix +++ b/trivionomicon/templates/system-flake/home/default.nix diff --git a/templates/system-flake/home/platform/me@foo/default.nix b/trivionomicon/templates/system-flake/home/platform/me@foo/default.nix index 6481e85..6481e85 100644 --- a/templates/system-flake/home/platform/me@foo/default.nix +++ b/trivionomicon/templates/system-flake/home/platform/me@foo/default.nix diff --git a/templates/system-flake/pkgs/config/default.nix b/trivionomicon/templates/system-flake/pkgs/config/default.nix index 47abe76..47abe76 100644 --- a/templates/system-flake/pkgs/config/default.nix +++ b/trivionomicon/templates/system-flake/pkgs/config/default.nix diff --git a/templates/system-flake/pkgs/config/unfree.nix b/trivionomicon/templates/system-flake/pkgs/config/unfree.nix index deda971..deda971 100644 --- a/templates/system-flake/pkgs/config/unfree.nix +++ b/trivionomicon/templates/system-flake/pkgs/config/unfree.nix diff --git a/templates/system-flake/pkgs/default.nix b/trivionomicon/templates/system-flake/pkgs/default.nix index 78a86d4..78a86d4 100644 --- a/templates/system-flake/pkgs/default.nix +++ b/trivionomicon/templates/system-flake/pkgs/default.nix diff --git a/templates/system-flake/pkgs/hello-world/Makefile b/trivionomicon/templates/system-flake/pkgs/hello-world/Makefile index 4eef056..4eef056 100644 --- a/templates/system-flake/pkgs/hello-world/Makefile +++ b/trivionomicon/templates/system-flake/pkgs/hello-world/Makefile diff --git a/templates/system-flake/pkgs/hello-world/default.nix b/trivionomicon/templates/system-flake/pkgs/hello-world/default.nix index 19047a1..19047a1 100644 --- a/templates/system-flake/pkgs/hello-world/default.nix +++ b/trivionomicon/templates/system-flake/pkgs/hello-world/default.nix diff --git a/templates/system-flake/pkgs/hello-world/hello-world.c b/trivionomicon/templates/system-flake/pkgs/hello-world/hello-world.c index d6cfa6b..d6cfa6b 100644 --- a/templates/system-flake/pkgs/hello-world/hello-world.c +++ b/trivionomicon/templates/system-flake/pkgs/hello-world/hello-world.c diff --git a/templates/system-flake/pkgs/lib/default.nix b/trivionomicon/templates/system-flake/pkgs/lib/default.nix index ab54163..ab54163 100644 --- a/templates/system-flake/pkgs/lib/default.nix +++ b/trivionomicon/templates/system-flake/pkgs/lib/default.nix diff --git a/templates/system-flake/pkgs/lib/fibonacci.nix b/trivionomicon/templates/system-flake/pkgs/lib/fibonacci.nix index a12576b..a12576b 100644 --- a/templates/system-flake/pkgs/lib/fibonacci.nix +++ b/trivionomicon/templates/system-flake/pkgs/lib/fibonacci.nix diff --git a/templates/system-flake/sys/default.nix b/trivionomicon/templates/system-flake/sys/default.nix index fa0f994..fa0f994 100644 --- a/templates/system-flake/sys/default.nix +++ b/trivionomicon/templates/system-flake/sys/default.nix diff --git a/templates/system-flake/sys/platform/foo/default.nix b/trivionomicon/templates/system-flake/sys/platform/foo/default.nix index ef84269..ef84269 100644 --- a/templates/system-flake/sys/platform/foo/default.nix +++ b/trivionomicon/templates/system-flake/sys/platform/foo/default.nix |