diff --git a/flake.nix b/flake.nix index a52ab4a09..e300f7570 100644 --- a/flake.nix +++ b/flake.nix @@ -1,64 +1,63 @@ { description = "Comm flake"; inputs = { utils.url = "github:numtide/flake-utils"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs-grpc-web.url = "github:NixOS/nixpkgs/9957cd48326fe8dbd52fdc50dd2502307f188b0d"; # Do not update, used for EOL versions of mariaDB and arcanist+php8.0 nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; }; outputs = { self, nixpkgs, nixpkgs-grpc-web, nixpkgs-unstable, utils, ... }: let # Overlays allow for extending a package set, in this case, we are # extending nixpkgs with our devShell localOverlay = import ./nix/overlay.nix; grpcWebOverlay = final: prev: { protoc-gen-grpc-web = nixpkgs-grpc-web.legacyPackages.aarch64-darwin.protoc-gen-grpc-web; }; overlays = [ localOverlay grpcWebOverlay (_: _: { commSrc = toString self; } ) ]; # Since we build for many systems (e.g. aarch64, x86_64-linux), we # create a helper function to help facilitate instantiation of the related # package set pkgsForSystem = system: let oldNixpkgs = import nixpkgs { inherit system; }; in import nixpkgs-unstable { inherit system; config.allowUnfree = true; overlays = overlays ++ [ # Re-introduce older packages that were removed in latest nixpkgs (_: _: { emscripten = oldNixpkgs.emscripten; # Changed signficantly php80 = oldNixpkgs.php80; # Used for arcanist - mariadb = oldNixpkgs.mariadb_108; }) ]; }; # utils.lib.eachSystem helps create a result set of expected flake outputs # of the form . # https://github.com/numtide/flake-utils#usage for more examples in utils.lib.eachSystem [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ] (system: rec { legacyPackages = pkgsForSystem system; inherit (legacyPackages) devShell devShells; }) // { # these outputs will lack the system suffix (e.g. # devShell.aarch64-darwin), thus should be system agnostic such as # overlays or utility functions. overlays.default = localOverlay; nixConfig = { substitutors = "https://comm.cachix.org"; extra-trusted-substitutors = "https://comm.cachix.org"; trusted-public-keys = "comm.cachix.org-1:70RF31rkmCEhQ9HrXA2uXcpqQKGcUK3TxLJdgcUCaA4="; extra-trusted-public-keys = "comm.cachix.org-1:70RF31rkmCEhQ9HrXA2uXcpqQKGcUK3TxLJdgcUCaA4="; }; }; } diff --git a/nix/mariadb-up-mac.nix b/nix/mariadb-up-mac.nix index c65c43fc0..22bfd3f77 100644 --- a/nix/mariadb-up-mac.nix +++ b/nix/mariadb-up-mac.nix @@ -1,128 +1,141 @@ { lib , gnused , openssl , mariadb , writeShellApplication , writeTextFile }: let # Use small script executed by bash to have a normal shell environment. mariadb-entrypoint = writeShellApplication { name = "mariadb-init"; text = '' MARIADB_DIR=''${XDG_DATA_HOME:-$HOME/.local/share}/MariaDB echo "View MariaDB logs: tail -f $MARIADB_DIR/logs" >&2 echo "Kill MariaDB server: pkill mariadbd" >&2 # Explicitly close fd3 to prevent `direnv` from hanging # (https://linear.app/comm/issue/ENG-3254/remove-wait-logic-in-nix-develop) exec 3>&- # 'exec' allows for us to replace bash process with MariaDB exec "${mariadb}/bin/mariadbd" \ --performance-schema \ --socket "$MARIADB_DIR"/mysql.sock \ --datadir "$MARIADB_DIR" \ --innodb-ft-min-token-size=1 \ --innodb-ft-enable-stopword=0 \ &> "$MARIADB_DIR"/logs ''; }; mariadb-version = let versions = lib.versions; in "${versions.major mariadb.version}.${versions.minor mariadb.version}"; # Small boiler-plate text file for us to write for keyserver db_config_template = writeTextFile { name = "db-config"; text = '' { "host": "127.0.0.1", "user": "comm", "password": "PASS", "database": "comm", } ''; }; # writeShellApplication is a "writer helper" which # will create a shellchecked executable shell script located in $out/bin/ # This shell script will be used to allow for impure+stateful actions in writeShellApplication { name = "mariadb-up"; text = '' # "$HOME/Library/Application Support/" is the canonical path to use # on darwin for storing user data for installed applications. # However, mysql and mariadb don't quote paths in the mariadbd script, # so use XDG conventions and hope $HOME doesn't have a space. MARIADB_DATA_HOME="''${XDG_DATA_HOME:-$HOME/.local/share}/MariaDB" MARIADB_PIDFILE="$MARIADB_DATA_HOME"/mariadb.pid export MYSQL_UNIX_PORT="$MARIADB_DATA_HOME"/mysql.sock if [[ ! -d "$MARIADB_DATA_HOME"/mysql ]]; then # mysql directory should exist if MariaDB has been initialized echo "Initializing MariaDB database at $MARIADB_DATA_HOME" >&2 "${lib.getBin mariadb}/bin/mariadb-install-db" \ --datadir="$MARIADB_DATA_HOME" \ --auth-root-authentication-method=socket fi "${../scripts/start_comm_daemon.sh}" \ mariadbd \ MariaDB \ "${mariadb-entrypoint}/bin/mariadb-init" \ "$MARIADB_PIDFILE" while [[ ! -S "$MYSQL_UNIX_PORT" ]]; do echo "Waiting for MariaDB socket" sleep 3 done # Assume this was run from git repository PRJ_ROOT=$(git rev-parse --show-toplevel) KEYSERVER_DB_CONFIG="$PRJ_ROOT"/keyserver/secrets/db_config.json # Check if database exists commDBCount=$("${lib.getBin mariadb}/bin/mariadb" -u "$USER" \ -Bse "SELECT COUNT(1) FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = 'comm';" ) if [[ "$commDBCount" -eq 0 ]]; then "${lib.getBin mariadb}/bin/mariadb" -u "$USER" \ -Bse "CREATE DATABASE comm" fi # Initialize comm user, database, and secrets file for MariaDB # Connecting through socket doesn't require a password userCount=$("${lib.getBin mariadb}/bin/mariadb" -u "$USER" \ -Bse "SELECT COUNT(1) FROM mysql.user WHERE user = 'comm';" ) if [[ "$userCount" -eq 0 ]]; then echo "Creating comm user" >&2 "${lib.getBin mariadb}/bin/mariadb" -u "$USER" \ -Bse "CREATE USER comm@localhost; GRANT ALL ON "'comm.*'" TO comm@localhost;" fi if [[ ! -f "$KEYSERVER_DB_CONFIG" ]]; then echo "Writing connection information to $KEYSERVER_DB_CONFIG" >&2 mkdir -p "$(dirname "$KEYSERVER_DB_CONFIG")" PASS=$("${lib.getBin openssl}/bin/openssl" rand -hex 6) "${lib.getBin mariadb}/bin/mariadb" -u "$USER" \ -Bse "ALTER USER comm@localhost IDENTIFIED BY '$PASS'" # It's very difficult to write json from bash, just copy a nix # file then use sed to subsitute cp "${db_config_template}" "$KEYSERVER_DB_CONFIG" chmod +w "$KEYSERVER_DB_CONFIG" # Nix files are read-only "${gnused}/bin/sed" -i -e "s|PASS|$PASS|g" "$KEYSERVER_DB_CONFIG" fi + # check if MariaDB requires an upgrade + "${lib.getBin mariadb}/bin/mariadb-upgrade" -u "$USER" \ + --socket="$MYSQL_UNIX_PORT" \ + --check-if-upgrade-is-needed >/dev/null 2>&1 + + exit_code=$? + if [[ $exit_code -eq 0 ]]; then + "${lib.getBin mariadb}/bin/mariadb-upgrade" -u "$USER" \ + --socket="$MYSQL_UNIX_PORT" \ + + echo "Upgrade complete" >&2 + fi + # Explicitly exit this script so the parent shell can determine # when it's safe to return control of terminal to user exit 0 ''; }