From 8c79c4ff04b8acd0efc5d6a2b11e5aadfce29462 Mon Sep 17 00:00:00 2001
From: Igor Ramazanov <igor.ramazanov@magine.com>
Date: Tue, 11 Mar 2025 15:49:08 +0000
Subject: [PATCH] feat: wip `nix`

Add initial code to be used when working with `nix` and `NixOS`.

* a Nix flake
* building a package
* a NixOS module
---
 .envrc          |  1 +
 flake.lock      | 82 +++++++++++++++++++++++++++++++++++++++++++++++++
 flake.nix       | 62 +++++++++++++++++++++++++++++++++++++
 nix/module.nix  | 53 ++++++++++++++++++++++++++++++++
 nix/package.nix | 53 ++++++++++++++++++++++++++++++++
 5 files changed, 251 insertions(+)
 create mode 100644 .envrc
 create mode 100644 flake.lock
 create mode 100644 flake.nix
 create mode 100644 nix/module.nix
 create mode 100644 nix/package.nix

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..c4b17d7
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use_flake
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..c381c7f
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,82 @@
+{
+  "nodes": {
+    "devshell": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1741473158,
+        "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1741646908,
+        "narHash": "sha256-55a1x5k+oFY2QCFjj7Mn5nPa8Do0shVl0m280mOAW/Q=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "ab0c5b18dab5e4b5d06ed679f8fd7cdc9970c4be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devshell": "devshell",
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..3535390
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,62 @@
+rec {
+  description = "headplane";
+
+  inputs = {
+    devshell = {
+      inputs.nixpkgs.follows = "nixpkgs";
+      url = "github:numtide/devshell";
+    };
+    flake-utils.url = "github:numtide/flake-utils";
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+  };
+
+  outputs = {
+    devshell,
+    flake-utils,
+    nixpkgs,
+    ...
+  }:
+    flake-utils.lib.eachSystem [
+      "aarch64-darwin"
+      "x86_64-darwin"
+      "x86_64-linux"
+    ]
+    (system: let
+      pkgs = import nixpkgs {
+        inherit system;
+        overlays = [devshell.overlays.default];
+      };
+      headplane = pkgs.callPackage ./nix/package.nix {};
+    in {
+      formatter = pkgs.alejandra;
+      packages = {
+        inherit headplane;
+        default = headplane;
+      };
+      devShell = pkgs.devshell.mkShell rec {
+        name = description;
+        motd = let
+          providedPackages =
+            pkgs.lib.fold
+            (pkg: acc: acc + "\n\t* ${pkgs.lib.getName pkg}")
+            ""
+            packages;
+        in ''
+          Entered '${description}' development environment.
+
+          Provided packages:
+          ${providedPackages}
+        '';
+        packages = [
+          pkgs.nodejs-slim_22
+          pkgs.pnpm_10
+          pkgs.typescript-language-server
+        ];
+        env = [];
+      };
+    })
+    // {
+      overlays.default = final: prev: {headplane = final.callPackage ./nix/package.nix {};};
+      nixosModules.headplane = import ./nix/module.nix;
+    };
+}
diff --git a/nix/module.nix b/nix/module.nix
new file mode 100644
index 0000000..e6b8357
--- /dev/null
+++ b/nix/module.nix
@@ -0,0 +1,53 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit
+    (lib)
+    mapAttrs
+    mkEnableOption
+    mkIf
+    mkOption
+    mkPackageOption
+    types
+    ;
+  cfg = config.services.headplane;
+in {
+  options.services.headplane = {
+    enable = mkEnableOption "headplane";
+    package = mkPackageOption pkgs "headplane" {};
+
+    settings = mkOption {
+      type = with types; attrsOf (oneOf [str int]);
+      default = {};
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [cfg.package];
+
+    systemd.services.headplane = {
+      description = "Headscale Web UI";
+
+      wantedBy = ["multi-user.target"];
+      # TODO: Integrate with `headscale` service.
+      after = ["network.target"];
+
+      environment = mapAttrs (_: toString) cfg.settings;
+
+      serviceConfig = {
+        User = config.services.headscale.user;
+        Group = config.services.headscale.group;
+
+        ExecStart = "${pkgs.headplane}/bin/headplane";
+        Restart = "always";
+        RestartSec = 5;
+
+        # TODO: Harden `systemd` security according to the "The Principle of Least Power".
+        # See: `$ systemd-analyze security headplane`.
+      };
+    };
+  };
+}
diff --git a/nix/package.nix b/nix/package.nix
new file mode 100644
index 0000000..7dbb035
--- /dev/null
+++ b/nix/package.nix
@@ -0,0 +1,53 @@
+{
+  git,
+  lib,
+  makeWrapper,
+  nodejs_22,
+  pnpm_10,
+  stdenv,
+  ...
+}:
+stdenv.mkDerivation (finalAttrs: {
+  pname = "headplane";
+
+  # TODO: take the latest `git tag`, if commits do not match, append `-SNAPSHOT`.
+  version = "0.5.3";
+
+  # TODO: requires `.git` directory.
+  src = ../.;
+
+  nativeBuildInputs = [
+    makeWrapper
+    nodejs_22
+    pnpm_10.configHook
+    git
+  ];
+
+  dontCheckForBrokenSymlinks = true;
+
+  pnpmDeps = pnpm_10.fetchDeps {
+    inherit (finalAttrs) pname version src;
+    hash = "sha256-j+3fcxukK19fXVIlVe+tXenYf28MylHy+/qHy7FpvL0=";
+  };
+
+  buildPhase = ''
+    runHook preBuild
+    pnpm build
+    pnpm prune --prod
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/{bin,share/headplane}
+    cp -r {build,node_modules} $out/share/headplane/
+    sed -i 's;/build/source/node_modules/react-router/dist/development/index.mjs;react-router;' $out/share/headplane/build/headplane/server.js
+    sed -i 's;define_process_env_default.PORT;process.env.PORT;' $out/share/headplane/build/headplane/server.js
+    makeWrapper ${lib.getExe nodejs_22} $out/bin/headplane \
+        --chdir $out/share/headplane \
+        --set BUILD_PATH $out/share/headplane/build \
+        --set NODE_ENV production \
+        --add-flags $out/share/headplane/build/headplane/server.js
+    runHook postInstall
+  '';
+})