{ description = "A basic Go web server setup"; inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; utils.url = "github:numtide/flake-utils"; portable-svc.url = "git+https://tulpa.dev/cadey/portable-svc.git?ref=main"; }; outputs = { self, nixpkgs, utils, portable-svc }: utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ] (system: let pkgs = import nixpkgs { overlays = [ portable-svc.overlay ]; inherit system; }; version = builtins.substring 0 8 self.lastModifiedDate; in { defaultPackage = pkgs.buildGoModule { pname = "web-server"; inherit version; src = ./.; # This hash locks the dependencies of this package. It is # necessary because of how Go requires network access to resolve # VCS. See https://www.tweag.io/blog/2021-03-04-gomod2nix/ for # details. Normally one can build with a fake sha256 and rely on native Go # mechanisms to tell you what the hash should be or determine what # it should be "out-of-band" with other tooling (eg. gomod2nix). # To begin with it is recommended to set this, but one must # remeber to bump this hash when your dependencies change. #vendorSha256 = pkgs.lib.fakeSha256; vendorSha256 = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo="; }; packages = { docker = let web = self.defaultPackage.${system}; in pkgs.dockerTools.buildLayeredImage { name = web.pname; tag = web.version; contents = [ web ]; config = { Cmd = [ "/bin/web-server" ]; WorkingDir = "/"; }; }; web-service = pkgs.substituteAll { name = "web-server.service"; src = ./systemd/web-server.service.in; web = self.defaultPackage.${system}; }; portable = let web = self.defaultPackage.${system}; in pkgs.portableService { inherit (web) version; name = web.pname; description = "A web server"; units = [ self.packages.${system}.web-service ]; }; }; defaultApp = utils.lib.mkApp { drv = self.defaultPackage.${system}; }; devShell = pkgs.mkShell { buildInputs = with pkgs; [ go gopls goimports go-tools ]; }; }); }