From c9bf4a2b4a3e3551cded907cc8feacb360f322af Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 6 Jan 2022 00:34:45 +0100
Subject: working prototype

---
 flake.nix | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 73 insertions(+), 5 deletions(-)

(limited to 'flake.nix')

diff --git a/flake.nix b/flake.nix
index 4d18a89..17b8b92 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,7 +6,7 @@
       type = "github";
       owner = "openwrt";
       repo = "openwrt";
-      ref = "openwrt-21.02";
+      ref = "master";
       flake = false;
     };
     flake-utils = {
@@ -21,6 +21,23 @@
       repo = "nixpkgs";
       ref = "master";
     };
+
+    openwrt-packages = {
+      url = "git+https://git.openwrt.org/feed/packages.git";
+      flake = false;
+    };
+    openwrt-luci = {
+      url = "git+https://git.openwrt.org/project/luci.git";
+      flake = false;
+    };
+    openwrt-routing = {
+      url = "git+https://git.openwrt.org/feed/routing.git";
+      flake = false;
+    };
+    openwrt-telephony = {
+      url = "git+https://git.openwrt.org/feed/telephony.git";
+      flake = false;
+    };
   };
 
   outputs = { self, openwrt, nixpkgs, flake-utils, ... }@inputs: flake-utils.lib.eachDefaultSystem (system:
@@ -43,7 +60,7 @@
         inherit targetPkgs;
         extraOutputsToInstall = [ "dev" ];
         profile = ''
-          export hardeningDisable=all
+          export NIX_HARDENING_ENABLE=
         '';
       } // extraAttrs);
       targetPkgs = pkgs: with pkgs; [
@@ -74,16 +91,67 @@
 
         pkgconfig
       ];
+
+      openwrtWithPackages = pkgs.stdenv.mkDerivation {
+        name = "openwrt-with-packages";
+        src = openwrt;
+        patchPhase = let
+          feedsConf = pkgs.writeText "feeds.conf" ''
+            src-link packages ${inputs.openwrt-packages}
+            src-link luci ${inputs.openwrt-luci}
+            src-link routing ${inputs.openwrt-routing}
+            src-link telephony ${inputs.openwrt-telephony}
+          '';
+        in ''
+          rm feeds.conf.default
+          cp ${feedsConf} feeds.conf
+        '';
+        buildPhase = ''
+          ${let
+            runScript = pkgs.writeShellScript "build" ''
+              ./scripts/feeds update -a
+              ./scripts/feeds install -a
+            '';
+          in fhs { inherit runScript; }}/bin/openwrt-env
+        '';
+        installPhase = ''
+          cp -r . $out
+        '';
+      };
     in {
       devShell = pkgs.mkShell {
         name = "openwrt";
         shellHook = let
           setup = pkgs.writeText "setup" ''
-            cd $TMPDIR
-            ${pkgs.rsync}/bin/rsync --chmod D+x,+r,u+w --exclude .keep -rlptD ${openwrt}/. ${./files}/. . 
-            find ${./patches} -type f -name '*.patch' -exec patch '{}' ';';
+            set -ex
+
+            function unpackPhase() {
+              ${pkgs.rsync}/bin/rsync --chmod=u+wX -rlptD ${openwrtWithPackages}/. ${./files}/. ./.
+
+              patchDir=$(mktemp -d patches.XXXXXXXXXX)
+              ${pkgs.rsync}/bin/rsync --chmod=u+wX -rlptD ${./patches}/. "$patchDir/."
+
+              while IFS= read -r -d $'\0' sopsFile; do
+                ${pkgs.sops}/bin/sops --output="''${sopsFile%.sops}" --decrypt "''${sopsFile}"
+                rm "''${sopsFile}"
+              done < <(find ./. "$patchDir" -type f -name '*.sops' -print0)
+
+              while IFS= read -r -d $'\0' patchFile; do
+                patch -p1 --batch <$patchFile
+              done < <(find "$patchDir" -type f -name '*.patch' -print0)
+            }
+
+            function buildPhase() {
+              make -j V=sc
+            }
+
+            set +ex
           '';
         in "exec -- ${fhs { runScript = "bash --init-file ${setup}"; }}/bin/openwrt-env";
       };
+
+      packages = {
+        inherit openwrtWithPackages;
+      };
     });
 }
-- 
cgit v1.2.3