{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
nixpkgs,
flake-utils,
pre-commit-hooks,
rust-overlay,
treefmt-nix,
...
}:
flake-utils.lib.eachDefaultSystem (
system:
let
pkgs = import nixpkgs {
inherit system;
overlays = [ (import rust-overlay) ];
};
inherit (pkgs) mkShell;
rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
rustPlatform = pkgs.makeRustPlatform {
rustc = rust;
cargo = rust;
};
formatter =
(treefmt-nix.lib.evalModule pkgs {
projectRootFile = "flake.nix";
settings = {
allow-missing-formatter = true;
verbose = 0;
global.excludes = [ "*.lock" ];
formatter = {
nixfmt.options = [ "--strict" ];
rustfmt.package = rust;
};
};
programs = {
nixfmt.enable = true;
prettier.enable = true;
rustfmt = {
enable = true;
package = rust;
};
taplo.enable = true;
};
}).config.build.wrapper;
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
deadnix.enable = true;
nixfmt-rfc-style.enable = true;
treefmt = {
enable = true;
package = formatter;
};
};
};
in
{
packages.default = rustPlatform.buildRustPackage {
name = "ai-jail";
src = ./.;
cargoLock.lockFile = ./Cargo.lock;
buildInputs = [ pkgs.bubblewrap ];
nativeBuildInputs = [ pkgs.makeWrapper ];
postFixup = ''
wrapProgram "$out/bin/ai-jail" \
--set BWRAP_BIN "${pkgs.bubblewrap}/bin/bwrap"
'';
};
formatter = formatter;
checks = { inherit pre-commit-check; };
devShells.default = mkShell {
name = "ai-jail";
buildInputs = [
rust
formatter
];
};
}
);
}