TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-07-28 14:53:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

.github/Makefile/flake: update nix flake support

Browse Source 
Cleanup nix support, make flake easier to read with nix-systems.
This also harmonizes with golinks flake setup and reduces an input
dependency by 1.

Update deps test to ensure the vendor hash stays harmonized
with go.mod.

Update make tidy to ensure vendor hash stays current.

Updates #16637

Signed-off-by: Mike O'Driscoll <mikeo@tailscale.com>
This commit is contained in:
Mike O'Driscoll 2025-07-23 11:41:05 -04:00
parent f1f334b23d
commit 7d03fb1028
No known key found for this signature in database
4 changed files with 43 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/test.yml vendored
View File

@ -720,10 +720,10 @@ jobs:
- name: check that 'go mod tidy' is clean
working-directory: src
run: |
./tool/go mod tidy
make tidy
echo
echo
git diff --name-only --exit-code || (echo "Please run 'go mod tidy'."; exit 1)
git diff --name-only --exit-code || (echo "Please run 'go mod tidy' and ./update-flake.sh."; exit 1)
licenses:
runs-on: ubuntu-24.04

3
Makefile
View File

@ -8,8 +8,9 @@ PLATFORM ?= "flyio" ## flyio==linux/amd64. Set to "" to build all platforms.
vet: ## Run go vet
./tool/go vet ./...
tidy: ## Run go mod tidy
tidy: ## Run go mod tidy and update nix flake hashes
./tool/go mod tidy
./update-flake.sh
lint: ## Run golangci-lint
./tool/go run github.com/golangci/golangci-lint/cmd/golangci-lint run

22
flake.lock generated
View File

@ -16,24 +16,6 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1753151930,
@ -53,8 +35,8 @@
"root": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"systems": "systems"
}
},
"systems": {

68
flake.nix
View File

@ -32,7 +32,7 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
systems.url = "github:nix-systems/default";
# Used by shell.nix as a compat shim.
flake-compat = {
url = "github:edolstra/flake-compat";
@ -43,13 +43,16 @@
outputs = {
self,
nixpkgs,
flake-utils,
systems,
flake-compat,
}: let
eachSystem = f: nixpkgs.lib.genAttrs (import systems) (s: f nixpkgs.legacyPackages.${s});
# tailscaleRev is the git commit at which this flake was imported,
# or the empty string when building from a local checkout of the
# tailscale repo.
tailscaleRev = self.rev or "";
in {
# tailscale takes a nixpkgs package set, and builds Tailscale from
# the same commit as this flake. IOW, it provides "tailscale built
# from HEAD", where HEAD is "whatever commit you imported the
@ -67,16 +70,21 @@
# So really, this flake is for tailscale devs to dogfood with, if
# you're an end user you should be prepared for this flake to not
# build periodically.
tailscale = pkgs:
pkgs.buildGo124Module rec {
packages = eachSystem (pkgs: rec {
default = pkgs.buildGo124Module {
name = "tailscale";
pname = "tailscale";
src = ./.;
vendorHash = pkgs.lib.fileContents ./go.mod.sri;
nativeBuildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.makeWrapper];
nativeBuildInputs = [pkgs.makeWrapper pkgs.installShellFiles];
ldflags = ["-X tailscale.com/version.gitCommitStamp=${tailscaleRev}"];
env.CGO_ENABLED = 0;
subPackages = ["cmd/tailscale" "cmd/tailscaled"];
subPackages = [
"cmd/tailscale"
"cmd/tailscaled"
"cmd/tsidp"
];
doCheck = false;
# NOTE: We strip the ${PORT} and $FLAGS because they are unset in the
@ -84,32 +92,31 @@
# point, there should be a NixOS module that allows configuration of these
# things, but for now, we hardcode the default of port 41641 (taken from
# ./cmd/tailscaled/tailscaled.defaults).
postInstall = pkgs.lib.optionalString pkgs.stdenv.isLinux ''
wrapProgram $out/bin/tailscaled --prefix PATH : ${pkgs.lib.makeBinPath [pkgs.iproute2 pkgs.iptables pkgs.getent pkgs.shadow]}
wrapProgram $out/bin/tailscale --suffix PATH : ${pkgs.lib.makeBinPath [pkgs.procps]}
postInstall =
pkgs.lib.optionalString pkgs.stdenv.isLinux ''
wrapProgram $out/bin/tailscaled --prefix PATH : ${pkgs.lib.makeBinPath [pkgs.iproute2 pkgs.iptables pkgs.getent pkgs.shadow]}
wrapProgram $out/bin/tailscale --suffix PATH : ${pkgs.lib.makeBinPath [pkgs.procps]}
sed -i \
-e "s#/usr/sbin#$out/bin#" \
-e "/^EnvironmentFile/d" \
-e 's/''${PORT}/41641/' \
-e 's/$FLAGS//' \
./cmd/tailscaled/tailscaled.service
sed -i \
-e "s#/usr/sbin#$out/bin#" \
-e "/^EnvironmentFile/d" \
-e 's/''${PORT}/41641/' \
-e 's/$FLAGS//' \
./cmd/tailscaled/tailscaled.service
install -D -m0444 -t $out/lib/systemd/system ./cmd/tailscaled/tailscaled.service
'';
install -D -m0444 -t $out/lib/systemd/system ./cmd/tailscaled/tailscaled.service
''
+ pkgs.lib.optionalString (pkgs.stdenv.buildPlatform.canExecute pkgs.stdenv.hostPlatform) ''
installShellCompletion --cmd tailscale \
--bash <($out/bin/tailscale completion bash) \
--fish <($out/bin/tailscale completion fish) \
--zsh <($out/bin/tailscale completion zsh)
'';
};
tailscale = default;
});
# This whole blob makes the tailscale package available for all
# OS/CPU combos that nix supports, as well as a dev shell so that
# "nix develop" and "nix-shell" give you a dev env.
flakeForSystem = nixpkgs: system: let
pkgs = nixpkgs.legacyPackages.${system};
ts = tailscale pkgs;
in {
packages = {
default = ts;
tailscale = ts;
};
devShells = eachSystem (pkgs: {
devShell = pkgs.mkShell {
packages = with pkgs; [
curl
@ -126,9 +133,8 @@
e2fsprogs
];
};
};
in
flake-utils.lib.eachDefaultSystem (system: flakeForSystem nixpkgs system);
});
};
}
# nix-direnv cache busting line: sha256-4QTSspHLYJfzlontQ7msXyOB5gzq7ZwSvWmKuYY5klA=