malpercio.dev / ezpds
An easy-to-host PDS on the ATProtocol, MacOS. Grandma-approved.
fork atom

feat(MM-64): add Nix flake + devenv development shell #2

merged opened by malpercio.dev targeting main from MM-64

Summary#

  • Adds flake.nix, devenv.nix, rust-toolchain.toml, and .envrc to provide a reproducible Nix-based dev shell via devenv
  • Pins the Rust stable toolchain with rustfmt, clippy, and rust-analyzer; includes just, cargo-audit, sqlite, and pkg-config as shell packages
  • Generates and commits flake.lock after verifying all 14 automatable acceptance criteria pass on macOS (aarch64-darwin)

Notes#

nix develop requires --impure --accept-flake-config due to devenv's need to read $PWD at evaluation time. The rust-overlay input was added as an explicit flake input (devenv's languages.rust module requires it directly when using toolchainFile).

Test Plan#

  • nix develop --impure --accept-flake-config activates shell on macOS
  • rustc --version → stable (1.94.0), cargo, rust-analyzer, clippy, rustfmt, just, cargo-audit, sqlite3, pkg-config --libs sqlite3 all verified
  • flake.lock committed and tracked by git
  • flake.nix has no packages or nixosModules outputs
  • Linux (x86_64-linux) verification — needs CI or contributor on Linux
  • rustup show reads rust-toolchain.toml without Nix
  • direnv allow activates shell automatically on cd

Full human test plan: docs/test-plans/2026-03-07-MM-64.md

Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:web:malpercio.dev/sh.tangled.repo.pull/3mgjf5myesb22
+706
Diff #1
+1
.envrc
··· 1 + use flake
+5
.gitignore
··· 15 15 .env 16 16 .env.local 17 17 .env.*.local 18 + 19 + # Nix / devenv 20 + .devenv/ 21 + .direnv/ 22 + devenv.local.nix
+41
CLAUDE.md
··· 1 + # ezpds 2 + 3 + Last verified: 2026-03-07 4 + 5 + ## Tech Stack 6 + - Language: Rust (stable channel via rust-toolchain.toml) 7 + - Build: Cargo workspace (resolver v2) 8 + - Dev Environment: Nix flake + devenv (direnv integration via .envrc) 9 + - Task Runner: just 10 + 11 + ## Commands 12 + - `nix develop --impure --accept-flake-config` - Enter dev shell (flags required; --impure for devenv CWD detection, --accept-flake-config activates the Cachix binary cache in nixConfig — without it, a cold build takes 20+ minutes) 13 + - `cargo build` - Build all crates 14 + - `cargo test` - Run all tests 15 + - `cargo clippy` - Lint 16 + - `cargo fmt --check` - Check formatting 17 + 18 + ## Dev Environment 19 + - Managed entirely by Nix flake + devenv; do not install tools globally 20 + - direnv auto-activates via `.envrc` (`use flake`) 21 + - Rust toolchain pinned in `rust-toolchain.toml` (stable, with rustfmt + clippy + rust-analyzer) 22 + - Shell provides: just, cargo-audit, sqlite (runtime binary + dev headers/library for rusqlite), pkg-config 23 + - `LIBSQLITE3_SYS_USE_PKG_CONFIG=1` is set automatically by devenv 24 + - Binary cache: devenv.cachix.org (activated by `--accept-flake-config`); speeds up cold shell builds significantly 25 + - nixpkgs pin: `cachix/devenv-nixpkgs/rolling` (devenv's own nixpkgs fork — package versions may differ from upstream nixpkgs.search.dev) 26 + 27 + ## Project Structure 28 + - `crates/relay/` - Web relay (axum-based) 29 + - `crates/repo-engine/` - ATProto repo engine 30 + - `crates/crypto/` - Cryptographic operations 31 + - `crates/common/` - Shared types and utilities 32 + - `docs/` - Specs, design plans, implementation plans 33 + 34 + ## Conventions 35 + - Workspace-level dependency versions in root Cargo.toml; crates use `{ workspace = true }` 36 + - All crates share version (0.1.0) and edition (2021) via workspace.package 37 + - publish = false (not intended for crates.io) 38 + 39 + ## Boundaries 40 + - Never edit: `flake.lock` by hand (managed by `nix flake update`) 41 + - Never edit: `devenv.local.nix` is gitignored for local overrides only
+16
devenv.nix
··· 1 + { pkgs, ... }: 2 + { 3 + languages.rust = { 4 + enable = true; 5 + toolchainFile = ./rust-toolchain.toml; 6 + }; 7 + 8 + packages = [ 9 + pkgs.just 10 + pkgs.cargo-audit 11 + pkgs.sqlite 12 + pkgs.pkg-config 13 + ]; 14 + 15 + env.LIBSQLITE3_SYS_USE_PKG_CONFIG = "1"; 16 + }
+132
docs/design-plans/2026-03-07-MM-64.md
··· 1 + # MM-64: Nix Flake + devenv Development Shell 2 + 3 + ## Summary 4 + 5 + MM-64 establishes a reproducible development environment for the ezpds Rust workspace using Nix and devenv. The goal is a single command — `nix develop` — that drops any contributor into a shell with the exact same Rust stable toolchain, language tooling (rust-analyzer, clippy, rustfmt), build utilities (just, cargo-audit), and SQLite libraries, regardless of what is already installed on their machine. 6 + 7 + The implementation is intentionally narrow: three configuration files (`flake.nix`, `devenv.nix`, `rust-toolchain.toml`) and two companion files (`.envrc`, `flake.lock`) at the repo root. `rust-toolchain.toml` serves as the single source of truth for the Rust version, making it readable both by devenv inside Nix and by rustup outside it — so contributors who do not use Nix still get the correct toolchain automatically. A Cachix binary cache is wired in via `nixConfig` to avoid 20+ minute cold builds. Build derivations and NixOS system modules are explicitly out of scope; this ticket delivers only the dev shell. 8 + 9 + ## Definition of Done 10 + 11 + A `flake.nix` at the repo root wires devenv into the Nix flake system. A `devenv.nix` configures the development shell. Running `nix develop` drops contributors into a shell with the Rust stable toolchain (rustc, cargo, rust-analyzer, clippy, rustfmt), SQLite dev libraries, `just`, and `cargo-audit`. A `rust-toolchain.toml` pins the toolchain version in a rustup-compatible way. A `.envrc` with `use flake` is committed for direnv users. A `flake.lock` is committed. Build outputs and NixOS modules are explicitly out of scope. 12 + 13 + ## Acceptance Criteria 14 + 15 + ### MM-64.AC1: Dev shell activates 16 + - **MM-64.AC1.1 Success:** `nix develop` completes without error on macOS (aarch64-darwin or x86_64-darwin) 17 + - **MM-64.AC1.2 Success:** `nix develop` completes without error on Linux (x86_64-linux) 18 + 19 + ### MM-64.AC2: Required tools are present in the shell 20 + - **MM-64.AC2.1 Success:** `rustc --version` outputs a stable Rust release (not nightly, not beta) 21 + - **MM-64.AC2.2 Success:** `cargo --version` is available 22 + - **MM-64.AC2.3 Success:** `rust-analyzer --version` is available 23 + - **MM-64.AC2.4 Success:** `cargo clippy --version` is available 24 + - **MM-64.AC2.5 Success:** `rustfmt --version` is available 25 + - **MM-64.AC2.6 Success:** `just --version` is available 26 + - **MM-64.AC2.7 Success:** `cargo audit --version` is available 27 + - **MM-64.AC2.8 Success:** `sqlite3 --version` is available and SQLite dev headers are accessible via `pkg-config` 28 + 29 + ### MM-64.AC3: Rust version is governed by rust-toolchain.toml 30 + - **MM-64.AC3.1 Success:** The Rust version inside the shell matches the `stable` channel as specified in `rust-toolchain.toml` 31 + - **MM-64.AC3.2 Success:** `rustup` on the same machine reads `rust-toolchain.toml` and resolves to the same Rust version without Nix 32 + 33 + ### MM-64.AC4: direnv integration is committed 34 + - **MM-64.AC4.1 Success:** `.envrc` contains `use flake` and is tracked by git (`git ls-files .envrc` returns it) 35 + - **MM-64.AC4.2 Success:** `direnv allow` in repo root activates the shell automatically on `cd` 36 + 37 + ### MM-64.AC5: flake.lock is committed 38 + - **MM-64.AC5.1 Success:** `flake.lock` exists at repo root and is tracked by git 39 + 40 + ### MM-64.AC6: Scope boundaries 41 + - **MM-64.AC6.1 Negative:** `flake.nix` defines no `packages` output (no build derivations) 42 + - **MM-64.AC6.2 Negative:** `flake.nix` defines no `nixosModules` output 43 + 44 + ## Glossary 45 + 46 + - **Nix**: A purely functional package manager that builds software in isolated, reproducible environments. Packages are described as expressions; builds are hermetic and content-addressed. 47 + - **Nix flake**: A standardized Nix project format. A `flake.nix` file declares named *inputs* (dependencies) and *outputs* (shells, packages, modules). A corresponding `flake.lock` pins every input to an exact content hash. 48 + - **flake.lock**: An auto-generated lockfile that records the exact revision and hash of every flake input. Committing it ensures every contributor resolves the same dependency versions. 49 + - **devenv**: A Nix-based tool (from Cachix) for declaring development shell environments. It wraps lower-level Nix plumbing and provides higher-level configuration options like `languages.rust`. 50 + - **devShell**: A Nix flake output type representing a shell environment (`nix develop` enters it). This ticket produces only a `devShells.default` output — no `packages` or `nixosModules`. 51 + - **nixpkgs**: The main package repository for Nix, containing tens of thousands of software packages. devenv uses its own curated fork (`devenv-nixpkgs/rolling`) for compatibility. 52 + - **rust-overlay**: A Nix overlay (provided by `oxalica/rust-overlay`, used internally by devenv) that surfaces rustup toolchain files as Nix derivations. It is how devenv reads `rust-toolchain.toml`. 53 + - **rust-toolchain.toml**: A rustup-standard file that pins a Rust channel, version, components, and targets. Both rustup and rust-overlay/devenv read this file, making it the single source of truth in this design. 54 + - **rustup**: The official Rust toolchain installer and version manager. Reads `rust-toolchain.toml` natively; relevant here because non-Nix contributors rely on it directly. 55 + - **rust-analyzer**: The official Rust language server, used by editors for inline type hints, error checking, and code navigation. 56 + - **clippy**: The official Rust linter (`cargo clippy`). Catches common correctness and style issues beyond what the compiler reports. 57 + - **rustfmt**: The official Rust code formatter (`rustfmt`/`cargo fmt`). 58 + - **just**: A command runner (similar in purpose to `make`) used in this project to define project-level task shortcuts. 59 + - **cargo-audit**: A Cargo subcommand that checks `Cargo.lock` against the RustSec advisory database for known security vulnerabilities in dependencies. 60 + - **SQLite dev libraries**: The C library and header files for SQLite. Required at build time for Rust crates that link against libsqlite3 (e.g., `rusqlite`). `pkg-config` is used by the Rust build system to locate them. 61 + - **pkg-config**: A system tool that reports compiler and linker flags for installed C libraries. Cargo uses it to find native dependencies like SQLite. 62 + - **direnv**: A shell extension that automatically loads (and unloads) environment variables when you `cd` into a directory. The `.envrc` file in a project root contains the hook; `direnv allow` opts the directory in. 63 + - **`.envrc`**: The configuration file read by direnv. In this design it contains a single line, `use flake`, which tells direnv to activate the Nix dev shell automatically. 64 + - **Cachix**: A binary cache hosting service for Nix. Pre-built Nix derivations are fetched from Cachix instead of being compiled locally, dramatically reducing cold-start time. 65 + - **substituter**: Nix terminology for a binary cache source. The `nixConfig.extra-substituters` field in `flake.nix` registers Cachix as a substituter so Nix fetches pre-built outputs rather than building from source. 66 + - **nix-systems**: A small flake (`nix-systems/default`) that provides a canonical list of supported system architectures (e.g., `aarch64-darwin`, `x86_64-linux`). Used here in place of a heavier flake framework like flake-parts. 67 + - **aarch64-darwin / x86_64-darwin / x86_64-linux**: Nix system identifiers. `aarch64-darwin` = Apple Silicon Mac, `x86_64-darwin` = Intel Mac, `x86_64-linux` = 64-bit Linux. Acceptance criteria require the shell to work on all three. 68 + - **devenv.local.nix**: An optional, git-ignored override file that devenv merges with `devenv.nix`. Intended for contributor-local machine-specific configuration. 69 + 70 + ## Architecture 71 + 72 + Minimal Nix flake with devenv as the sole output. Three configuration files govern the dev shell; a fourth enables automatic activation via direnv. 73 + 74 + ``` 75 + repo root/ 76 + ├── flake.nix # Nix entry point — wires devenv, sets Cachix substituter 77 + ├── devenv.nix # Dev shell config — Rust toolchain + packages 78 + ├── rust-toolchain.toml # Toolchain pin — read by both devenv and rustup 79 + ├── .envrc # Direnv hook — `use flake` 80 + └── flake.lock # Input pins — generated by nix develop, committed 81 + ``` 82 + 83 + `flake.nix` has three inputs: `devenv-nixpkgs/rolling` (devenv's curated nixpkgs fork), `cachix/devenv`, and `nix-systems/default` (provides the default system list for multi-arch support without requiring flake-parts). The `nixConfig` block configures Cachix as a binary cache substituter — without it, the first `nix develop` run builds devenv's dependencies from source, which can take 20+ minutes. 84 + 85 + `devenv.nix` uses `languages.rust.toolchainFile = ./rust-toolchain.toml` to wire in the toolchain. devenv does not auto-detect `rust-toolchain.toml`; the explicit path is required. Extra packages (`just`, `cargo-audit`, `sqlite`) go in the `packages` list alongside the Rust config. 86 + 87 + `rust-toolchain.toml` is the single source of truth for the Rust version. devenv reads it via rust-overlay's `fromRustupToolchainFile`. rustup also reads it natively, so contributors not using Nix get the same toolchain. 88 + 89 + ## Existing Patterns 90 + 91 + No prior Nix files exist in the repository. This is a greenfield setup. 92 + 93 + The workspace already has a `.gitignore` with Rust and editor exclusions. This design appends Nix-specific entries (`.devenv/`, `.direnv/`, `devenv.local.nix`) to the existing file rather than replacing it. 94 + 95 + ## Implementation Phases 96 + 97 + <!-- START_PHASE_1 --> 98 + ### Phase 1: Write configuration files 99 + **Goal:** Produce all static configuration files for the dev shell. 100 + 101 + **Components:** 102 + - `flake.nix` — three-input minimal flake with Cachix `nixConfig` and `devenv.lib.mkShell` for `devShells.default` 103 + - `devenv.nix` — `languages.rust.toolchainFile = ./rust-toolchain.toml`, `packages = [pkgs.just pkgs.cargo-audit pkgs.sqlite]` 104 + - `rust-toolchain.toml` — `channel = "stable"`, `components = ["rustfmt" "clippy" "rust-analyzer"]`, `targets = ["aarch64-apple-darwin" "x86_64-unknown-linux-gnu"]` 105 + - `.envrc` — single line: `use flake` 106 + - `.gitignore` — append `.devenv/`, `.direnv/`, `devenv.local.nix` 107 + 108 + **Dependencies:** None (first phase) 109 + 110 + **Done when:** All five files exist at repo root with correct contents; `.gitignore` includes the three Nix entries 111 + <!-- END_PHASE_1 --> 112 + 113 + <!-- START_PHASE_2 --> 114 + ### Phase 2: Generate flake.lock and commit 115 + **Goal:** Run `nix develop` to resolve and pin all flake inputs, then commit everything. 116 + 117 + **Components:** 118 + - `flake.lock` — generated by running `nix develop` for the first time 119 + - Git commit — all six files (`flake.nix`, `devenv.nix`, `rust-toolchain.toml`, `.envrc`, `.gitignore`, `flake.lock`) committed together 120 + 121 + **Dependencies:** Phase 1 (all configuration files present) 122 + 123 + **Done when:** `nix develop` exits successfully; `flake.lock` exists and is committed; all required tools (`rustc`, `cargo`, `rust-analyzer`, `clippy`, `rustfmt`, `just`, `cargo-audit`, `sqlite3`) are available inside the shell 124 + <!-- END_PHASE_2 --> 125 + 126 + ## Additional Considerations 127 + 128 + **Non-Nix contributors:** `rust-toolchain.toml` is read by rustup directly. Contributors who install Rust via rustup outside Nix will automatically get the same stable channel and components. 129 + 130 + **Cachix key rotation:** The `extra-trusted-public-keys` value in `flake.nix` is devenv's current public key. If Cachix rotates this key, the first `nix develop` after rotation will fall back to building from source. Check devenv's docs for the updated key when upgrading devenv. 131 + 132 + **`devenv.local.nix`:** Excluded from `.gitignore` by convention. Contributors can use this file for machine-specific overrides without affecting the shared config.
+107
docs/test-plans/2026-03-07-MM-64.md
··· 1 + # Human Test Plan: MM-64 Nix Flake + devenv Dev Shell 2 + 3 + **Branch:** MM-64 4 + **Base commit:** 0638285 5 + **HEAD commit:** 1cc5cbb 6 + **Generated:** 2026-03-07 7 + 8 + --- 9 + 10 + ## Prerequisites 11 + 12 + - macOS machine with Nix installed (multi-user or single-user) 13 + - The `ezpds` repository cloned and checked out at the MM-64 branch (commit `1cc5cbb` or later) 14 + - `direnv` installed and hooked into the user's shell (for HV-3) 15 + - Access to a Linux x86_64 machine or CI runner with Nix installed (for HV-1) 16 + - `rustup` installed outside of Nix (for HV-2) 17 + - All automated operational tests passing 18 + 19 + **Note:** All `nix develop` commands require the `--impure` flag due to devenv's requirement to access `$PWD`. Without it, devenv fails with "devenv was not able to determine the current directory". 20 + 21 + --- 22 + 23 + ## Phase 1: Static File Verification 24 + 25 + | Step | Action | Expected | 26 + |------|--------|----------| 27 + | 1.1 | Open `flake.nix` and inspect the `outputs` attribute | Only `devShells` is defined. No `packages`, `nixosModules`, `nixosConfigurations`, or other outputs present. | 28 + | 1.2 | Open `flake.nix` and inspect the `inputs.systems` attribute | Set to `github:nix-systems/default`, which provides `aarch64-darwin`, `x86_64-darwin`, `x86_64-linux`, and `aarch64-linux`. | 29 + | 1.3 | Open `rust-toolchain.toml` | Contains `channel = "stable"` and `components = ["rustfmt", "clippy", "rust-analyzer"]`. | 30 + | 1.4 | Open `devenv.nix` | Contains `languages.rust.enable = true`, `toolchainFile = ./rust-toolchain.toml`, and packages list with `just`, `cargo-audit`, `sqlite`, `pkg-config`. Also sets `LIBSQLITE3_SYS_USE_PKG_CONFIG = "1"`. | 31 + | 1.5 | Open `.envrc` | Contains exactly `use flake` (one line). | 32 + | 1.6 | Run `git ls-files --error-unmatch .envrc flake.nix devenv.nix rust-toolchain.toml flake.lock .gitignore` from repo root | Command exits 0 (all six files are tracked by git). | 33 + 34 + --- 35 + 36 + ## Phase 2: Operational Verification (macOS) 37 + 38 + | Step | Action | Expected | 39 + |------|--------|----------| 40 + | 2.1 | `nix develop --impure --command bash -c 'echo "shell activated"'` | Prints "shell activated" and exits with code 0. devenv task output may appear on stderr (normal). | 41 + | 2.2 | `nix develop --impure --command bash -c 'rustc --version'` | Prints a stable Rust version (e.g. `rustc 1.XX.0 (...)`). No "nightly" or "beta" in the output. | 42 + | 2.3 | `nix develop --impure --command bash -c 'cargo --version && rust-analyzer --version && cargo clippy --version && rustfmt --version && just --version && cargo-audit --version'` | All six commands succeed (exit 0). Each prints a version string. (`cargo-audit --version` — note the hyphen; the Cargo subcommand `cargo audit --version` doubles the name in output.) | 43 + | 2.6 | `nix develop --impure --command cargo check` | Cargo type-checks all workspace crates. Exit code 0. Confirms toolchain, sqlite3 headers, and pkg-config integrate correctly. | 44 + | 2.4 | `nix develop --impure --command bash -c 'sqlite3 --version && pkg-config --libs sqlite3'` | sqlite3 prints a version (3.x.x). pkg-config prints `-L/nix/store/.../lib -lsqlite3`. Both succeed. | 45 + | 2.5 | `nix develop --impure --command bash -c 'echo $LIBSQLITE3_SYS_USE_PKG_CONFIG'` | Prints `1`. | 46 + 47 + --- 48 + 49 + ## End-to-End: Fresh Clone to Working Dev Shell 50 + 51 + **Purpose:** Validates that a new contributor can go from `git clone` to a fully working development environment with zero manual dependency installation beyond Nix itself. 52 + 53 + 1. Clone the repository to a temporary directory: `git clone <repo-url> /tmp/ezpds-test && cd /tmp/ezpds-test && git checkout MM-64` 54 + 2. Run `nix develop --impure --command bash -c 'rustc --version && cargo --version && just --version && sqlite3 --version'` 55 + 3. **Expected:** First run may take several minutes (downloading Nix store paths). All four commands succeed. The Rust version is stable. 56 + 4. Run `nix develop --impure --command cargo check` from the repo root. 57 + 5. **Expected:** Cargo resolves dependencies and type-checks the workspace. Exit code 0. Confirms the toolchain, sqlite3 headers, and pkg-config all integrate correctly for an actual build. 58 + 6. Clean up: `rm -rf /tmp/ezpds-test` 59 + 60 + --- 61 + 62 + ## End-to-End: direnv Integration 63 + 64 + **Purpose:** Validates that `.envrc` + `use flake` provides automatic shell activation when entering the project directory. 65 + 66 + 1. Ensure direnv is installed: `direnv version` (should print a version). 67 + 2. Ensure direnv is hooked into your shell. For zsh, verify `eval "$(direnv hook zsh)"` is in `~/.zshrc`. For bash, verify `eval "$(direnv hook bash)"` is in `~/.bashrc`. 68 + 3. Navigate to repo root: `cd /path/to/ezpds` 69 + 4. Run `direnv allow` to approve the `.envrc` file. 70 + 5. Navigate away: `cd /tmp` 71 + 6. Navigate back: `cd /path/to/ezpds` 72 + 7. **Expected:** direnv prints loading/activation messages. After activation completes, run `which rustc` — it should point to a path inside `/nix/store/`, not a system rustc. 73 + 8. Run `rustc --version` — should match the stable version seen in Phase 2 tests. 74 + 75 + --- 76 + 77 + ## Human Verification Required 78 + 79 + | ID | Criterion | Why Manual | Steps | 80 + |----|-----------|------------|-------| 81 + | HV-1 | MM-64.AC1.2: Dev shell activates on Linux (x86_64-linux) | Cannot test on macOS; requires a Linux machine or CI runner | On an x86_64-linux machine with Nix installed, clone the repo, checkout MM-64, and run `nix develop --impure --command bash -c 'rustc --version && echo "Linux shell OK"'`. Expected: exit code 0, stable rustc version printed, "Linux shell OK" printed. | 82 + | HV-2 | MM-64.AC3.2: rustup reads rust-toolchain.toml without Nix | Must run outside the Nix shell on a machine with rustup installed | 1. Ensure rustup is installed (`rustup --version` outside any Nix shell). 2. From repo root, without entering `nix develop`, run `rustup show`. 3. Expected: output includes "stable" as the active toolchain, references `rust-toolchain.toml` as the override source, and shows a Rust version consistent with the stable channel. | 83 + | HV-3 | MM-64.AC4.2: direnv activates shell on `cd` | Requires an interactive shell session with direnv hooked in | See "End-to-End: direnv Integration" above. Key pass condition: after `direnv allow` and re-entering the directory, `which rustc` resolves to a `/nix/store/` path. | 84 + 85 + --- 86 + 87 + ## Traceability 88 + 89 + | Acceptance Criterion | Automated | Manual Step | 90 + |----------------------|-----------|-------------| 91 + | MM-64.AC1.1: nix develop succeeds on macOS | PASS | Phase 2, Step 2.1 | 92 + | MM-64.AC1.2: nix develop succeeds on Linux | N/A | HV-1 | 93 + | MM-64.AC2.1: rustc is stable | PASS | Phase 2, Step 2.2 | 94 + | MM-64.AC2.2: cargo available | PASS | Phase 2, Step 2.3 | 95 + | MM-64.AC2.3: rust-analyzer available | PASS | Phase 2, Step 2.3 | 96 + | MM-64.AC2.4: clippy available | PASS | Phase 2, Step 2.3 | 97 + | MM-64.AC2.5: rustfmt available | PASS | Phase 2, Step 2.3 | 98 + | MM-64.AC2.6: just available | PASS | Phase 2, Step 2.3 | 99 + | MM-64.AC2.7: cargo-audit available | PASS | Phase 2, Step 2.3 | 100 + | MM-64.AC2.8: sqlite3 + pkg-config | PASS | Phase 2, Step 2.4 | 101 + | MM-64.AC3.1: Rust version matches rust-toolchain.toml | PASS | Phase 2, Step 2.2 | 102 + | MM-64.AC3.2: rustup reads rust-toolchain.toml | N/A | HV-2 | 103 + | MM-64.AC4.1: .envrc tracked with `use flake` | PASS | Phase 1, Step 1.5 | 104 + | MM-64.AC4.2: direnv activates on cd | N/A | HV-3 | 105 + | MM-64.AC5.1: flake.lock tracked by git | PASS | Phase 1, Step 1.6 | 106 + | MM-64.AC6.1: no packages output | PASS | Phase 1, Step 1.1 | 107 + | MM-64.AC6.2: no nixosModules output | PASS | Phase 1, Step 1.1 |
+367
flake.lock
··· 1 + { 2 + "nodes": { 3 + "cachix": { 4 + "inputs": { 5 + "devenv": [ 6 + "devenv" 7 + ], 8 + "flake-compat": [ 9 + "devenv", 10 + "flake-compat" 11 + ], 12 + "git-hooks": [ 13 + "devenv", 14 + "git-hooks" 15 + ], 16 + "nixpkgs": [ 17 + "devenv", 18 + "nixpkgs" 19 + ] 20 + }, 21 + "locked": { 22 + "lastModified": 1767714506, 23 + "narHash": "sha256-WaTs0t1CxhgxbIuvQ97OFhDTVUGd1HA+KzLZUZBhe0s=", 24 + "owner": "cachix", 25 + "repo": "cachix", 26 + "rev": "894c649f0daaa38bbcfb21de64be47dfa7cd0ec9", 27 + "type": "github" 28 + }, 29 + "original": { 30 + "owner": "cachix", 31 + "ref": "latest", 32 + "repo": "cachix", 33 + "type": "github" 34 + } 35 + }, 36 + "devenv": { 37 + "inputs": { 38 + "cachix": "cachix", 39 + "flake-compat": "flake-compat", 40 + "flake-parts": "flake-parts", 41 + "git-hooks": "git-hooks", 42 + "nix": "nix", 43 + "nixd": "nixd", 44 + "nixpkgs": "nixpkgs" 45 + }, 46 + "locked": { 47 + "lastModified": 1772928624, 48 + "narHash": "sha256-XL8UgPefqC2ztBNZm+F5WJy4E2LCENLdg4ttHJd2Wpw=", 49 + "owner": "cachix", 50 + "repo": "devenv", 51 + "rev": "91fbfc297c9f48977b06b78c328c852acf8f844a", 52 + "type": "github" 53 + }, 54 + "original": { 55 + "owner": "cachix", 56 + "repo": "devenv", 57 + "type": "github" 58 + } 59 + }, 60 + "flake-compat": { 61 + "flake": false, 62 + "locked": { 63 + "lastModified": 1767039857, 64 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 65 + "owner": "edolstra", 66 + "repo": "flake-compat", 67 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 68 + "type": "github" 69 + }, 70 + "original": { 71 + "owner": "edolstra", 72 + "repo": "flake-compat", 73 + "type": "github" 74 + } 75 + }, 76 + "flake-parts": { 77 + "inputs": { 78 + "nixpkgs-lib": [ 79 + "devenv", 80 + "nixpkgs" 81 + ] 82 + }, 83 + "locked": { 84 + "lastModified": 1772408722, 85 + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", 86 + "owner": "hercules-ci", 87 + "repo": "flake-parts", 88 + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", 89 + "type": "github" 90 + }, 91 + "original": { 92 + "owner": "hercules-ci", 93 + "repo": "flake-parts", 94 + "type": "github" 95 + } 96 + }, 97 + "flake-root": { 98 + "locked": { 99 + "lastModified": 1723604017, 100 + "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", 101 + "owner": "srid", 102 + "repo": "flake-root", 103 + "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", 104 + "type": "github" 105 + }, 106 + "original": { 107 + "owner": "srid", 108 + "repo": "flake-root", 109 + "type": "github" 110 + } 111 + }, 112 + "git-hooks": { 113 + "inputs": { 114 + "flake-compat": [ 115 + "devenv", 116 + "flake-compat" 117 + ], 118 + "gitignore": "gitignore", 119 + "nixpkgs": [ 120 + "devenv", 121 + "nixpkgs" 122 + ] 123 + }, 124 + "locked": { 125 + "lastModified": 1772665116, 126 + "narHash": "sha256-XmjUDG/J8Z8lY5DVNVUf5aoZGc400FxcjsNCqHKiKtc=", 127 + "owner": "cachix", 128 + "repo": "git-hooks.nix", 129 + "rev": "39f53203a8458c330f61cc0759fe243f0ac0d198", 130 + "type": "github" 131 + }, 132 + "original": { 133 + "owner": "cachix", 134 + "repo": "git-hooks.nix", 135 + "type": "github" 136 + } 137 + }, 138 + "gitignore": { 139 + "inputs": { 140 + "nixpkgs": [ 141 + "devenv", 142 + "git-hooks", 143 + "nixpkgs" 144 + ] 145 + }, 146 + "locked": { 147 + "lastModified": 1709087332, 148 + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", 149 + "owner": "hercules-ci", 150 + "repo": "gitignore.nix", 151 + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", 152 + "type": "github" 153 + }, 154 + "original": { 155 + "owner": "hercules-ci", 156 + "repo": "gitignore.nix", 157 + "type": "github" 158 + } 159 + }, 160 + "nix": { 161 + "inputs": { 162 + "flake-compat": [ 163 + "devenv", 164 + "flake-compat" 165 + ], 166 + "flake-parts": [ 167 + "devenv", 168 + "flake-parts" 169 + ], 170 + "git-hooks-nix": [ 171 + "devenv", 172 + "git-hooks" 173 + ], 174 + "nixpkgs": [ 175 + "devenv", 176 + "nixpkgs" 177 + ], 178 + "nixpkgs-23-11": [ 179 + "devenv" 180 + ], 181 + "nixpkgs-regression": [ 182 + "devenv" 183 + ] 184 + }, 185 + "locked": { 186 + "lastModified": 1772748357, 187 + "narHash": "sha256-vtf03lfgQKNkPH9FdXdboBDS5DtFkXB8xRw5EBpuDas=", 188 + "owner": "cachix", 189 + "repo": "nix", 190 + "rev": "41eee9d3b1f611b1b90d51caa858b6d83834c44a", 191 + "type": "github" 192 + }, 193 + "original": { 194 + "owner": "cachix", 195 + "ref": "devenv-2.32", 196 + "repo": "nix", 197 + "type": "github" 198 + } 199 + }, 200 + "nixd": { 201 + "inputs": { 202 + "flake-parts": [ 203 + "devenv", 204 + "flake-parts" 205 + ], 206 + "flake-root": "flake-root", 207 + "nixpkgs": [ 208 + "devenv", 209 + "nixpkgs" 210 + ], 211 + "treefmt-nix": "treefmt-nix" 212 + }, 213 + "locked": { 214 + "lastModified": 1772441848, 215 + "narHash": "sha256-H3W5PSJQTh8Yp51PGU3GUoGCcrD+y7nCsxYHQr+Orvw=", 216 + "owner": "nix-community", 217 + "repo": "nixd", 218 + "rev": "c896f916addae5b133ee0f4f01f9cd93906f62ea", 219 + "type": "github" 220 + }, 221 + "original": { 222 + "owner": "nix-community", 223 + "repo": "nixd", 224 + "type": "github" 225 + } 226 + }, 227 + "nixpkgs": { 228 + "inputs": { 229 + "nixpkgs-src": "nixpkgs-src" 230 + }, 231 + "locked": { 232 + "lastModified": 1772749504, 233 + "narHash": "sha256-eqtQIz0alxkQPym+Zh/33gdDjkkch9o6eHnMPnXFXN0=", 234 + "owner": "cachix", 235 + "repo": "devenv-nixpkgs", 236 + "rev": "08543693199362c1fddb8f52126030d0d374ba2e", 237 + "type": "github" 238 + }, 239 + "original": { 240 + "owner": "cachix", 241 + "ref": "rolling", 242 + "repo": "devenv-nixpkgs", 243 + "type": "github" 244 + } 245 + }, 246 + "nixpkgs-src": { 247 + "flake": false, 248 + "locked": { 249 + "lastModified": 1772173633, 250 + "narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=", 251 + "owner": "NixOS", 252 + "repo": "nixpkgs", 253 + "rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6", 254 + "type": "github" 255 + }, 256 + "original": { 257 + "owner": "NixOS", 258 + "ref": "nixpkgs-unstable", 259 + "repo": "nixpkgs", 260 + "type": "github" 261 + } 262 + }, 263 + "nixpkgs-src_2": { 264 + "flake": false, 265 + "locked": { 266 + "lastModified": 1772173633, 267 + "narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=", 268 + "owner": "NixOS", 269 + "repo": "nixpkgs", 270 + "rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6", 271 + "type": "github" 272 + }, 273 + "original": { 274 + "owner": "NixOS", 275 + "ref": "nixpkgs-unstable", 276 + "repo": "nixpkgs", 277 + "type": "github" 278 + } 279 + }, 280 + "nixpkgs_2": { 281 + "inputs": { 282 + "nixpkgs-src": "nixpkgs-src_2" 283 + }, 284 + "locked": { 285 + "lastModified": 1772749504, 286 + "narHash": "sha256-eqtQIz0alxkQPym+Zh/33gdDjkkch9o6eHnMPnXFXN0=", 287 + "owner": "cachix", 288 + "repo": "devenv-nixpkgs", 289 + "rev": "08543693199362c1fddb8f52126030d0d374ba2e", 290 + "type": "github" 291 + }, 292 + "original": { 293 + "owner": "cachix", 294 + "ref": "rolling", 295 + "repo": "devenv-nixpkgs", 296 + "type": "github" 297 + } 298 + }, 299 + "root": { 300 + "inputs": { 301 + "devenv": "devenv", 302 + "nixpkgs": "nixpkgs_2", 303 + "rust-overlay": "rust-overlay", 304 + "systems": "systems" 305 + } 306 + }, 307 + "rust-overlay": { 308 + "inputs": { 309 + "nixpkgs": [ 310 + "nixpkgs" 311 + ] 312 + }, 313 + "locked": { 314 + "lastModified": 1772852295, 315 + "narHash": "sha256-3FB/WzLZSiU2Mc50C9q9VXU1LRUZbsU6UHKmZG1C+hU=", 316 + "owner": "oxalica", 317 + "repo": "rust-overlay", 318 + "rev": "c10801f59c68e14c308aea8fa6b0b3d81d43c61e", 319 + "type": "github" 320 + }, 321 + "original": { 322 + "owner": "oxalica", 323 + "repo": "rust-overlay", 324 + "type": "github" 325 + } 326 + }, 327 + "systems": { 328 + "locked": { 329 + "lastModified": 1681028828, 330 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 331 + "owner": "nix-systems", 332 + "repo": "default", 333 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 334 + "type": "github" 335 + }, 336 + "original": { 337 + "owner": "nix-systems", 338 + "repo": "default", 339 + "type": "github" 340 + } 341 + }, 342 + "treefmt-nix": { 343 + "inputs": { 344 + "nixpkgs": [ 345 + "devenv", 346 + "nixd", 347 + "nixpkgs" 348 + ] 349 + }, 350 + "locked": { 351 + "lastModified": 1734704479, 352 + "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", 353 + "owner": "numtide", 354 + "repo": "treefmt-nix", 355 + "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", 356 + "type": "github" 357 + }, 358 + "original": { 359 + "owner": "numtide", 360 + "repo": "treefmt-nix", 361 + "type": "github" 362 + } 363 + } 364 + }, 365 + "root": "root", 366 + "version": 7 367 + }
+33
flake.nix
··· 1 + { 2 + description = "ezpds development shell"; 3 + 4 + nixConfig = { 5 + extra-substituters = "https://devenv.cachix.org"; 6 + extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="; 7 + allow-import-from-derivation = true; 8 + }; 9 + 10 + inputs = { 11 + nixpkgs.url = "github:cachix/devenv-nixpkgs/rolling"; 12 + devenv.url = "github:cachix/devenv"; 13 + systems.url = "github:nix-systems/default"; 14 + rust-overlay.url = "github:oxalica/rust-overlay"; 15 + rust-overlay.inputs = { nixpkgs.follows = "nixpkgs"; }; 16 + }; 17 + 18 + outputs = { self, nixpkgs, devenv, systems, rust-overlay, ... } @ inputs: 19 + let 20 + forEachSystem = f: nixpkgs.lib.genAttrs (import systems) f; 21 + in { 22 + devShells = forEachSystem (system: 23 + let 24 + pkgs = nixpkgs.legacyPackages.${system}; 25 + in { 26 + default = devenv.lib.mkShell { 27 + inherit inputs pkgs; 28 + modules = [ ./devenv.nix ]; 29 + }; 30 + } 31 + ); 32 + }; 33 + }
+4
rust-toolchain.toml
··· 1 + [toolchain] 2 + channel = "stable" 3 + components = ["rustfmt", "clippy", "rust-analyzer"] 4 + targets = ["aarch64-apple-darwin", "x86_64-apple-darwin", "x86_64-unknown-linux-gnu", "aarch64-unknown-linux-gnu"]

History

2 rounds 0 comments
sign up or login to add to the discussion
malpercio.dev submitted #1
interdiff
7 commits
expand
2649f8be
docs: add MM-64 design plan — Nix flake + devenv dev shell
449b2a11
chore(MM-64): add Nix flake + devenv dev shell configuration
37f613ef
fix(MM-64): add rust-overlay input and allow-import-from-derivation
e533e076
chore(MM-64): commit generated flake.lock
1cc5cbb1
docs: add root CLAUDE.md with project context for MM-64
4690d71e
docs: add test plan for MM-64 Nix flake + devenv dev shell
86dc113b
fix(MM-64): address PR review — targets, devenv.nix, CLAUDE.md, test plan
expand 0 comments
pull request successfully merged
malpercio.dev submitted #0
diff
6 commits
expand
2649f8be
docs: add MM-64 design plan — Nix flake + devenv dev shell
449b2a11
chore(MM-64): add Nix flake + devenv dev shell configuration
37f613ef
fix(MM-64): add rust-overlay input and allow-import-from-derivation
e533e076
chore(MM-64): commit generated flake.lock
1cc5cbb1
docs: add root CLAUDE.md with project context for MM-64
4690d71e
docs: add test plan for MM-64 Nix flake + devenv dev shell
expand 0 comments