diff --git a/flake.lock b/flake.lock
index 1d243dc..2ce6df9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,184 @@
{
"nodes": {
+ "HTTP": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1451647621,
+ "narHash": "sha256-oHIyw3x0iKBexEo49YeUDV1k74ZtyYKGR2gNJXXRxts=",
+ "owner": "phadej",
+ "repo": "HTTP",
+ "rev": "9bc0996d412fef1787449d841277ef663ad9a915",
+ "type": "github"
+ },
+ "original": {
+ "owner": "phadej",
+ "repo": "HTTP",
+ "type": "github"
+ }
+ },
+ "blank": {
+ "locked": {
+ "lastModified": 1625557891,
+ "narHash": "sha256-O8/MWsPBGhhyPoPLHZAuoZiiHo9q6FLlEeIDEXuj6T4=",
+ "owner": "divnix",
+ "repo": "blank",
+ "rev": "5a5d2684073d9f563072ed07c871d577a6c614a8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "divnix",
+ "repo": "blank",
+ "type": "github"
+ }
+ },
+ "cabal-32": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1603716527,
+ "narHash": "sha256-X0TFfdD4KZpwl0Zr6x+PLxUt/VyKQfX7ylXHdmZIL+w=",
+ "owner": "haskell",
+ "repo": "cabal",
+ "rev": "48bf10787e27364730dd37a42b603cee8d6af7ee",
+ "type": "github"
+ },
+ "original": {
+ "owner": "haskell",
+ "ref": "3.2",
+ "repo": "cabal",
+ "type": "github"
+ }
+ },
+ "cabal-34": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1645834128,
+ "narHash": "sha256-wG3d+dOt14z8+ydz4SL7pwGfe7SiimxcD/LOuPCV6xM=",
+ "owner": "haskell",
+ "repo": "cabal",
+ "rev": "5ff598c67f53f7c4f48e31d722ba37172230c462",
+ "type": "github"
+ },
+ "original": {
+ "owner": "haskell",
+ "ref": "3.4",
+ "repo": "cabal",
+ "type": "github"
+ }
+ },
+ "cabal-36": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1669081697,
+ "narHash": "sha256-I5or+V7LZvMxfbYgZATU4awzkicBwwok4mVoje+sGmU=",
+ "owner": "haskell",
+ "repo": "cabal",
+ "rev": "8fd619e33d34924a94e691c5fea2c42f0fc7f144",
+ "type": "github"
+ },
+ "original": {
+ "owner": "haskell",
+ "ref": "3.6",
+ "repo": "cabal",
+ "type": "github"
+ }
+ },
+ "cardano-shell": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1608537748,
+ "narHash": "sha256-PulY1GfiMgKVnBci3ex4ptk2UNYMXqGjJOxcPy2KYT4=",
+ "owner": "input-output-hk",
+ "repo": "cardano-shell",
+ "rev": "9392c75087cb9a3d453998f4230930dea3a95725",
+ "type": "github"
+ },
+ "original": {
+ "owner": "input-output-hk",
+ "repo": "cardano-shell",
+ "type": "github"
+ }
+ },
+ "deploy-rs": {
+ "inputs": {
+ "flake-compat": "flake-compat_2",
+ "nixpkgs": "nixpkgs_2",
+ "utils": "utils"
+ },
+ "locked": {
+ "lastModified": 1648475189,
+ "narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=",
+ "owner": "serokell",
+ "repo": "deploy-rs",
+ "rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3",
+ "type": "github"
+ },
+ "original": {
+ "id": "deploy-rs",
+ "type": "indirect"
+ }
+ },
+ "devshell": {
+ "inputs": {
+ "flake-utils": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1663445644,
+ "narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=",
+ "owner": "numtide",
+ "repo": "devshell",
+ "rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "devshell",
+ "type": "github"
+ }
+ },
+ "dmerge": {
+ "inputs": {
+ "nixlib": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "nixpkgs"
+ ],
+ "yants": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "yants"
+ ]
+ },
+ "locked": {
+ "lastModified": 1659548052,
+ "narHash": "sha256-fzI2gp1skGA8mQo/FBFrUAtY0GQkAIAaV/V127TJPyY=",
+ "owner": "divnix",
+ "repo": "data-merge",
+ "rev": "d160d18ce7b1a45b88344aa3f13ed1163954b497",
+ "type": "github"
+ },
+ "original": {
+ "owner": "divnix",
+ "repo": "data-merge",
+ "type": "github"
+ }
+ },
"flake-compat": {
"flake": false,
"locked": {
@@ -16,6 +195,70 @@
"type": "github"
}
},
+ "flake-compat_2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1648199409,
+ "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_3": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1627913399,
+ "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
+ "type": "github"
+ },
+ "original": {
+ "id": "flake-compat",
+ "type": "indirect"
+ }
+ },
+ "flake-compat_4": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1672831974,
+ "narHash": "sha256-z9k3MfslLjWQfnjBtEtJZdq3H7kyi2kQtUThfTgdRk0=",
+ "owner": "input-output-hk",
+ "repo": "flake-compat",
+ "rev": "45f2638735f8cdc40fe302742b79f248d23eb368",
+ "type": "github"
+ },
+ "original": {
+ "owner": "input-output-hk",
+ "ref": "hkm/gitlab-fix",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_5": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1650374568,
+ "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
"flake-utils": {
"locked": {
"lastModified": 1601282935,
@@ -31,6 +274,99 @@
"type": "github"
}
},
+ "flake-utils_2": {
+ "locked": {
+ "lastModified": 1631561581,
+ "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
+ "type": "github"
+ },
+ "original": {
+ "id": "flake-utils",
+ "type": "indirect"
+ }
+ },
+ "flake-utils_3": {
+ "locked": {
+ "lastModified": 1667395993,
+ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_4": {
+ "locked": {
+ "lastModified": 1653893745,
+ "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_5": {
+ "locked": {
+ "lastModified": 1659877975,
+ "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "get-tested-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1704576937,
+ "narHash": "sha256-STgnzFljXb4deHTGrIQc56YMX7Unmiy8P9NWwkChbYI=",
+ "owner": "Kleidukos",
+ "repo": "get-tested",
+ "rev": "64f016a0c53edfe52c237301ce062455344b51ac",
+ "type": "github"
+ },
+ "original": {
+ "owner": "Kleidukos",
+ "ref": "v0.1.6.0",
+ "repo": "get-tested",
+ "type": "github"
+ }
+ },
+ "ghc-8.6.5-iohk": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1600920045,
+ "narHash": "sha256-DO6kxJz248djebZLpSzTGD6s8WRpNI9BTwUeOf5RwY8=",
+ "owner": "input-output-hk",
+ "repo": "ghc",
+ "rev": "95713a6ecce4551240da7c96b6176f980af75cae",
+ "type": "github"
+ },
+ "original": {
+ "owner": "input-output-hk",
+ "ref": "release/8.6.5-iohk",
+ "repo": "ghc",
+ "type": "github"
+ }
+ },
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -51,44 +387,836 @@
"type": "github"
}
},
- "mix-to-nix": {
+ "gitignore-nix": {
"flake": false,
"locked": {
- "lastModified": 1582143122,
- "narHash": "sha256-bTDz1rGzdq0Bjer2EOC6OamSml7Wb3djaD7AMUhldVI=",
- "owner": "serokell",
- "repo": "mix-to-nix",
- "rev": "b5f210e5c6f489c820608327a046727bf86f467b",
+ "lastModified": 1611672876,
+ "narHash": "sha256-qHu3uZ/o9jBHiA3MEKHJ06k7w4heOhA+4HCSIvflRxo=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "211907489e9f198594c0eb0ca9256a1949c9d412",
"type": "github"
},
"original": {
- "owner": "serokell",
- "ref": "transumption",
- "repo": "mix-to-nix",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
"type": "github"
}
},
- "nixpkgs": {
+ "gomod2nix": {
+ "inputs": {
+ "nixpkgs": "nixpkgs_4",
+ "utils": "utils_2"
+ },
"locked": {
- "lastModified": 1602126357,
- "narHash": "sha256-9CVubBIrWzdWZCVVa0uF5OHls19r5gZz3qMeEAJPowQ=",
+ "lastModified": 1655245309,
+ "narHash": "sha256-d/YPoQ/vFn1+GTmSdvbSBSTOai61FONxB4+Lt6w/IVI=",
+ "owner": "tweag",
+ "repo": "gomod2nix",
+ "rev": "40d32f82fc60d66402eb0972e6e368aeab3faf58",
+ "type": "github"
+ },
+ "original": {
+ "owner": "tweag",
+ "repo": "gomod2nix",
+ "type": "github"
+ }
+ },
+ "hackage": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1678926579,
+ "narHash": "sha256-5t1QRBTsEM2wREtDf3xrHp9Kphs+AdQZKAEltaylIJQ=",
+ "owner": "input-output-hk",
+ "repo": "hackage.nix",
+ "rev": "fb58b0ba5773c5f0211f284b0fae061426cf8267",
+ "type": "github"
+ },
+ "original": {
+ "owner": "input-output-hk",
+ "repo": "hackage.nix",
+ "type": "github"
+ }
+ },
+ "haskell-nix": {
+ "inputs": {
+ "HTTP": "HTTP",
+ "cabal-32": "cabal-32",
+ "cabal-34": "cabal-34",
+ "cabal-36": "cabal-36",
+ "cardano-shell": "cardano-shell",
+ "flake-compat": "flake-compat_4",
+ "flake-utils": "flake-utils_3",
+ "ghc-8.6.5-iohk": "ghc-8.6.5-iohk",
+ "hackage": "hackage",
+ "hpc-coveralls": "hpc-coveralls",
+ "hydra": "hydra",
+ "iserv-proxy": "iserv-proxy",
+ "nixpkgs": [
+ "serokell-nix",
+ "haskell-nix",
+ "nixpkgs-unstable"
+ ],
+ "nixpkgs-2003": "nixpkgs-2003",
+ "nixpkgs-2105": "nixpkgs-2105",
+ "nixpkgs-2111": "nixpkgs-2111",
+ "nixpkgs-2205": "nixpkgs-2205",
+ "nixpkgs-2211": "nixpkgs-2211",
+ "nixpkgs-unstable": "nixpkgs-unstable",
+ "old-ghc-nix": "old-ghc-nix",
+ "stackage": "stackage",
+ "tullia": "tullia"
+ },
+ "locked": {
+ "lastModified": 1678950661,
+ "narHash": "sha256-lvL54W90BTvwLVnFjPYmFVmgHyaGcFrt5FBy1F0rro8=",
+ "owner": "input-output-hk",
+ "repo": "haskell.nix",
+ "rev": "fce554bc6a41d12f7a18a0e8290bf43f925d7a29",
+ "type": "github"
+ },
+ "original": {
+ "id": "haskell-nix",
+ "type": "indirect"
+ }
+ },
+ "hpc-coveralls": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1607498076,
+ "narHash": "sha256-8uqsEtivphgZWYeUo5RDUhp6bO9j2vaaProQxHBltQk=",
+ "owner": "sevanspowell",
+ "repo": "hpc-coveralls",
+ "rev": "14df0f7d229f4cd2e79f8eabb1a740097fdfa430",
+ "type": "github"
+ },
+ "original": {
+ "owner": "sevanspowell",
+ "repo": "hpc-coveralls",
+ "type": "github"
+ }
+ },
+ "hydra": {
+ "inputs": {
+ "nix": "nix",
+ "nixpkgs": [
+ "serokell-nix",
+ "haskell-nix",
+ "hydra",
+ "nix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1671755331,
+ "narHash": "sha256-hXsgJj0Cy0ZiCiYdW2OdBz5WmFyOMKuw4zyxKpgUKm4=",
"owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "8aeaba64d757e5cc626ac525f7504308de83741f",
+ "repo": "hydra",
+ "rev": "f48f00ee6d5727ae3e488cbf9ce157460853fea8",
"type": "github"
},
"original": {
- "id": "nixpkgs",
+ "id": "hydra",
"type": "indirect"
}
},
- "root": {
+ "incl": {
"inputs": {
- "flake-compat": "flake-compat",
- "flake-utils": "flake-utils",
- "gitignore": "gitignore",
- "mix-to-nix": "mix-to-nix",
- "nixpkgs": "nixpkgs"
+ "nixlib": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1669263024,
+ "narHash": "sha256-E/+23NKtxAqYG/0ydYgxlgarKnxmDbg6rCMWnOBqn9Q=",
+ "owner": "divnix",
+ "repo": "incl",
+ "rev": "ce7bebaee048e4cd7ebdb4cee7885e00c4e2abca",
+ "type": "github"
+ },
+ "original": {
+ "owner": "divnix",
+ "repo": "incl",
+ "type": "github"
+ }
+ },
+ "iserv-proxy": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1670983692,
+ "narHash": "sha256-avLo34JnI9HNyOuauK5R69usJm+GfW3MlyGlYxZhTgY=",
+ "ref": "hkm/remote-iserv",
+ "rev": "50d0abb3317ac439a4e7495b185a64af9b7b9300",
+ "revCount": 10,
+ "type": "git",
+ "url": "https://gitlab.haskell.org/hamishmack/iserv-proxy.git"
+ },
+ "original": {
+ "ref": "hkm/remote-iserv",
+ "type": "git",
+ "url": "https://gitlab.haskell.org/hamishmack/iserv-proxy.git"
+ }
+ },
+ "lowdown-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1633514407,
+ "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+ "owner": "kristapsdz",
+ "repo": "lowdown",
+ "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "kristapsdz",
+ "repo": "lowdown",
+ "type": "github"
+ }
+ },
+ "lowdown-src_2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1632468475,
+ "narHash": "sha256-NNOm9CbdA8cuwbvaBHslGbPTiU6bh1Ao+MpEPx4rSGo=",
+ "owner": "kristapsdz",
+ "repo": "lowdown",
+ "rev": "6bd668af3fd098bdd07a1bedd399564141e275da",
+ "type": "github"
+ },
+ "original": {
+ "owner": "kristapsdz",
+ "repo": "lowdown",
+ "type": "github"
+ }
+ },
+ "mix-to-nix": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1582143122,
+ "narHash": "sha256-bTDz1rGzdq0Bjer2EOC6OamSml7Wb3djaD7AMUhldVI=",
+ "owner": "serokell",
+ "repo": "mix-to-nix",
+ "rev": "b5f210e5c6f489c820608327a046727bf86f467b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "serokell",
+ "ref": "transumption",
+ "repo": "mix-to-nix",
+ "type": "github"
+ }
+ },
+ "n2c": {
+ "inputs": {
+ "flake-utils": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1665039323,
+ "narHash": "sha256-SAh3ZjFGsaCI8FRzXQyp56qcGdAqgKEfJWPCQ0Sr7tQ=",
+ "owner": "nlewo",
+ "repo": "nix2container",
+ "rev": "b008fe329ffb59b67bf9e7b08ede6ee792f2741a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nlewo",
+ "repo": "nix2container",
+ "type": "github"
+ }
+ },
+ "nix": {
+ "inputs": {
+ "lowdown-src": "lowdown-src",
+ "nixpkgs": "nixpkgs_3",
+ "nixpkgs-regression": "nixpkgs-regression"
+ },
+ "locked": {
+ "lastModified": 1661606874,
+ "narHash": "sha256-9+rpYzI+SmxJn+EbYxjGv68Ucp22bdFUSy/4LkHkkDQ=",
+ "owner": "NixOS",
+ "repo": "nix",
+ "rev": "11e45768b34fdafdcf019ddbd337afa16127ff0f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "2.11.0",
+ "repo": "nix",
+ "type": "github"
+ }
+ },
+ "nix-nomad": {
+ "inputs": {
+ "flake-compat": "flake-compat_5",
+ "flake-utils": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "nix2container",
+ "flake-utils"
+ ],
+ "gomod2nix": "gomod2nix",
+ "nixpkgs": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "nixpkgs"
+ ],
+ "nixpkgs-lib": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1658277770,
+ "narHash": "sha256-T/PgG3wUn8Z2rnzfxf2VqlR1CBjInPE0l1yVzXxPnt0=",
+ "owner": "tristanpemble",
+ "repo": "nix-nomad",
+ "rev": "054adcbdd0a836ae1c20951b67ed549131fd2d70",
+ "type": "github"
+ },
+ "original": {
+ "owner": "tristanpemble",
+ "repo": "nix-nomad",
+ "type": "github"
+ }
+ },
+ "nix2container": {
+ "inputs": {
+ "flake-utils": "flake-utils_4",
+ "nixpkgs": "nixpkgs_5"
+ },
+ "locked": {
+ "lastModified": 1658567952,
+ "narHash": "sha256-XZ4ETYAMU7XcpEeAFP3NOl9yDXNuZAen/aIJ84G+VgA=",
+ "owner": "nlewo",
+ "repo": "nix2container",
+ "rev": "60bb43d405991c1378baf15a40b5811a53e32ffa",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nlewo",
+ "repo": "nix2container",
+ "type": "github"
+ }
+ },
+ "nix_2": {
+ "inputs": {
+ "lowdown-src": "lowdown-src_2",
+ "nixpkgs": "nixpkgs_7"
+ },
+ "locked": {
+ "lastModified": 1633098935,
+ "narHash": "sha256-UtuBczommNLwUNEnfRI7822z4vPA7OoRKsgAZ8zsHQI=",
+ "owner": "nixos",
+ "repo": "nix",
+ "rev": "4f496150eb4e0012914c11f0a3ff4df2412b1d09",
+ "type": "github"
+ },
+ "original": {
+ "id": "nix",
+ "type": "indirect"
+ }
+ },
+ "nixago": {
+ "inputs": {
+ "flake-utils": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "flake-utils"
+ ],
+ "nixago-exts": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "blank"
+ ],
+ "nixpkgs": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1661824785,
+ "narHash": "sha256-/PnwdWoO/JugJZHtDUioQp3uRiWeXHUdgvoyNbXesz8=",
+ "owner": "nix-community",
+ "repo": "nixago",
+ "rev": "8c1f9e5f1578d4b2ea989f618588d62a335083c3",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nixago",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1602126357,
+ "narHash": "sha256-9CVubBIrWzdWZCVVa0uF5OHls19r5gZz3qMeEAJPowQ=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "8aeaba64d757e5cc626ac525f7504308de83741f",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs-2003": {
+ "locked": {
+ "lastModified": 1620055814,
+ "narHash": "sha256-8LEHoYSJiL901bTMVatq+rf8y7QtWuZhwwpKE2fyaRY=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "1db42b7fe3878f3f5f7a4f2dc210772fd080e205",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-20.03-darwin",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-2105": {
+ "locked": {
+ "lastModified": 1659914493,
+ "narHash": "sha256-lkA5X3VNMKirvA+SUzvEhfA7XquWLci+CGi505YFAIs=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "022caabb5f2265ad4006c1fa5b1ebe69fb0c3faf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-21.05-darwin",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-2111": {
+ "locked": {
+ "lastModified": 1659446231,
+ "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-21.11-darwin",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-2205": {
+ "locked": {
+ "lastModified": 1672580127,
+ "narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "0874168639713f547c05947c76124f78441ea46c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-22.05-darwin",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-2211": {
+ "locked": {
+ "lastModified": 1675730325,
+ "narHash": "sha256-uNvD7fzO5hNlltNQUAFBPlcEjNG5Gkbhl/ROiX+GZU4=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "b7ce17b1ebf600a72178f6302c77b6382d09323f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-22.11-darwin",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-regression": {
+ "locked": {
+ "lastModified": 1643052045,
+ "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+ "type": "github"
+ }
+ },
+ "nixpkgs-unstable": {
+ "locked": {
+ "lastModified": 1675758091,
+ "narHash": "sha256-7gFSQbSVAFUHtGCNHPF7mPc5CcqDk9M2+inlVPZSneg=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "747927516efcb5e31ba03b7ff32f61f6d47e7d87",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1648219316,
+ "narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1657693803,
+ "narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "365e1b3a859281cf11b94f87231adeabbdd878a2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-22.05-small",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1653581809,
+ "narHash": "sha256-Uvka0V5MTGbeOfWte25+tfRL3moECDh1VwokWSZUdoY=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "83658b28fe638a170a19b8933aa008b30640fbd1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
+ "lastModified": 1654807842,
+ "narHash": "sha256-ADymZpr6LuTEBXcy6RtFHcUZdjKTBRTMYwu19WOx17E=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "fc909087cc3386955f21b4665731dbdaceefb1d8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_6": {
+ "locked": {
+ "lastModified": 1665087388,
+ "narHash": "sha256-FZFPuW9NWHJteATOf79rZfwfRn5fE0wi9kRzvGfDHPA=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "95fda953f6db2e9496d2682c4fc7b82f959878f7",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "nixpkgs-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_7": {
+ "locked": {
+ "lastModified": 1632864508,
+ "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "82891b5e2c2359d7e58d08849e4c89511ab94234",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-21.05-small",
+ "type": "indirect"
+ }
+ },
+ "nixpkgs_8": {
+ "locked": {
+ "lastModified": 1702386253,
+ "narHash": "sha256-gWyY0ZnlyugHRthZQBmFfxeKNDq2o6g7kaSU1lwyj74=",
+ "owner": "serokell",
+ "repo": "nixpkgs",
+ "rev": "4a0f28c92f803406ca2eed0cce08230447ad9d01",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "type": "indirect"
+ }
+ },
+ "nosys": {
+ "locked": {
+ "lastModified": 1667881534,
+ "narHash": "sha256-FhwJ15uPLRsvaxtt/bNuqE/ykMpNAPF0upozFKhTtXM=",
+ "owner": "divnix",
+ "repo": "nosys",
+ "rev": "2d0d5207f6a230e9d0f660903f8db9807b54814f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "divnix",
+ "repo": "nosys",
+ "type": "github"
+ }
+ },
+ "old-ghc-nix": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1631092763,
+ "narHash": "sha256-sIKgO+z7tj4lw3u6oBZxqIhDrzSkvpHtv0Kki+lh9Fg=",
+ "owner": "angerman",
+ "repo": "old-ghc-nix",
+ "rev": "af48a7a7353e418119b6dfe3cd1463a657f342b8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "angerman",
+ "ref": "master",
+ "repo": "old-ghc-nix",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "flake-compat": "flake-compat",
+ "flake-utils": "flake-utils",
+ "gitignore": "gitignore",
+ "mix-to-nix": "mix-to-nix",
+ "nixpkgs": "nixpkgs",
+ "serokell-nix": "serokell-nix"
+ }
+ },
+ "serokell-nix": {
+ "inputs": {
+ "deploy-rs": "deploy-rs",
+ "flake-compat": "flake-compat_3",
+ "flake-utils": "flake-utils_2",
+ "get-tested-src": "get-tested-src",
+ "gitignore-nix": "gitignore-nix",
+ "haskell-nix": "haskell-nix",
+ "nix": "nix_2",
+ "nixpkgs": "nixpkgs_8"
+ },
+ "locked": {
+ "lastModified": 1708509454,
+ "narHash": "sha256-lThJVjAQsAeHrzw7wRwLq4r9Hx3w2feebRB8UN6K2vg=",
+ "owner": "serokell",
+ "repo": "serokell.nix",
+ "rev": "fdf87eb607930202058d10db80cf7e6558614862",
+ "type": "github"
+ },
+ "original": {
+ "owner": "serokell",
+ "repo": "serokell.nix",
+ "type": "github"
+ }
+ },
+ "stackage": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1678925630,
+ "narHash": "sha256-rl8qnpAUJl4tRZpaZ5DpgSueNfreArW09t4zTnOaoYA=",
+ "owner": "input-output-hk",
+ "repo": "stackage.nix",
+ "rev": "bf29b23fb77017e78c6e7b199b2c7bfb5079c4cd",
+ "type": "github"
+ },
+ "original": {
+ "owner": "input-output-hk",
+ "repo": "stackage.nix",
+ "type": "github"
+ }
+ },
+ "std": {
+ "inputs": {
+ "arion": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "blank"
+ ],
+ "blank": "blank",
+ "devshell": "devshell",
+ "dmerge": "dmerge",
+ "flake-utils": "flake-utils_5",
+ "incl": "incl",
+ "makes": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "blank"
+ ],
+ "microvm": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "blank"
+ ],
+ "n2c": "n2c",
+ "nixago": "nixago",
+ "nixpkgs": "nixpkgs_6",
+ "nosys": "nosys",
+ "yants": "yants"
+ },
+ "locked": {
+ "lastModified": 1674526466,
+ "narHash": "sha256-tMTaS0bqLx6VJ+K+ZT6xqsXNpzvSXJTmogkraBGzymg=",
+ "owner": "divnix",
+ "repo": "std",
+ "rev": "516387e3d8d059b50e742a2ff1909ed3c8f82826",
+ "type": "github"
+ },
+ "original": {
+ "owner": "divnix",
+ "repo": "std",
+ "type": "github"
+ }
+ },
+ "tullia": {
+ "inputs": {
+ "nix-nomad": "nix-nomad",
+ "nix2container": "nix2container",
+ "nixpkgs": [
+ "serokell-nix",
+ "haskell-nix",
+ "nixpkgs"
+ ],
+ "std": "std"
+ },
+ "locked": {
+ "lastModified": 1675695930,
+ "narHash": "sha256-B7rEZ/DBUMlK1AcJ9ajnAPPxqXY6zW2SBX+51bZV0Ac=",
+ "owner": "input-output-hk",
+ "repo": "tullia",
+ "rev": "621365f2c725608f381b3ad5b57afef389fd4c31",
+ "type": "github"
+ },
+ "original": {
+ "owner": "input-output-hk",
+ "repo": "tullia",
+ "type": "github"
+ }
+ },
+ "utils": {
+ "locked": {
+ "lastModified": 1648297722,
+ "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "utils_2": {
+ "locked": {
+ "lastModified": 1653893745,
+ "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "yants": {
+ "inputs": {
+ "nixpkgs": [
+ "serokell-nix",
+ "haskell-nix",
+ "tullia",
+ "std",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1667096281,
+ "narHash": "sha256-wRRec6ze0gJHmGn6m57/zhz/Kdvp9HS4Nl5fkQ+uIuA=",
+ "owner": "divnix",
+ "repo": "yants",
+ "rev": "d18f356ec25cb94dc9c275870c3a7927a10f8c3c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "divnix",
+ "repo": "yants",
+ "type": "github"
}
}
},
diff --git a/flake.nix b/flake.nix
index 46e11a6..875e691 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,8 +16,10 @@
inputs.flake-utils.url = "github:numtide/flake-utils";
- outputs = { self, nixpkgs, gitignore, mix-to-nix, flake-utils, ... }: ({
- nixosModules.hermetic = import ./module.nix;
+ inputs.serokell-nix.url = "github:serokell/serokell.nix";
+
+ outputs = { self, nixpkgs, gitignore, mix-to-nix, flake-utils, serokell-nix, ... }: ({
+ nixosModules.hermetic = import ./module.nix { inherit serokell-nix; };
} // flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
diff --git a/module.nix b/module.nix
index 1de5e37..39b14e5 100644
--- a/module.nix
+++ b/module.nix
@@ -1,13 +1,14 @@
-# SPDX-FileCopyrightText: 2020 Serokell
+# SPDX-FileCopyrightText: 2020-2023 Serokell
#
# SPDX-License-Identifier: MPL-2.0
-
+{ serokell-nix }:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.hermetic;
+ inherit (serokell-nix.lib.systemd) hardeningProfiles withHardeningProfile;
in
{
@@ -71,12 +72,29 @@ in
${cfg.package}/bin/hermetic start
'';
- serviceConfig = {
+ serviceConfig = withHardeningProfile hardeningProfiles.backend {
EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
DynamicUser = true;
WorkingDirectory = cfg.package;
Restart = "on-failure";
RestartSec = "1min";
+
+ SystemCallFilter = [
+ "~@clock"
+ "~@debug"
+ "~@module"
+ "~@mount"
+ "~@raw-io"
+ "~@reboot"
+ "~@swap"
+ "~@privileged"
+ "~@resources"
+ "~@cpu-emulation"
+ "~@obsolete"
+
+ # override hardening profile
+ "@chown"
+ ];
};
};
};