Skip to content

feat: nix flake packaging#583

Merged
jdx merged 2 commits into
jdx:mainfrom
o-az:o-az/nix-flake
Jul 1, 2026
Merged

feat: nix flake packaging#583
jdx merged 2 commits into
jdx:mainfrom
o-az:o-az/nix-flake

Conversation

@o-az

@o-az o-az commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Adds Nix flake support for fnox.

User guide:

Add to your Nix flakes setup:

  • In flake.nix:
     inputs.fnox.url = "github:jdx/fnox";
  • Then consume
     inputs.fnox.packages.${system}.default

Run without installing using nix CLI:

nix run github:jdx/fnox

Summary by CodeRabbit

  • New Features
    • Added packaged build support for the project, making it easier to run the app and use it in Nix-based workflows.
    • Exposed the app as a runnable command and provided a development shell with common Rust tooling.
  • Chores
    • Updated ignore rules to prevent generated build output from being tracked.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds a Nix flake (flake.nix) that builds the fnox Rust package using crane, exposing packages, an app, and a dev shell, and updates .gitignore to exclude the Nix build output directory "result".

Changes

Nix Flake Setup

Layer / File(s) Summary
Flake definition and packaging
flake.nix, .gitignore
Defines flake inputs (nixpkgs, crane, flake-utils), builds fnox via crane with custom source filtering, dependency-only build, and package metadata; exposes packages.default/fnox, apps.default, and devShells.default; ignores the result build output in .gitignore.

Estimated code review effort: 1 (Trivial) | ~5 minutes

Poem

A flake in the warren, crisp and new,
Packaging fnox for me and you.
"result" hops away, ignored with glee,
cargo, clippy, rustfmt — a dev shell spree! 🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: adding Nix flake packaging support for the project.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown

Greptile Summary

This PR adds Nix flake packaging for fnox using crane for Rust builds, exposing a default package, app, and dev shell across all default systems.

  • flake.nix: Defines the build with crane.buildPackage, separating dependency compilation (buildDepsOnly) from the final package build. Includes a source filter for assets, Linux build inputs (dbus, udev), and a dev shell with cargo/clippy/rustfmt.
  • flake.lock: Pins nixpkgs (nixos-unstable), crane, flake-utils, and nix-systems to specific revisions for reproducibility.
  • .gitignore: Adds the result symlink that Nix creates after a successful build.

Confidence Score: 3/5

The flake will fail to build on both Linux and macOS due to missing build-time dependencies and should not be merged as-is.

Two build-breaking gaps exist in flake.nix: aws-lc-sys (pulled in by both jsonwebtoken and rustls with their aws_lc_rs features) requires cmake and go at compile time, which are absent from nativeBuildInputs; and apple-native-keyring-store with the keychain feature requires the macOS Security and CoreFoundation frameworks, which are absent from buildInputs for Darwin.

flake.nix — the nativeBuildInputs and Darwin buildInputs sections need the additions described in the inline comments

Important Files Changed

Filename Overview
flake.nix New Nix flake build definition using crane; missing cmake in nativeBuildInputs (required by aws-lc-sys) and missing macOS Security framework in buildInputs, both of which will cause build failures on their respective platforms
flake.lock Auto-generated lockfile pinning crane, flake-utils, nixpkgs (nixos-unstable), and nix-systems to specific revisions; looks correct
.gitignore Adds result to gitignore to exclude Nix build output symlinks; correct and expected addition

Reviews (1): Last reviewed commit: "feat: flake-utils" | Re-trigger Greptile

Comment thread flake.nix
Comment on lines +31 to +34
nativeBuildInputs = with pkgs; [
perl
pkg-config
];

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 The project pulls in aws-lc-sys transitively (via jsonwebtoken with features = ["aws_lc_rs"] and rustls with features = ["aws-lc-rs"] in Cargo.toml). aws-lc-sys unconditionally invokes CMake to compile the bundled C library, so the Nix build will fail with "CMake not found" unless cmake (and typically go for the FIPS bootstrap) is added to nativeBuildInputs.

Suggested change
nativeBuildInputs = with pkgs; [
perl
pkg-config
];
nativeBuildInputs = with pkgs; [
cmake
go
perl
pkg-config
];

Comment thread flake.nix
Comment on lines +35 to +41
buildInputs =
with pkgs;
[ ]
++ lib.optionals stdenv.isLinux [
dbus
udev
];

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 apple-native-keyring-store with the keychain feature (present in Cargo.toml) links against the macOS Security framework at compile time. Without the framework in buildInputs for Darwin, the macOS build will fail with an unresolved linker error. darwin.apple_sdk.frameworks.Security (and typically darwin.apple_sdk.frameworks.CoreFoundation) should be added.

Suggested change
buildInputs =
with pkgs;
[ ]
++ lib.optionals stdenv.isLinux [
dbus
udev
];
buildInputs =
with pkgs;
[ ]
++ lib.optionals stdenv.isLinux [
dbus
udev
]
++ lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.CoreFoundation
darwin.apple_sdk.frameworks.Security
];

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Current nixpkgs Darwin stdenv includes the default SDK/framework paths already so this shouldn’t be needed. Adding these SDK framework inputs manually breaks the build.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right — on Darwin, nixpkgs' stdenv already includes the SDK and default framework search paths, so explicitly adding darwin.apple_sdk.frameworks.Security is not only unnecessary but can cause linker conflicts. My comment was incorrect here.

Shall I remember this as a rule: "Do not suggest adding darwin.apple_sdk.frameworks.* to buildInputs in nixpkgs flakes, as the Darwin stdenv already includes default SDK/framework paths and manual additions can break the build"?

Tip: You can customize Greptile's behavior for this repo with .greptile/rules.md and .greptile/config.json.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@flake.nix`:
- Around line 75-81: The dev shell setup in devShells.default only exposes
cargo, clippy, and rustfmt, so it still lacks rustc and the package build inputs
needed for local builds. Update the mkShell definition to include rustc in
packages and add inputsFrom = [ fnox ]; so the shell inherits the crate’s native
build dependencies. Keep the fix within the devShells.default block in
flake.nix.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 5324e1be-1f5e-4adb-8957-677b8ae3518b

📥 Commits

Reviewing files that changed from the base of the PR and between 9d774a1 and c658798.

⛔ Files ignored due to path filters (1)
  • flake.lock is excluded by !**/*.lock
📒 Files selected for processing (2)
  • .gitignore
  • flake.nix

Comment thread flake.nix
Comment on lines +75 to +81
devShells.default = pkgs.mkShell {
packages = with pkgs; [
cargo
clippy
rustfmt
];
};

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== flake.nix outline =="
ast-grep outline flake.nix --view expanded || true

echo
echo "== relevant lines =="
nl -ba flake.nix | sed -n '1,180p'

Repository: jdx/fnox

Length of output: 256


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== locate rust toolchain and mkShell usage =="
rg -n "mkShell|inputsFrom|rustc|cargo|clippy|rustfmt|commonArgs|pkg-config|dbus|udev" flake.nix .

Repository: jdx/fnox

Length of output: 138


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== flake.nix size =="
wc -l flake.nix

echo
echo "== flake.nix relevant section =="
sed -n '1,220p' flake.nix | cat -n

echo
echo "== rust/toolchain references across repo =="
rg -n "inputsFrom|mkShell|rustc|cargo|clippy|rustfmt|pkg-config|dbus|udev|commonArgs|devShells\.default" .

Repository: jdx/fnox

Length of output: 11756


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Cargo.toml relevant dependencies =="
sed -n '1,140p' Cargo.toml | cat -n

echo
echo "== crate build scripts that may need system libraries =="
sed -n '1,120p' crates/fnox-core/build.rs | cat -n

Repository: jdx/fnox

Length of output: 6615


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== libdbus-sys and udev-related dependency paths =="
rg -n "libdbus-sys|udev|pkg-config|build.rs|vendored" Cargo.toml crates Cargo.lock

Repository: jdx/fnox

Length of output: 986


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Cargo.toml relevant dependencies =="
sed -n '1,140p' Cargo.toml | cat -n

echo
echo "== crate build scripts that may need system libraries =="
sed -n '1,120p' crates/fnox-core/build.rs | cat -n

echo
echo "== libdbus-sys and udev-related dependency paths =="
rg -n "libdbus-sys|udev|pkg-config|build.rs|vendored" Cargo.toml crates Cargo.lock

Repository: jdx/fnox

Length of output: 7456


🏁 Script executed:

#!/bin/bash
set -euo pipefail

python3 - <<'PY'
print("noop")
PY

Repository: jdx/fnox

Length of output: 151


Add the package inputs to the dev shell

nix develop only exposes cargo, clippy, and rustfmt, so it still misses rustc and the package’s native build inputs. Add inputsFrom = [ fnox ]; and rustc so the shell can build the crate locally.

🔧 Proposed fix
         devShells.default = pkgs.mkShell {
+          inputsFrom = [ fnox ];
           packages = with pkgs; [
+            rustc
             cargo
             clippy
             rustfmt
           ];
         };
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
devShells.default = pkgs.mkShell {
packages = with pkgs; [
cargo
clippy
rustfmt
];
};
devShells.default = pkgs.mkShell {
inputsFrom = [ fnox ];
packages = with pkgs; [
rustc
cargo
clippy
rustfmt
];
};
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@flake.nix` around lines 75 - 81, The dev shell setup in devShells.default
only exposes cargo, clippy, and rustfmt, so it still lacks rustc and the package
build inputs needed for local builds. Update the mkShell definition to include
rustc in packages and add inputsFrom = [ fnox ]; so the shell inherits the
crate’s native build dependencies. Keep the fix within the devShells.default
block in flake.nix.

@jdx jdx merged commit cf8ec3e into jdx:main Jul 1, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants