feat(flake): add reproducible Nix devShell and Linux package#785
Open
antono wants to merge 26 commits into
Open
feat(flake): add reproducible Nix devShell and Linux package#785antono wants to merge 26 commits into
antono wants to merge 26 commits into
Conversation
- flake-parts root with fenix Rust, crane Tauri build, treefmt - per-OS devShell on x86_64-linux, aarch64-linux, aarch64-darwin (Linux pulls WebKitGTK 4.1 + libsoup3 + GTK3 + Wayland/X11 stack with GIO_MODULE_DIR / XDG_DATA_DIRS / WEBKIT_DISABLE_DMABUF_RENDERER in shellHook) - Linux package output: fetchPnpmDeps v3 honours pnpm overrides and the 5 patchedDependencies; crane builds src-tauri with custom-protocol feature so the binary runs in production mode; wrapped with webkitgtk_4_1/libsoup3/openssl runtime libs and xdg-utils + desktop-file-utils + git + nodejs on PATH for sidecar spawning - nix/merge-pnpm-config.nix mirrors package.json#pnpm into pnpm-workspace.yaml inside the sandbox so pnpm 11 frozen-install validates against the lockfile without touching repo source - treefmt module wires nixpkgs-fmt + rustfmt + prettier (markdown/yaml only; Biome keeps owning JS/TS)
- .envrc bootstraps nix-direnv 3.0.4 via `use flake` - .gitignore excludes `result`, `result-*`, `.direnv/`
- Nix install subsection: nix run / nix profile install from the flake - Linux deps section: NixOS contributors can use direnv allow / nix develop
- nix/mcp-server.nix bundles mcp-server/index.js and ws-bridge.js via esbuild (reusing the existing tolaria-node-modules derivation), then installs wrapper scripts at bin/tolaria-mcp and bin/tolaria-mcp-bridge - Cross-platform: tolaria-mcp builds on every supported system (pure node, no native deps), so Darwin contributors can `nix run .#tolaria-mcp` too. tolaria (the desktop app) stays Linux-only. - Drops the isLinux gate on tolaria-node-modules since it's pure files
Crane now uses a buildToolchain without rustfmt or rust-analyzer, so nix build .#tolaria no longer waits on the IDE-only fenix substitutes. The devShell keeps the full toolchain.
cargo build --release doesn't need clippy, rustfmt, rust-analyzer, or rust-src — move them to the devShell toolchain only. Shrinks the .#tolaria build graph; the runtime closure was already clean.
- Add makeDesktopItem-generated club.refactoring.tolaria.desktop so launchers discover Tolaria after nix profile install / home-manager. - Install icons at five hicolor sizes (32-512) under apps/ matching the desktop file's Icon= name. - Drop the silent || true fallback for the icon install.
.#tolaria and .#default now ship the desktop app together with the tolaria-mcp stdio server and ws-bridge, so installing the app always provides the MCP binaries for Claude Desktop / Codex / Gemini configs. .#tolaria-mcp stays exposed for headless server installs.
- Install src-tauri/resources/{mcp-server,agent-docs} into
$out/share/tolaria/resources/ after the cargo build.
- Set RESOURCEPATH=$out/share/tolaria in the wrapper so
mcp::mcp_server_dir finds index.js + ws-bridge.js at runtime.
Fixes "mcp-server not found" when launching tolaria from nix profile
install / home-manager (exe-dir search never reached share/).
nixpkgs-fmt brings flake.nix in line with the formatter so `nix flake check` no longer fails on the treefmt derivation. Disable rustfmt + prettier in the treefmt programs set until a dedicated pass cleans up the existing markdown/yaml/rust files; `nix fmt` continues to format Nix sources.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this adds
Five user-facing capabilities, all opt-in — no existing source files modified.
For Linux end users — desktop app
Produces a wrapped binary with WebKitGTK 4.1, libsoup3, and the bundled MCP sidecar baked into the closure. Works on
x86_64-linuxandaarch64-linux. The runtime PATH includesxdg-utils,desktop-file-utils,git, andnodejs_24so the deep-link plugin's URI-scheme registration and the MCP ws-bridge sidecar both spawn correctly.For everyone — standalone MCP server
Cross-platform (Linux + macOS, x86_64/aarch64). Exposes the same 7 vault tools the desktop app's sidecar provides —
search_notes,get_vault_context,list_vaults,get_note,open_note,highlight_editor,refresh_vault— over stdio, ready to drop into a Claude Desktop / Codex / Gemini MCP config:{ "mcpServers": { "tolaria": { "command": "tolaria-mcp", "env": { "VAULT_PATH": "/home/you/Vault" } } } }A second binary
tolaria-mcp-bridgeexposes the WebSocket bridge (ports 9710/9711) for advanced users running the bridge standalone.For contributors
Per-OS dev shells on
x86_64-linux,aarch64-linux,aarch64-darwin. Pins Node 24, pnpm 11 (via corepack), the Rust toolchain (fenix),cargo-tauri, and on Linux the full WebKitGTK / libsoup3 / GTK3 / Wayland / X11 / fonts / themes stack.shellHooksetsGIO_MODULE_DIR,XDG_DATA_DIRS,WEBKIT_DISABLE_DMABUF_RENDERER=1, andGDK_BACKEND=wayland,x11sopnpm tauri devworks on both Wayland and X11 sessions without extra config.For distros and CI parity
Reproduces every output against pinned nixpkgs, honouring every
pnpm.overridesentry and all 5patchedDependenciesfrompackage.json.Commits
feat(flake)— flake.nix + nix/ modulesModern 2026 flake authoring:
flake.lockcargoArtifactscachingfetcherVersion = 3for the pnpm store (lockfileVersion 9)The Linux package output runs
pnpm build && pnpm bundle-mcp && pnpm agent-docs(mirroringtauri.conf.json'sbeforeBuildCommand) sodist/andsrc-tauri/resources/{mcp-server,agent-docs}/are populated before cargo runs, then builds with--features tauri/custom-protocolso the binary runs in production mode — Tauri'sis_dev()is gated on this cargo feature, not oncfg!(debug_assertions), so rawcargo build --releasealone isn't enough.A small Python helper (
nix/merge-pnpm-config.nix) mirrorspackage.json#pnpmintopnpm-workspace.yamlinside the sandbox only — pnpm 11's strict frozen-install reads workspace config frompnpm-workspace.yaml, while this repo keeps overrides + patched deps inpackage.json#pnpm. The project source is never modified.chore(direnv)— .envrc + .gitignore.envrcbootstraps nix-direnv 3.0.4 viause flake.gitignoreexcludesresult,result-*,.direnv/docs(readme)— README install + dev hintsnix run/nix profile installcommandsdirenv allowinstead of the distro packagesfeat(flake)— tolaria-mcp outputnix/mcp-server.nixbundlesmcp-server/index.js+ws-bridge.jswith esbuild (reusing the existingtolaria-node-modulesderivation) and installsbin/tolaria-mcp+bin/tolaria-mcp-bridgewrappers aroundnodetolaria-node-moduleslifted out of the Linux-only branch since it's just filesWhy Nix
Tauri 2 on Linux has a finicky native surface: WebKitGTK 4.1, libsoup3, GTK 3, GLib, Cairo, Pango, the GdkPixbuf loader set, openssl, the Wayland/X11 stacks, plus shell-outs to
xdg-mime,update-desktop-database, and a node runtime for the MCP sidecar. The README's per-distro apt/dnf/pacman lists drift, NixOS contributors can't follow them at all, end users on Linux have no easy install path between Homebrew (macOS only) and downloading raw binaries from releases, and MCP-server users want the vault tools usable outside the desktop app too. The flake closes all those gaps with a single declarative pin.CI continues to own AppImage / deb / dmg bundling — this PR does not replace that pipeline.
Scope and non-goals
.appbundles are out of scope.tolaria-mcpdoes build on Darwin since it's pure node.Verification
nix flake checkpassesnix developenters a working shell on Linux (pnpm tauri devworks inside it)nix build .#tolariaproducesbin/tolaria(~26 MB) with the MCP sidecar resources embeddednix run .#tolarialaunches the production webview fromtauri://localhostnix build .#tolaria-mcpproducesbin/tolaria-mcp+bin/tolaria-mcp-bridgenix run .#tolaria-mcpinitializes the stdio MCP server andtools/listreturns the full 7-tool specnix fmt --fail-on-changeis clean on all new Nix filesTest plan
nix developon NixOS — verify shell entry andpnpm tauri devnix build .#tolariafrom a clean checkout — confirms hash pins still resolvenix run .#tolaria— confirms the webview loads bundled UI (no "Could not connect to localhost")nix run .#tolaria-mcpregistered in a Claude Desktop / Codex / Gemini MCP config — confirms vault tools are reachable