{ pkgs }:
let
  registriesConf = pkgs.writeText "registries.conf" ''
    [registries.search]
    registries = ['docker.io']
    [registries.block]
    registries = []
  '';
  storageConf = pkgs.writeText "storage.conf" ''
    [storage]
    driver = "overlay"
    # rootless_storage_path="$XDG_DATA_HOME/containers/storage"
  '';
in pkgs.writeShellScript "podman-setup" ''
  # Dont overwrite customised configuration
  if ! test -f ~/.config/containers/policy.json; then
    echo "Installing missing ~/.config/containers/policy.json"
    install -Dm644 ${pkgs.skopeo.src}/default-policy.json ~/.config/containers/policy.json
  fi
  if ! test -f ~/.config/containers/registries.conf; then
    echo "Installing missing ~/.config/containers/registries.conf"
    install -Dm644 ${registriesConf} ~/.config/containers/registries.conf
  fi
  if ! test -f ~/.config/containers/storage.conf; then
    echo "Installing missing ~/.config/containers/storage.conf"
    install -Dm644 ${storageConf} ~/.config/containers/storage.conf
  fi
  if ! grep -q "^''${USER}:" /etc/subuid; then
    echo "No subuid range defined for user, consider running 'sudo usermod --add-subuids 10000-75535 ''${USER}' to allow rootless podman to work"
  fi
''

# This file looks very similar to what official packages in nixpkgs look like

  # Our package name

  # Where the source code lives

  nativeBuildInputs = [
    cmake
  ];

  # Since we include CMake, Nix will automatically do all the right things:
  # We don't need a custom 'buildPhase' or 'installPhase' anymore.
  nativeBuildInputs = [ cmake ];

  buildInputs = [
    curl.dev
  ];

  buildInputs = [ curl.dev ];
  # Strict separation of
  #   nativeBuildInputs (needed at build time only) and
  #   buildInputs (needed at runtime as well)
  strictDeps = true;

# This is a Nix flake
# It is written in the Nix expression language

  # nixpkgs is the package repository for the Nix package manager

    # flake-utils is a utility library to work with flakes (duh)

    # This creates packages for multiple system types

        # In this simple example we choose to build for "x86_64-linux" only

        # We import nixpkgs for each particular 'system', and inject
        # wttr-delft into the package set using an overlay.

          ];
        };
        # Docker image containing only wttr-delft
        wttr-delft-container = pkgs.dockerTools.buildLayeredImage {
          name = "wttr-delft";
          tag = "nix";
          # created = "now";
          contents = [
            pkgs.wttr-delft
          ];
          config = {
            Cmd = [
              "${pkgs.wttr-delft}/bin/wttr-delft"
            ];
            # Needed for curl to work
            Env = [
              "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
            ];
          };
        };
        # Development shell for interacting with containers
        # Based on https://gist.github.com/adisbladis/187204cb772800489ee3dac4acdd9947
        podman-devshell = let
          # Provides a script that copies/creates files that are required for rootless podman
          podmanSetupScript = import ./podman-setup-script.nix { inherit pkgs; };
          # Provides a fake "docker" binary mapping to podman
          dockerCompat = pkgs.runCommandNoCC "docker-podman-compat" {} ''
            mkdir -p $out/bin
            ln -s ${pkgs.podman}/bin/podman $out/bin/docker
          '';
        in pkgs.mkShell {
          name = "podman";
          buildInputs = with pkgs; [
            podman          # Manage pods, containers and images
            runc            # Container runtime
            conmon          # Container runtime monitor
            skopeo          # Interact with container registry
            slirp4netns     # User-mode networking for unprivileged namespaces
            fuse-overlayfs  # CoW for images, much faster than default vfs
            dockerCompat    # Aliases for docker / podman

          shellHook = ''
            # Install configuration required for rootless podman
            ${podmanSetupScript}
          '';

        # These are the flake outputs, i.e. what we can consume

          packages = {
            default = pkgs.wttr-delft;
            # static = pkgs.pkgsCross.musl64.pkgsStatic.wttr-delft;
            container = wttr-delft-container;
          };
          devShells = {
            default = pkgs.wttr-delft;
            podman = podman-devshell;
          };

          packages.default = pkgs.wttr-delft;

#!/usr/bin/env bash
# shellcheck disable=SC1010,SC2288
set -Eeuo pipefail
dir="$(dirname "${BASH_SOURCE[0]}")"
source "${dir}/../libdemo/libdemo.sh"
h Adding CMake
n The more we offload to \'classic\' tools, the easier it is to also build without Nix.
, This makes it an easier sell to use in most cases\; other people are not forced to use it.
, Packaging in this way and making use of the sandboxed Nix build process can hepl find missing dependencies etc.
x pygmentize "${dir}/../src/CMakeLists.txt"
n If we add a proper build system like CMake, the Nix part of building a package gets even easier.
x pygmentize "${dir}/wttr-delft.nix"
x nix build "${dir}" -L
# x nix build "${dir}" -L --rebuild
h Checking out the closure
n The \'closure\' is the full set of all the \(runtime\) dependencies:
x nix path-info -sSrh ./result
h Cross-compilation
, We can very easily set up cross-compilation.
, We use the \'flake-utils\' library to abstract away some of the complications in the flake:
x pygmentize "${dir}/flake.nix"
, If we take a look at what the flake provides:
x nix flake show "${dir}"
h The previous build was for x86_64-linux by default because that is our current system:
x file ./result/bin/wttr-delft
h But we can easily build for aarch64-linux \(e.g. for Raspberry Pi\):
x nix build "${dir}#packages.aarch64-linux.default" -L
x file ./result/bin/wttr-delft
n If you use NixOS it\'s also very simple to set up binfmt to still be able to run the binary!