Initialize flake.nix (#14)

Closes #13 
Closes #16 

Adds all necessary infrastructure code for development, testing and building allegra packages.

Allows allegra packages and checks to be built by MacOS machines, assuming they have `nix-darwin` installed to forward tasks on to a `linux-builder`.

Ignores tests that require sudo privilages or users to provide a disk image.
Ref #18 #19

Author: eureka-cpu

.github/workflows/flake.yml

@@ -0,0 +1,53 @@
+name: Nix Flake Checks
+on:
+  pull_request:
+    branches:
+      - main
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions: read-all
+
+jobs:
+  # Contains checks for not only nix flake errors but also the rust derivations
+  # built by the flake, e.g. cargo fmt, cargo deny check, cargo audit, etc.
+  #
+  # This can be extended, and these checks and their tools are available locally.
+  nix-flake-check:
+    name: Nix Flake Check
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: "write"
+      contents: "read"
+    steps:
+      - name: Free Disk Space (Ubuntu)
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: true
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - uses: DeterminateSystems/flake-checker-action@main
+      - run: nix flake check --keep-going -L
+
+  nix-flake-devShell-check:
+    name: Nix devShell Check
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: "write"
+      contents: "read"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - run: nix develop
+
+  nix-flake-fmt-check:
+    name: Nix Format Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - run: nix fmt --accept-flake-config -- --check .

.gitignore

@@ -6,3 +6,4 @@ logs
 .images
 .GLUSTER-SETUP.md
 .INSTANCE-LAUNCH.md
+result*

Cargo.toml

@@ -2,6 +2,7 @@
 name = "allegra"
 version = "0.1.0"
 edition = "2021"
+publish = false
 
 [profile.release]
 opt-level = 3

deny.toml

@@ -0,0 +1,36 @@
+[bans]
+multiple-versions = 'allow'
+
+[licenses]
+private = { ignore = true }
+allow = [
+  "Apache-2.0",
+  "BSD-3-Clause",
+  "CC0-1.0",
+  "ISC",
+  "MIT",
+  "OpenSSL",
+  "Unicode-DFS-2016",
+  "Unlicense",
+  "0BSD",
+]
+
+# Copied from https://github.com/EmbarkStudios/cargo-deny/blob/6344cc566621410a0865632b4ef0e82a20408676/deny.toml#L63
+[[licenses.clarify]]
+crate = "ring"
+# SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
+# https://spdx.org/licenses/OpenSSL.html
+# ISC - Both BoringSSL and ring use this for their new files
+# MIT - "Files in third_party/ have their own licenses, as described therein. The MIT
+# license, for third_party/fiat, which, unlike other third_party directories, is
+# compiled into non-test libraries, is included below."
+# OpenSSL - Obviously
+expression = "ISC AND MIT AND OpenSSL"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
+[advisories]
+version = 2
+ignore = [
+  { id = "RUSTSEC-2021-0141", reason = "may be valid, more research is necessary." },
+  { id = "RUSTSEC-2021-0127", reason = "may be valid, more research is necessary." },
+]