Add NiFi spec.

specs/airflow/runner

@@ -14,11 +14,11 @@ shopt -s dotglob
 
 # Create a new top-level directory as fallback in case $BUILD (defined below)
 # is ever empty.
-mkdir -p "/tmp/bs.postgres"
+mkdir -p "/tmp/bs.airflow"
 
 # Create an intermediate build directory. The final step of this script will
 # copy the content from this directory to $OUT.
-BUILD=$(mktemp -d -p "/tmp/bs.postgres")
+BUILD=$(mktemp -d -p "/tmp/bs.airflow")
 
 if [ -z "$BUILD" ]; then
   >&2 echo "Failed to create temp directory."
@@ -30,7 +30,7 @@ fi
 # to ensure we never evaluate to root (i.e. `/`). That should never actually
 # happen but a good habit to establish nonetheless.
 function cleanup {
-  rm -r "/tmp/bs.postgres/$(basename "$BUILD")"
+  rm -r "/tmp/bs.airflow/$(basename "$BUILD")"
 }
 
 trap cleanup EXIT

specs/nifi/runner

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+# Exit immediately if the script encounters a non-zero status.
+set -e
+
+# If set, Bash includes filenames beginning with a `.` in the results of
+# filename expansion. The filenames `.` and `..` must always be matched
+# explicitly, even if dotglob is set.
+shopt -s dotglob
+
+# ============================================================
+# PROLOGUE
+# ============================================================
+
+# Create a new top-level directory as fallback in case $BUILD (defined below)
+# is ever empty.
+mkdir -p "/tmp/bs.nifi"
+
+# Create an intermediate build directory. The final step of this script will
+# copy the content from this directory to $OUT.
+BUILD=$(mktemp -d -p "/tmp/bs.nifi")
+
+if [ -z "$BUILD" ]; then
+  >&2 echo "Failed to create temp directory."
+  exit 1
+fi
+
+# Deletes the intermediate build directory on exit. We use a concatenation of
+# the intermediate directory with the basename of the generated temp directory
+# to ensure we never evaluate to root (i.e. `/`). That should never actually
+# happen but a good habit to establish nonetheless.
+function cleanup {
+  rm -r "/tmp/bs.nifi/$(basename "$BUILD")"
+}
+
+trap cleanup EXIT
+
+# ============================================================
+# BUILD
+# ============================================================
+
+# Copy template contents over to the intermediate build directory.
+cp -r template/* "$BUILD"
+
+# Explicitly set permissions on all copied files.
+find "$BUILD" -type f -execdir chmod 644 {} +
+
+# ============================================================
+# EPILOGUE
+# ============================================================
+
+# Success! Copy contents to target directory.
+cp -a "$BUILD"/* "$OUT"

specs/nifi/template/.envrc

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+use flake

specs/nifi/template/.gitignore

@@ -0,0 +1,5 @@
+# Directory used by `direnv` to hold `use flake`-generated profiles.
+/.direnv/
+
+# A symlink produced by default when running `nix build`.
+/result

specs/nifi/template/README.md

@@ -0,0 +1,22 @@
+# NiFi Dev Shell
+
+This is a small flake template for experimenting with [Apache NiFi](https://nifi.apache.org/)
+(version 1.19.0). [direnv](https://direnv.net/) can be used to a launch a dev
+shell upon entering this directory (refer to `.envrc`). Otherwise run via:
+```bash
+$ nix develop
+```
+On account of hard-coded relative paths and expectations around file
+permissions, NiFi is not very Nix-friendly. Instead of making NiFi directly
+accessible from the shell, we instead use Nix to create a docker image that
+can then be used to boot NiFi. Do so by running:
+```bash
+$ nix build
+$ docker load < result
+$ docker run -p 8443:8443 nifi:1.19.0
+```
+Once running, open `https://localhost:8443/nifi` (notice use of the `https`
+scheme). You can find your login credentials using:
+```bash
+$ docker exec -it <container-id> grep Generated /opt/nifi/nifi-current/logs/nifi-app.log
+```

specs/nifi/template/flake.lock

@@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1705677747,
+        "narHash": "sha256-eyM3okYtMgYDgmYukoUzrmuoY4xl4FUujnsv/P6I/zI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "bbe7d8f876fbbe7c959c90ba2ae2852220573261",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

specs/nifi/template/flake.nix

@@ -0,0 +1,38 @@
+{
+  description = "A playground for NiFi.";
+
+  inputs = {
+    flake-utils.url = "github:numtide/flake-utils";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, ... }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+
+      in
+      {
+        packages = {
+          image = pkgs.dockerTools.pullImage {
+            imageName = "apache/nifi";
+            imageDigest = "sha256:8819e20e3e02484fe765790b28b4a5e8c043f50c341a1778956073149774ebd1";
+            finalImageName = "nifi";
+            finalImageTag = "1.19.0";
+            # docker save image -o <output>
+            # nix hash --base64 --type sha256 <output>
+            sha256 = "sha256-BmRUHDhRpRief5oxjlxYgnBn9oPmiXKs2ojyV3sm4M0=";
+            # docker manifest inspect apache/nifi:1.19.0
+            os = "linux";
+            arch = "amd64";
+          };
+
+          default = self.packages.${system}.image;
+        };
+
+        devShells.default = pkgs.mkShell {
+          # docker run -p 8443:8443 nifi:1.19.0
+          packages = [ pkgs.docker ];
+        };
+      });
+}