move to flakes with configurations for each device

.envrc

@@ -1,5 +1,5 @@
-if ! has nix_direnv_version || ! nix_direnv_version 2.1.0; then
-  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.1.0/direnvrc" "sha256-FAT2R9yYvVg516v3LiogjIc8YfsbWbMM/itqWsm5xTA="
+if ! has nix_direnv_version || ! nix_direnv_version 2.32.1; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.32.1/direnvrc" "sha256-1VWM1BnI1GvclYBky5f5Y9HqeThmQUwCWQbsFQM1Eu0="
 fi
 
 export DIRENV_WARN_TIMEOUT=5m

.gitignore

@@ -1,2 +1,3 @@
 result*
 .direnv
+.pre-commit-config.yaml

README.md

@@ -5,7 +5,7 @@ based, and position-independent, meaning there is no moving around of
 `configuration.nix`.
 
 Deployment is done using [deploy-rs](https://github.com/serokell/deploy-rs), see [usage](#usage).
-Secret are managed using [sops-nix](https://github.com/Mic92/sops-nix).
+Secret are managed using [sops-nix](https://github.com/Mic92/sops-nix). For formatting [pre-commit-hooks](https://github.com/cachix/pre-commit-hooks.nix) is used.
 
 ## structure
 
@@ -40,3 +40,4 @@ sops ./nixos/myHost/secrets.yaml
 - [Nix config by pborzenkov](https://github.com/pborzenkov/nix-config)
 - [Nix config by nyanloutre](https://gitea.nyanlout.re/nyanloutre/nixos-config)
 - [deploy-rs by disassembler](https://samleathers.com/posts/2022-02-03-my-new-network-and-deploy-rs.html)
+- [pre-commit config](https://github.com/cachix/pre-commit-hooks.nix/blob/master/template/flake.nix)

flake.lock

@@ -59,16 +59,32 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1666885127,
-        "narHash": "sha256-uXA/3lhLhwOTBMn9a5zJODKqaRT+SuL5cpEmOz2ULoo=",
+        "lastModified": 1668450977,
+        "narHash": "sha256-cfLhMhnvXn6x1vPm+Jow3RiFAUSCw/l1utktCw5rVA4=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "0e101dbae756d35a376a5e1faea532608e4a4b9a",
+        "rev": "d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa",
         "type": "github"
       },
       "original": {
@@ -115,11 +131,11 @@
     },
     "flake-utils": {
       "locked": {
-        "lastModified": 1667077288,
-        "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
         "type": "github"
       },
       "original": {
@@ -128,6 +144,24 @@
         "type": "github"
       }
     },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "hugo-coder": {
       "flake": false,
       "locked": {
@@ -167,11 +201,11 @@
         "nixpkgs-regression": "nixpkgs-regression"
       },
       "locked": {
-        "lastModified": 1668102076,
-        "narHash": "sha256-xFamYc7KicL/KY9uKISOuCJOeoq/NG6AoeySzpZ83uc=",
+        "lastModified": 1669124475,
+        "narHash": "sha256-qFErq+UMyh6uwcwY3vUrz3pHm5VhodcEYd66icTAftk=",
         "owner": "NixOS",
         "repo": "nix",
-        "rev": "9550b1d51933a51fbb21563db0e3f53d0e8faea8",
+        "rev": "05d0892443bbe92a6b6a1ee7b1d37ea05782d918",
         "type": "github"
       },
       "original": {
@@ -182,11 +216,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1668084757,
-        "narHash": "sha256-/RRIVnNrg1EZkYMaPdQFuxCQ72LPWkVjvWEClR8FqvI=",
+        "lastModified": 1668973873,
+        "narHash": "sha256-DnTrRduUIRgsCBruvUXsaBw2G46JNq6/DtrM5R7VrRc=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "11a42a580de22355934ffd9235b81b64004a2e98",
+        "rev": "1108c1b8614017c8b52005054fd27a00e4feb51b",
         "type": "github"
       },
       "original": {
@@ -212,11 +246,11 @@
     },
     "nixpkgs-22_05": {
       "locked": {
-        "lastModified": 1667091951,
-        "narHash": "sha256-62sz0fn06Nq8OaeBYrYSR3Y6hUcp8/PC4dJ7HeGaOhU=",
+        "lastModified": 1668908668,
+        "narHash": "sha256-oimCE4rY7Btuo/VYmA8khIyTHSMV7qUWTpz9w8yc9LQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6440d13df2327d2db13d3b17e419784020b71d22",
+        "rev": "b68a6a27adb452879ab66c0eaac0c133e32823b2",
         "type": "github"
       },
       "original": {
@@ -296,13 +330,29 @@
         "type": "github"
       }
     },
-    "nixpkgs-unstable": {
+    "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1667991831,
-        "narHash": "sha256-DHgEsLZI044B9T4AjA3K6+yB9/DqLr4dyA7OIx0FG7o=",
+        "lastModified": 1668984258,
+        "narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "872fceeed60ae6b7766cc0a4cd5bf5901b9098ec",
+        "rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-22.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1668994630,
+        "narHash": "sha256-1lqx6HLyw6fMNX/hXrrETG1vMvZRGm2XVC9O/Jt0T6c=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "af50806f7c6ab40df3e6b239099e8f8385f6c78b",
         "type": "github"
       },
       "original": {
@@ -329,11 +379,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1668016843,
-        "narHash": "sha256-ioBuF+IAhmJO7s4ewEij1LkMxJvCCNCKXxMto/DU02I=",
+        "lastModified": 1668984258,
+        "narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "fa842715565307b7e05cdb187b08c05f16ed08f1",
+        "rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a",
         "type": "github"
       },
       "original": {
@@ -344,11 +394,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1667292599,
-        "narHash": "sha256-7ISOUI1aj6UKMPIL+wwthENL22L3+A9V+jS8Is3QsRo=",
+        "lastModified": 1632846328,
+        "narHash": "sha256-sFi6YtlGK30TBB9o6CW7LG9mYHkgtKeWbSLAjjrNTX0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ef2f213d9659a274985778bff4ca322f3ef3ac68",
+        "rev": "2b71ddd869ad592510553d09fe89c9709fa26b2b",
         "type": "github"
       },
       "original": {
@@ -364,27 +414,35 @@
         ]
       },
       "locked": {
-        "lastModified": 1667751909,
-        "narHash": "sha256-TMJ91x19M+mPtpcD2u9krW0yehlyF0OsY6OesIhs2BA=",
-        "type": "git",
-        "url": "file:///home/felix/code/python/passworts"
+        "lastModified": 1668189468,
+        "narHash": "sha256-xEPevT3svNP7r66bJBYdMC/jUvrzmEh7B8yT5x9jUzY=",
+        "owner": "Stunkymonkey",
+        "repo": "passworts",
+        "rev": "c52014af61677b579bded3f1414cfc8994ed4870",
+        "type": "github"
       },
       "original": {
-        "type": "git",
-        "url": "file:///home/felix/code/python/passworts"
+        "owner": "Stunkymonkey",
+        "repo": "passworts",
+        "type": "github"
       }
     },
-    "pre-commit-hooks": {
+    "pre-commit-hooks-nix": {
       "inputs": {
+        "flake-compat": "flake-compat_2",
         "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_4"
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1667992213,
-        "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=",
+        "lastModified": 1669128466,
+        "narHash": "sha256-yADhlB9rpZLQxZaiWMFkVGix2HVIzRgKuGmM3w3xCpA=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b",
+        "rev": "0ee9516a0ce5db8529b967ccabb10d79d2bf5483",
         "type": "github"
       },
       "original": {
@@ -402,7 +460,7 @@
         "nixpkgs": "nixpkgs_3",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "passworts": "passworts",
-        "pre-commit-hooks": "pre-commit-hooks",
+        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
         "sops-nix": "sops-nix",
         "stunkymonkey": "stunkymonkey"
       }
@@ -432,11 +490,11 @@
         "nixpkgs-22_05": "nixpkgs-22_05"
       },
       "locked": {
-        "lastModified": 1667767301,
-        "narHash": "sha256-+UDtEkw6pZ+sqkC0Um5ocJ9kjvuu0qffSCbl+jAA8K8=",
+        "lastModified": 1668915833,
+        "narHash": "sha256-7VYPiDJZdGct8Nl3kKhg580XZfoRcViO+zUGPkfBsqM=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "4407353739ad74a3d9744cf2988ab10f3b83e288",
+        "rev": "f72e050c3ef148b1131a0d2df55385c045e4166b",
         "type": "github"
       },
       "original": {

flake.nix

@@ -10,7 +10,10 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
+    pre-commit-hooks-nix = {
+      url = "github:cachix/pre-commit-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
 
     nixos-hardware.url = "github:NixOS/nixos-hardware";
 
@@ -27,26 +30,51 @@
     };
 
     passworts = {
-      #url = "github:Stunkymonkey/passworts";
-      url = "/home/felix/code/python/passworts";
+      url = "github:Stunkymonkey/passworts";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
-  outputs = { self, flake-parts, deploy-rs, ... } @ inputs:
+  outputs = inputs@{ self, flake-parts, deploy-rs, ... }:
     flake-parts.lib.mkFlake { inherit self; } {
+
       imports = [
         ./nixos/configurations.nix
         #./nixos/images/default.nix
-        ./shell.nix
+        inputs.pre-commit-hooks-nix.flakeModule
       ];
+
       systems = [ "x86_64-linux" "aarch64-linux" ];
-      perSystem = { inputs', ... }: {
+
+      perSystem = { self', inputs', config, pkgs, ... }: {
         # make pkgs available to all `perSystem` functions
         _module.args.pkgs = inputs'.nixpkgs.legacyPackages;
+
+        # enable pre-commit checks
+        pre-commit.settings = {
+          hooks = {
+            shellcheck.enable = true;
+            nixpkgs-fmt.enable = true;
+          };
+        };
+
+        devShells.default = pkgs.mkShellNoCC {
+          nativeBuildInputs = [
+            inputs'.sops-nix.packages.sops-import-keys-hook
+            inputs'.deploy-rs.packages.deploy-rs
+            pkgs.nixpkgs-fmt
+            pkgs.shellcheck
+            pkgs.pre-commit
+          ];
+          shellHook = ''
+            ${config.pre-commit.installationScript}
+          '';
+        };
       };
+
       flake = {
         checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+
         deploy = import ./nixos/deploy.nix (inputs // {
           inherit inputs;
         });

nixos/configurations.nix

@@ -6,7 +6,7 @@ let
     nixpkgs-unstable
     sops-nix
     nixos-hardware
-    #nix
+    passworts
     ;
   nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
   overlay-unstable = final: prev: {
@@ -36,6 +36,7 @@ let
           documentation.info.enable = false;
         })
         sops-nix.nixosModules.sops
+        passworts.nixosModules.passworts
       ];
     }
     ../modules

shell.nix

@@ -1,13 +0,0 @@
-{
-  perSystem = { inputs', pkgs, ... }: {
-    # Definitions like this are entirely equivalent to the ones
-    # you may have directly in flake.nix.
-    devShells.default = pkgs.mkShellNoCC {
-      nativeBuildInputs = [
-        inputs'.sops-nix.packages.sops-import-keys-hook
-        inputs'.deploy-rs.packages.deploy-rs
-        pkgs.nixpkgs-fmt
-      ];
-    };
-  };
-}