diff --git a/.envrc b/.envrc index d4a471c..21f3aeb 100644 --- a/.envrc +++ b/.envrc @@ -1,5 +1,5 @@ -if ! has nix_direnv_version || ! nix_direnv_version 2.1.0; then - source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.1.0/direnvrc" "sha256-FAT2R9yYvVg516v3LiogjIc8YfsbWbMM/itqWsm5xTA=" +if ! has nix_direnv_version || ! nix_direnv_version 2.32.1; then + source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.32.1/direnvrc" "sha256-1VWM1BnI1GvclYBky5f5Y9HqeThmQUwCWQbsFQM1Eu0=" fi export DIRENV_WARN_TIMEOUT=5m diff --git a/.gitignore b/.gitignore index cdd60a0..8c8d374 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ result* .direnv +.pre-commit-config.yaml diff --git a/README.md b/README.md index 98f141f..573b8ec 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ based, and position-independent, meaning there is no moving around of `configuration.nix`. Deployment is done using [deploy-rs](https://github.com/serokell/deploy-rs), see [usage](#usage). -Secret are managed using [sops-nix](https://github.com/Mic92/sops-nix). +Secret are managed using [sops-nix](https://github.com/Mic92/sops-nix). For formatting [pre-commit-hooks](https://github.com/cachix/pre-commit-hooks.nix) is used. ## structure @@ -40,3 +40,4 @@ sops ./nixos/myHost/secrets.yaml - [Nix config by pborzenkov](https://github.com/pborzenkov/nix-config) - [Nix config by nyanloutre](https://gitea.nyanlout.re/nyanloutre/nixos-config) - [deploy-rs by disassembler](https://samleathers.com/posts/2022-02-03-my-new-network-and-deploy-rs.html) +- [pre-commit config](https://github.com/cachix/pre-commit-hooks.nix/blob/master/template/flake.nix) \ No newline at end of file diff --git a/flake.lock b/flake.lock index e74d180..d133797 100644 --- a/flake.lock +++ b/flake.lock @@ -59,16 +59,32 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1666885127, - "narHash": "sha256-uXA/3lhLhwOTBMn9a5zJODKqaRT+SuL5cpEmOz2ULoo=", + "lastModified": 1668450977, + "narHash": "sha256-cfLhMhnvXn6x1vPm+Jow3RiFAUSCw/l1utktCw5rVA4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0e101dbae756d35a376a5e1faea532608e4a4b9a", + "rev": "d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa", "type": "github" }, "original": { @@ -115,11 +131,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1667077288, - "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "owner": "numtide", "repo": "flake-utils", - "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "type": "github" }, "original": { @@ -128,6 +144,24 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "hugo-coder": { "flake": false, "locked": { @@ -167,11 +201,11 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1668102076, - "narHash": "sha256-xFamYc7KicL/KY9uKISOuCJOeoq/NG6AoeySzpZ83uc=", + "lastModified": 1669124475, + "narHash": "sha256-qFErq+UMyh6uwcwY3vUrz3pHm5VhodcEYd66icTAftk=", "owner": "NixOS", "repo": "nix", - "rev": "9550b1d51933a51fbb21563db0e3f53d0e8faea8", + "rev": "05d0892443bbe92a6b6a1ee7b1d37ea05782d918", "type": "github" }, "original": { @@ -182,11 +216,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1668084757, - "narHash": "sha256-/RRIVnNrg1EZkYMaPdQFuxCQ72LPWkVjvWEClR8FqvI=", + "lastModified": 1668973873, + "narHash": "sha256-DnTrRduUIRgsCBruvUXsaBw2G46JNq6/DtrM5R7VrRc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11a42a580de22355934ffd9235b81b64004a2e98", + "rev": "1108c1b8614017c8b52005054fd27a00e4feb51b", "type": "github" }, "original": { @@ -212,11 +246,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1667091951, - "narHash": "sha256-62sz0fn06Nq8OaeBYrYSR3Y6hUcp8/PC4dJ7HeGaOhU=", + "lastModified": 1668908668, + "narHash": "sha256-oimCE4rY7Btuo/VYmA8khIyTHSMV7qUWTpz9w8yc9LQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6440d13df2327d2db13d3b17e419784020b71d22", + "rev": "b68a6a27adb452879ab66c0eaac0c133e32823b2", "type": "github" }, "original": { @@ -296,13 +330,29 @@ "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-stable": { "locked": { - "lastModified": 1667991831, - "narHash": "sha256-DHgEsLZI044B9T4AjA3K6+yB9/DqLr4dyA7OIx0FG7o=", + "lastModified": 1668984258, + "narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "872fceeed60ae6b7766cc0a4cd5bf5901b9098ec", + "rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1668994630, + "narHash": "sha256-1lqx6HLyw6fMNX/hXrrETG1vMvZRGm2XVC9O/Jt0T6c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "af50806f7c6ab40df3e6b239099e8f8385f6c78b", "type": "github" }, "original": { @@ -329,11 +379,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1668016843, - "narHash": "sha256-ioBuF+IAhmJO7s4ewEij1LkMxJvCCNCKXxMto/DU02I=", + "lastModified": 1668984258, + "narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fa842715565307b7e05cdb187b08c05f16ed08f1", + "rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a", "type": "github" }, "original": { @@ -344,11 +394,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1667292599, - "narHash": "sha256-7ISOUI1aj6UKMPIL+wwthENL22L3+A9V+jS8Is3QsRo=", + "lastModified": 1632846328, + "narHash": "sha256-sFi6YtlGK30TBB9o6CW7LG9mYHkgtKeWbSLAjjrNTX0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ef2f213d9659a274985778bff4ca322f3ef3ac68", + "rev": "2b71ddd869ad592510553d09fe89c9709fa26b2b", "type": "github" }, "original": { @@ -364,27 +414,35 @@ ] }, "locked": { - "lastModified": 1667751909, - "narHash": "sha256-TMJ91x19M+mPtpcD2u9krW0yehlyF0OsY6OesIhs2BA=", - "type": "git", - "url": "file:///home/felix/code/python/passworts" + "lastModified": 1668189468, + "narHash": "sha256-xEPevT3svNP7r66bJBYdMC/jUvrzmEh7B8yT5x9jUzY=", + "owner": "Stunkymonkey", + "repo": "passworts", + "rev": "c52014af61677b579bded3f1414cfc8994ed4870", + "type": "github" }, "original": { - "type": "git", - "url": "file:///home/felix/code/python/passworts" + "owner": "Stunkymonkey", + "repo": "passworts", + "type": "github" } }, - "pre-commit-hooks": { + "pre-commit-hooks-nix": { "inputs": { + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_4" + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1667992213, - "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=", + "lastModified": 1669128466, + "narHash": "sha256-yADhlB9rpZLQxZaiWMFkVGix2HVIzRgKuGmM3w3xCpA=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b", + "rev": "0ee9516a0ce5db8529b967ccabb10d79d2bf5483", "type": "github" }, "original": { @@ -402,7 +460,7 @@ "nixpkgs": "nixpkgs_3", "nixpkgs-unstable": "nixpkgs-unstable", "passworts": "passworts", - "pre-commit-hooks": "pre-commit-hooks", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", "sops-nix": "sops-nix", "stunkymonkey": "stunkymonkey" } @@ -432,11 +490,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1667767301, - "narHash": "sha256-+UDtEkw6pZ+sqkC0Um5ocJ9kjvuu0qffSCbl+jAA8K8=", + "lastModified": 1668915833, + "narHash": "sha256-7VYPiDJZdGct8Nl3kKhg580XZfoRcViO+zUGPkfBsqM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4407353739ad74a3d9744cf2988ab10f3b83e288", + "rev": "f72e050c3ef148b1131a0d2df55385c045e4166b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 87805ae..66e368f 100644 --- a/flake.nix +++ b/flake.nix @@ -10,7 +10,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; + pre-commit-hooks-nix = { + url = "github:cachix/pre-commit-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixos-hardware.url = "github:NixOS/nixos-hardware"; @@ -27,26 +30,51 @@ }; passworts = { - #url = "github:Stunkymonkey/passworts"; - url = "/home/felix/code/python/passworts"; + url = "github:Stunkymonkey/passworts"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, flake-parts, deploy-rs, ... } @ inputs: + outputs = inputs@{ self, flake-parts, deploy-rs, ... }: flake-parts.lib.mkFlake { inherit self; } { + imports = [ ./nixos/configurations.nix #./nixos/images/default.nix - ./shell.nix + inputs.pre-commit-hooks-nix.flakeModule ]; + systems = [ "x86_64-linux" "aarch64-linux" ]; - perSystem = { inputs', ... }: { + + perSystem = { self', inputs', config, pkgs, ... }: { # make pkgs available to all `perSystem` functions _module.args.pkgs = inputs'.nixpkgs.legacyPackages; + + # enable pre-commit checks + pre-commit.settings = { + hooks = { + shellcheck.enable = true; + nixpkgs-fmt.enable = true; + }; + }; + + devShells.default = pkgs.mkShellNoCC { + nativeBuildInputs = [ + inputs'.sops-nix.packages.sops-import-keys-hook + inputs'.deploy-rs.packages.deploy-rs + pkgs.nixpkgs-fmt + pkgs.shellcheck + pkgs.pre-commit + ]; + shellHook = '' + ${config.pre-commit.installationScript} + ''; + }; }; + flake = { checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + deploy = import ./nixos/deploy.nix (inputs // { inherit inputs; }); diff --git a/nixos/configurations.nix b/nixos/configurations.nix index 6d9f4bf..9812089 100644 --- a/nixos/configurations.nix +++ b/nixos/configurations.nix @@ -6,7 +6,7 @@ let nixpkgs-unstable sops-nix nixos-hardware - #nix + passworts ; nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem; overlay-unstable = final: prev: { @@ -36,6 +36,7 @@ let documentation.info.enable = false; }) sops-nix.nixosModules.sops + passworts.nixosModules.passworts ]; } ../modules diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 8493c63..0000000 --- a/shell.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - perSystem = { inputs', pkgs, ... }: { - # Definitions like this are entirely equivalent to the ones - # you may have directly in flake.nix. - devShells.default = pkgs.mkShellNoCC { - nativeBuildInputs = [ - inputs'.sops-nix.packages.sops-import-keys-hook - inputs'.deploy-rs.packages.deploy-rs - pkgs.nixpkgs-fmt - ]; - }; - }; -}