Full rewrite of devshell

migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-05-19 23:32:52 -04:00 · 2024-05-19 23:32:52 -04:00 · 4015daea0a
commit 4015daea0a
parent db7aeb7f03
4 changed files with 175 additions and 36 deletions
--- a/checks.nix
+++ b/checks.nix
@ -0,0 +1,39 @@
+{
+  inputs,
+  forEachSystem,
+  formatter,
+  ...
+}:
+forEachSystem (system: {
+  pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
+    src = ./.;
+    hooks = {
+      # nix checks
+      # Example custom hook for nix formatting:
+      fmt-check = {
+        enable = true;
+
+        # The command to execute (mandatory):
+        entry = "${formatter.${system}}/bin/nixfmt --check";
+
+        # The pattern of files to run on (default: "" (all))
+        # see also https://pre-commit.com/#hooks-files
+        files = "\\.nix$";
+      };
+      nil.enable = true;
+      statix.enable = false;
+
+      # json hooks
+      check-json.enable = true;
+
+      # git hooks
+      check-merge-conflicts.enable = true;
+      no-commit-to-branch.enable = true;
+
+      # misc hooks
+      check-added-large-files.enable = true;
+      check-case-conflicts.enable = true;
+      detect-private-keys.enable = true;
+    };
+  };
+})
--- a/flake.lock
+++ b/flake.lock
@ -102,6 +102,22 @@
        "type": "github"
      }
    },
+    "flake-compat_3": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@ -176,6 +192,27 @@
        "type": "github"
      }
    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -431,6 +468,31 @@
        "type": "github"
      }
    },
+    "pre-commit-hooks_2": {
+      "inputs": {
+        "flake-compat": "flake-compat_3",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1715870890,
+        "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "attic": "attic",
@ -445,6 +507,7 @@
        "nixos-modules": "nixos-modules",
        "nixpkgs": "nixpkgs",
        "nixpkgs-stable": "nixpkgs-stable",
+        "pre-commit-hooks": "pre-commit-hooks_2",
        "rust-overlay": "rust-overlay",
        "sops-nix": "sops-nix",
        "systems": "systems",
--- a/flake.nix
+++ b/flake.nix
@ -78,6 +78,14 @@
        };
      };

+      pre-commit-hooks = {
+        url = "github:cachix/pre-commit-hooks.nix";
+        inputs = {
+          nixpkgs.follows = "nixpkgs";
+          nixpkgs-stable.follows = "nixpkgs-stable";
+        };
+      };
+
      wired-notify = {
        url = "github:Toqozz/wired-notify";
        inputs = {
@ -127,8 +135,6 @@
      ...
    }@inputs:
    let
-
-      inherit (self) outputs;
      systems = [
        "x86_64-linux"
        "aarch64-linux"
@ -139,23 +145,6 @@
      # gets the base path of the repo
      src = builtins.path { path = ./.; };

-      config = {
-        repos = [
-          {
-            repo = "local";
-            hooks = [
-              {
-                id = "nix fmt check";
-                entry = "${outputs.formatter.x86_64-linux}/bin/nixfmt";
-                args = [ "--check" ];
-                language = "system";
-                files = "\\.nix";
-              }
-            ];
-          }
-        ];
-      };
-
      # adds our lib functions to lib namespace
      lib = nixpkgs.lib.extend (
        self: super:
@ -166,7 +155,7 @@
      );
      inherit (lib.rad-dev.systems) genSystems;
    in
-    {
+    rec {
      inherit (self) outputs; # for hydra
      inherit lib; # for allowing use of custom functions in nix repl

@ -174,21 +163,29 @@
      formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);

      nixosConfigurations = genSystems inputs src (src + "/systems");
-
-      devShell = lib.mapAttrs (
-        system: sopsPkgs:
-        with nixpkgs.legacyPackages.${system};
-        mkShell {
-          sopsPGPKeyDirs = [ "./keys" ];
-          nativeBuildInputs = [ sopsPkgs.sops-import-keys-hook ];
-          packages = [
-            self.formatter.${system}
-            nixpkgs.legacyPackages.${system}.deadnix
-            nixpkgs.legacyPackages.${system}.treefmt
-            nixpkgs.legacyPackages.${system}.pre-commit
-          ];
-          shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook;
-        }
-      ) sops-nix.packages;
+      checks = import ./checks.nix { inherit inputs forEachSystem formatter; };
+      devShells = import ./shell.nix {
+        inherit
+          forEachSystem
+          nixpkgs
+          checks
+          sops-nix
+          ;
+      };
+      # devShell = lib.mapAttrs (
+      #   system: sopsPkgs:
+      #   with nixpkgs.legacyPackages.${system};
+      #   mkShell {
+      #     sopsPGPKeyDirs = [ "./keys" ];
+      #     nativeBuildInputs = [ sopsPkgs.sops-import-keys-hook ];
+      #     packages = [
+      #       self.formatter.${system}
+      #       nixpkgs.legacyPackages.${system}.deadnix
+      #       nixpkgs.legacyPackages.${system}.treefmt
+      #       nixpkgs.legacyPackages.${system}.pre-commit
+      #     ];
+      #     shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook;
+      #   }
+      # ) sops-nix.packages;
    };
 }
--- a/shell.nix
+++ b/shell.nix
@ -0,0 +1,40 @@
+{
+  forEachSystem,
+  nixpkgs,
+  checks,
+  sops-nix,
+  ...
+}:
+
+forEachSystem (
+  system:
+  let
+    pkgs = nixpkgs.legacyPackages.${system};
+    pre-commit = pkgs.mkShell {
+      inherit (checks.${system}.pre-commit-check) shellHook;
+      buildInputs = checks.${system}.pre-commit-check.enabledPackages;
+    };
+    sops = pkgs.mkShell {
+      sopsPGPKeyDirs = [ "./keys" ];
+      packages = [
+        pkgs.sops
+        sops-nix.packages.${system}.sops-import-keys-hook
+      ];
+    };
+    rad-dev = pkgs.mkShell {
+      packages = with pkgs; [
+        deadnix
+        pre-commit
+      ];
+    };
+  in
+  {
+    default = pkgs.mkShell {
+      inputsFrom = [
+        pre-commit
+        rad-dev
+        sops
+      ];
+    };
+  }
+)