From 4015daea0acc76d53f7bd4c749e63ee335985cac Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 19 May 2024 23:32:52 -0400 Subject: [PATCH] Full rewrite of devshell migrates pre-commit to cachix's pre-commit-hooks adds a ton of new hooks: - check-added-large-files - check-case-conflicts - check-json - check-merge-conflicts - detect-private-keys - fmt-check - nil - no-commit-to-branch - statix (disabled for now) migrates devshell to new devshells, set up modularly to have separate functionality for sops, pre-commit-hooks, and our custom packages Signed-off-by: ahuston-0 --- checks.nix | 39 ++++++++++++++++++++++++++++++ flake.lock | 63 +++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 69 ++++++++++++++++++++++++++---------------------------- shell.nix | 40 +++++++++++++++++++++++++++++++ 4 files changed, 175 insertions(+), 36 deletions(-) create mode 100644 checks.nix create mode 100644 shell.nix diff --git a/checks.nix b/checks.nix new file mode 100644 index 0000000..65cb936 --- /dev/null +++ b/checks.nix @@ -0,0 +1,39 @@ +{ + inputs, + forEachSystem, + formatter, + ... +}: +forEachSystem (system: { + pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + # nix checks + # Example custom hook for nix formatting: + fmt-check = { + enable = true; + + # The command to execute (mandatory): + entry = "${formatter.${system}}/bin/nixfmt --check"; + + # The pattern of files to run on (default: "" (all)) + # see also https://pre-commit.com/#hooks-files + files = "\\.nix$"; + }; + nil.enable = true; + statix.enable = false; + + # json hooks + check-json.enable = true; + + # git hooks + check-merge-conflicts.enable = true; + no-commit-to-branch.enable = true; + + # misc hooks + check-added-large-files.enable = true; + check-case-conflicts.enable = true; + detect-private-keys.enable = true; + }; + }; +}) diff --git a/flake.lock b/flake.lock index a2f9d1d..2ed4527 100644 --- a/flake.lock +++ b/flake.lock @@ -102,6 +102,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -176,6 +192,27 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -431,6 +468,31 @@ "type": "github" } }, + "pre-commit-hooks_2": { + "inputs": { + "flake-compat": "flake-compat_3", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1715870890, + "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "attic": "attic", @@ -445,6 +507,7 @@ "nixos-modules": "nixos-modules", "nixpkgs": "nixpkgs", "nixpkgs-stable": "nixpkgs-stable", + "pre-commit-hooks": "pre-commit-hooks_2", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", "systems": "systems", diff --git a/flake.nix b/flake.nix index 1f6eefb..3ce6767 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,14 @@ }; }; + pre-commit-hooks = { + url = "github:cachix/pre-commit-hooks.nix"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; + }; + }; + wired-notify = { url = "github:Toqozz/wired-notify"; inputs = { @@ -127,8 +135,6 @@ ... }@inputs: let - - inherit (self) outputs; systems = [ "x86_64-linux" "aarch64-linux" @@ -139,23 +145,6 @@ # gets the base path of the repo src = builtins.path { path = ./.; }; - config = { - repos = [ - { - repo = "local"; - hooks = [ - { - id = "nix fmt check"; - entry = "${outputs.formatter.x86_64-linux}/bin/nixfmt"; - args = [ "--check" ]; - language = "system"; - files = "\\.nix"; - } - ]; - } - ]; - }; - # adds our lib functions to lib namespace lib = nixpkgs.lib.extend ( self: super: @@ -166,7 +155,7 @@ ); inherit (lib.rad-dev.systems) genSystems; in - { + rec { inherit (self) outputs; # for hydra inherit lib; # for allowing use of custom functions in nix repl @@ -174,21 +163,29 @@ formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); nixosConfigurations = genSystems inputs src (src + "/systems"); - - devShell = lib.mapAttrs ( - system: sopsPkgs: - with nixpkgs.legacyPackages.${system}; - mkShell { - sopsPGPKeyDirs = [ "./keys" ]; - nativeBuildInputs = [ sopsPkgs.sops-import-keys-hook ]; - packages = [ - self.formatter.${system} - nixpkgs.legacyPackages.${system}.deadnix - nixpkgs.legacyPackages.${system}.treefmt - nixpkgs.legacyPackages.${system}.pre-commit - ]; - shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook; - } - ) sops-nix.packages; + checks = import ./checks.nix { inherit inputs forEachSystem formatter; }; + devShells = import ./shell.nix { + inherit + forEachSystem + nixpkgs + checks + sops-nix + ; + }; + # devShell = lib.mapAttrs ( + # system: sopsPkgs: + # with nixpkgs.legacyPackages.${system}; + # mkShell { + # sopsPGPKeyDirs = [ "./keys" ]; + # nativeBuildInputs = [ sopsPkgs.sops-import-keys-hook ]; + # packages = [ + # self.formatter.${system} + # nixpkgs.legacyPackages.${system}.deadnix + # nixpkgs.legacyPackages.${system}.treefmt + # nixpkgs.legacyPackages.${system}.pre-commit + # ]; + # shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook; + # } + # ) sops-nix.packages; }; } diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..e1d3a28 --- /dev/null +++ b/shell.nix @@ -0,0 +1,40 @@ +{ + forEachSystem, + nixpkgs, + checks, + sops-nix, + ... +}: + +forEachSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + pre-commit = pkgs.mkShell { + inherit (checks.${system}.pre-commit-check) shellHook; + buildInputs = checks.${system}.pre-commit-check.enabledPackages; + }; + sops = pkgs.mkShell { + sopsPGPKeyDirs = [ "./keys" ]; + packages = [ + pkgs.sops + sops-nix.packages.${system}.sops-import-keys-hook + ]; + }; + rad-dev = pkgs.mkShell { + packages = with pkgs; [ + deadnix + pre-commit + ]; + }; + in + { + default = pkgs.mkShell { + inputsFrom = [ + pre-commit + rad-dev + sops + ]; + }; + } +)