diff --git a/.gitignore b/.gitignore index 250e145..2d32595 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,6 @@ .*.swp *.retry result -result-* \ No newline at end of file +result-* + +/.pre-commit-config.yaml diff --git a/flake.lock b/flake.lock index bfd4a8f..af24457 100644 --- a/flake.lock +++ b/flake.lock @@ -2,7 +2,9 @@ "nodes": { "flake-utils": { "inputs": { - "systems": "systems" + "systems": [ + "systems" + ] }, "locked": { "lastModified": 1701680307, @@ -38,6 +40,29 @@ "type": "github" } }, + "nix-pre-commit": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1653259102, + "narHash": "sha256-XfCEu4zur/N2Dk4v8wFiQAgJ7bgNqPqwWp1vBXkeczM=", + "owner": "jmgilman", + "repo": "nix-pre-commit", + "rev": "6a99b2711c7eac9960939d8eb91e84322b22d50c", + "type": "github" + }, + "original": { + "owner": "jmgilman", + "repo": "nix-pre-commit", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1703879120, @@ -110,11 +135,13 @@ "inputs": { "flake-utils": "flake-utils", "home-manager": "home-manager", + "nix-pre-commit": "nix-pre-commit", "nixos-hardware": "nixos-hardware", "nixos-modules": "nixos-modules", "nixpkgs": "nixpkgs", "patch-bitwarden-directory-connector": "patch-bitwarden-directory-connector", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "systems": "systems" } }, "sops-nix": { diff --git a/flake.nix b/flake.nix index dc0bf01..f76264d 100644 --- a/flake.nix +++ b/flake.nix @@ -3,11 +3,19 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - + patch-bitwarden-directory-connector.url = "github:Silver-Golden/nixpkgs/bitwarden-directory-connector_pkgs"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - flake-utils.url = "github:numtide/flake-utils"; + + flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; + + systems = { + url = "github:nix-systems/default"; + }; nixos-modules = { url = "github:SuperSandro2000/nixos-modules"; @@ -26,16 +34,48 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; + nix-pre-commit = { + url = "github:jmgilman/nix-pre-commit"; + inputs = { + nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; + }; + }; }; - outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, ... }@inputs: + outputs = { nixpkgs, nixos-modules, home-manager, sops-nix, nix-pre-commit, ... }@inputs: let inherit (nixpkgs) lib; src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.; ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}")); fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir); + + + config = { + repos = [ + { + repo = "local"; + hooks = [ + { + id = "nixpkgs-fmt"; + entry = "${nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt}/bin/nixpkgs-fmt"; + language = "system"; + files = "\\.nix"; + } + { + id = "nix-flake-check"; + entry = "nix flake check"; + language = "system"; + files = "\\.nix"; + pass_filenames = false; + } + ]; + } + ]; + }; in { + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; nixosConfigurations = let constructSystem = @@ -46,7 +86,7 @@ , }: lib.nixosSystem { inherit system lib; - + modules = [ { nixpkgs.overlays = [ @@ -108,7 +148,6 @@ ]; }; }; - devShell = lib.mapAttrs (system: sopsPkgs: with nixpkgs.legacyPackages.${system}; @@ -118,6 +157,9 @@ apacheHttpd sopsPkgs.sops-import-keys-hook ]; + shellHook = (nix-pre-commit.lib.${system}.mkConfig { + inherit pkgs config; + }).shellHook; } ) sops-nix.packages; diff --git a/modules/flake-update-service.nix b/modules/flake-update-service.nix new file mode 100644 index 0000000..e11c6f4 --- /dev/null +++ b/modules/flake-update-service.nix @@ -0,0 +1,64 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.autopull; +in +{ + options = { + services.autopull = { + enable = lib.mkEnableOption "autopull"; + name = lib.mkOption { + type = lib.types.str; + default = "dotfiles"; + description = "A name for the service which needs to be pulled"; + }; + path = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = "Path that needs to be updated via git pull"; + }; + frequency = lib.mkOption { + type = lib.types.str; + description = "systemd-timer compatible time between pulls"; + default = "1h"; + }; + ssh-key = lib.mkOption { + type = lib.types.str; + description = "ssh-key used to pull the repository"; + }; + triggersRebuild = lib.mkOption { + type = lib.types.bool; + default = false; + description = ''Whether or not the rebuild service should be triggered after pulling. Note that system.autoUpgrade must be pointed at the same directory as this service if you'd like to use this option.''; + }; + }; + }; + + # implementation + config = lib.mkIf (cfg.enable && !(builtins.isNull cfg.path)) { + systemd.services."autopull@${cfg.name}" = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "Pull the latest data for ${cfg.name}"; + serviceConfig = { + Type = "oneshot"; + # TODO: See how we can migrate this to DynamicUser=yes instead + User = "root"; + WorkingDirectory = cfg.path; + Environment = lib.mkIf (cfg.ssh-key != "") "GIT_SSH_COMMAND=${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes"; + ExecStart = "${pkgs.git}/bin/git pull --all"; + Before = "nixos-upgrade.service"; + Wants = "nixos-upgrade.service"; + }; + }; + systemd.timers."autopull@${cfg.name}" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = cfg.frequency; + OnUnitActiveSec = cfg.frequency; + Unit = "autopull@${cfg.name}.service"; + }; + }; + environment.systemPackages = [ pkgs.openssh pkgs.git ]; + }; +} diff --git a/systems/configuration.nix b/systems/configuration.nix index 4d4c681..2561d8d 100644 --- a/systems/configuration.nix +++ b/systems/configuration.nix @@ -85,6 +85,11 @@ ]; }; }; + autopull = { + enable = true; + path = /root/dotfiles; + ssh-key = "/root/.ssh/id_ed25519_ghdeploy"; + }; }; nixpkgs.config.allowUnfree = true;