Flake environment with pre-commit hook; CI to enforce them. ()

Reviewed-on: 
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
This commit is contained in:
Nicolas Jeannerod 2024-11-14 17:51:15 +01:00
commit 7ac8ec85cc
14 changed files with 239 additions and 57 deletions

16
.forgejo/workflow/ci.yaml Normal file
View file

@ -0,0 +1,16 @@
on:
pull_request:
types:
- opened
- synchronize
- reopened
push:
branches:
- main
jobs:
check-pre-commit:
runs-on: native
steps:
- uses: actions/checkout@v4
- run: nix build .#checks.x86_64-linux.pre-commit -L

14
.gitignore vendored
View file

@ -1,3 +1,15 @@
.DS_Store
.idea
*.log
tmp/
*.iso
.proxmox
/.pre-commit-config.yaml
nixos.qcow2
.envrc
.direnv
result
result*
.nixos-test-history
*screenshot.png
output
todo

View file

@ -1,8 +0,0 @@
.DS_Store
.idea
*.log
tmp/
*.iso
result
.proxmox
.pre-commit-config.yaml

149
flake.lock Normal file
View file

@ -0,0 +1,149 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1730814269,
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1730958623,
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f7e662eda4fa3a995556527c87b2524b691933",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1727672256,
"narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1719f27dd95fd4206afb9cec9f415b539978827e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

50
flake.nix Normal file
View file

@ -0,0 +1,50 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
flake-parts.url = "github:hercules-ci/flake-parts";
git-hooks.url = "github:cachix/git-hooks.nix";
};
outputs =
inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
imports = [ inputs.git-hooks.flakeModule ];
perSystem =
{ config, pkgs, ... }:
{
formatter = pkgs.nixfmt-rfc-style;
pre-commit.settings.hooks =
## Not everybody might want pre-commit hooks, so we make them
## opt-in. Maybe one day we will decide to have them everywhere.
let
inherit (builtins) concatStringsSep;
optin = [
"deployment"
"services"
];
files = "^((" + concatStringsSep "|" optin + ")/.*\\.nix|[^/]*\\.nix)$";
in
{
nixfmt-rfc-style = {
enable = true;
inherit files;
};
deadnix = {
enable = true;
inherit files;
};
};
devShells.default = pkgs.mkShell { shellHook = config.pre-commit.installationScript; };
};
};
}

9
services/.gitignore vendored
View file

@ -1,9 +0,0 @@
nixos.qcow2
result*
.direnv
.nixos-test-history
*screenshot.png
output
todo
/.pre-commit-config.yaml

View file

@ -141,12 +141,8 @@ in
types.submodule {
# TODO: these should be managed as secrets, not in the nix store
options = {
id = mkOption {
type = types.str;
};
secret = mkOption {
type = types.str;
};
id = mkOption { type = types.str; };
secret = mkOption { type = types.str; };
# TODO: assert at least one of these is true
# NOTE: this currently needs to be done at the top level module
ensureAccess = mkOption {
@ -184,9 +180,7 @@ in
pkgs.awscli
];
networking.firewall.allowedTCPPorts = [
fedicfg.rpc.port
];
networking.firewall.allowedTCPPorts = [ fedicfg.rpc.port ];
services.garage = {
enable = true;
package = pkgs.garage_0_9;

View file

@ -5,11 +5,7 @@ let
};
in
{
config,
lib,
...
}:
{ config, lib, ... }:
lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
#### garage setup

View file

@ -5,11 +5,7 @@ let
};
in
{
config,
lib,
...
}:
{ config, lib, ... }:
lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
networking.firewall.allowedTCPPorts = [

View file

@ -128,9 +128,7 @@
};
devShells.${system}.default = pkgs.mkShell {
inputs = with pkgs; [
nil
];
inputs = with pkgs; [ nil ];
shellHook = self.checks.${system}.pre-commit.shellHook;
};
};

View file

@ -42,9 +42,7 @@ let
};
in
{
imports = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
];
imports = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ];
nixpkgs.hostPlatform = "x86_64-linux";
services.getty.autologinUser = lib.mkForce "root";
programs.bash.loginShellInit = nixpkgs.lib.getExe bootstrap;

View file

@ -7,9 +7,7 @@ let
seleniumScript =
pkgs.writers.writePython3Bin "selenium-script"
{
libraries = with pkgs.python3Packages; [ selenium ];
}
{ libraries = with pkgs.python3Packages; [ selenium ]; }
''
from selenium import webdriver
from selenium.webdriver.common.by import By

View file

@ -54,9 +54,7 @@ let
seleniumScriptPostPicture =
pkgs.writers.writePython3Bin "selenium-script-post-picture"
{
libraries = with pkgs.python3Packages; [ selenium ];
}
{ libraries = with pkgs.python3Packages; [ selenium ]; }
''
import os
import time
@ -99,9 +97,7 @@ let
seleniumScriptGetSrc =
pkgs.writers.writePython3Bin "selenium-script-get-src"
{
libraries = with pkgs.python3Packages; [ selenium ];
}
{ libraries = with pkgs.python3Packages; [ selenium ]; }
''
${seleniumImports}
${seleniumSetup}

View file

@ -1,8 +1,4 @@
{
lib,
modulesPath,
...
}:
{ lib, modulesPath, ... }:
let
inherit (lib) mkVMOverride;