From c323453234437d1fa29d879bd8168d276e80b75a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Wed, 13 Nov 2024 18:04:55 +0100 Subject: [PATCH 1/4] Move some gitignore at toplevel --- .gitignore | 14 +++++++++++++- deployment/.gitignore | 8 -------- services/.gitignore | 9 --------- 3 files changed, 13 insertions(+), 18 deletions(-) delete mode 100644 deployment/.gitignore delete mode 100644 services/.gitignore diff --git a/.gitignore b/.gitignore index fbfad60a..09cdde32 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,15 @@ +.DS_Store +.idea +*.log +tmp/ +*.iso +.proxmox +/.pre-commit-config.yaml +nixos.qcow2 .envrc .direnv -result +result* +.nixos-test-history +*screenshot.png +output +todo diff --git a/deployment/.gitignore b/deployment/.gitignore deleted file mode 100644 index d52229cd..00000000 --- a/deployment/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -.DS_Store -.idea -*.log -tmp/ -*.iso -result -.proxmox -.pre-commit-config.yaml diff --git a/services/.gitignore b/services/.gitignore deleted file mode 100644 index 81bd15ed..00000000 --- a/services/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -nixos.qcow2 -result* -.direnv -.nixos-test-history -*screenshot.png -output -todo - -/.pre-commit-config.yaml From e51fca5f0ec22cc8865ebce17185809428ad24f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Wed, 13 Nov 2024 22:41:34 +0100 Subject: [PATCH 2/4] Basic flake with pre-commit hooks --- flake.lock | 149 +++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 47 +++++++++++++++++ 2 files changed, 196 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..8e4758e4 --- /dev/null +++ b/flake.lock @@ -0,0 +1,149 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1730958623, + "narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "85f7e662eda4fa3a995556527c87b2524b691933", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1727672256, + "narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1719f27dd95fd4206afb9cec9f415b539978827e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_2" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..38975cab --- /dev/null +++ b/flake.nix @@ -0,0 +1,47 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + flake-parts.url = "github:hercules-ci/flake-parts"; + git-hooks.url = "github:cachix/git-hooks.nix"; + }; + + outputs = + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; + + imports = [ inputs.git-hooks.flakeModule ]; + + perSystem = + { config, pkgs, ... }: + { + formatter = pkgs.nixfmt-rfc-style; + + pre-commit.settings.hooks = + ## Not everybody might want pre-commit hooks, so we make them + ## opt-in. Maybe one day we will decide to have them everywhere. + let + inherit (builtins) concatStringsSep; + optin = [ "deployment" ]; + files = "^((" + concatStringsSep "|" optin + ")/.*\\.nix|[^/]*\\.nix)$"; + in + { + nixfmt-rfc-style = { + enable = true; + inherit files; + }; + deadnix = { + enable = true; + inherit files; + }; + }; + + devShells.default = pkgs.mkShell { shellHook = config.pre-commit.installationScript; }; + }; + }; +} From 4b77808f3f1fde252356d3f3d0a7acb9731f02ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Wed, 13 Nov 2024 22:44:02 +0100 Subject: [PATCH 3/4] Basic CI that checks pre-commits --- .forgejo/workflow/ci.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .forgejo/workflow/ci.yaml diff --git a/.forgejo/workflow/ci.yaml b/.forgejo/workflow/ci.yaml new file mode 100644 index 00000000..a2636c6e --- /dev/null +++ b/.forgejo/workflow/ci.yaml @@ -0,0 +1,16 @@ +on: + pull_request: + types: + - opened + - synchronize + - reopened + push: + branches: + - main + +jobs: + check-pre-commit: + runs-on: native + steps: + - uses: actions/checkout@v4 + - run: nix build .#checks.x86_64-linux.pre-commit -L From a88854058057dc11705071535ad903f9a5c8336f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Thu, 14 Nov 2024 09:49:49 +0100 Subject: [PATCH 4/4] Opt-in to formatting for the `services/` subdirectory --- flake.nix | 5 ++++- services/fediversity/garage.nix | 12 +++--------- services/fediversity/mastodon.nix | 6 +----- services/fediversity/peertube.nix | 6 +----- services/flake.nix | 4 +--- services/installer.nix | 4 +--- services/tests/mastodon-garage.nix | 4 +--- services/tests/pixelfed-garage.nix | 8 ++------ services/vm/pixelfed-vm.nix | 6 +----- 9 files changed, 15 insertions(+), 40 deletions(-) diff --git a/flake.nix b/flake.nix index 38975cab..7192e506 100644 --- a/flake.nix +++ b/flake.nix @@ -27,7 +27,10 @@ ## opt-in. Maybe one day we will decide to have them everywhere. let inherit (builtins) concatStringsSep; - optin = [ "deployment" ]; + optin = [ + "deployment" + "services" + ]; files = "^((" + concatStringsSep "|" optin + ")/.*\\.nix|[^/]*\\.nix)$"; in { diff --git a/services/fediversity/garage.nix b/services/fediversity/garage.nix index 758a151c..16b57027 100644 --- a/services/fediversity/garage.nix +++ b/services/fediversity/garage.nix @@ -141,12 +141,8 @@ in types.submodule { # TODO: these should be managed as secrets, not in the nix store options = { - id = mkOption { - type = types.str; - }; - secret = mkOption { - type = types.str; - }; + id = mkOption { type = types.str; }; + secret = mkOption { type = types.str; }; # TODO: assert at least one of these is true # NOTE: this currently needs to be done at the top level module ensureAccess = mkOption { @@ -184,9 +180,7 @@ in pkgs.awscli ]; - networking.firewall.allowedTCPPorts = [ - fedicfg.rpc.port - ]; + networking.firewall.allowedTCPPorts = [ fedicfg.rpc.port ]; services.garage = { enable = true; package = pkgs.garage_0_9; diff --git a/services/fediversity/mastodon.nix b/services/fediversity/mastodon.nix index 8b6e95bc..8cd74540 100644 --- a/services/fediversity/mastodon.nix +++ b/services/fediversity/mastodon.nix @@ -5,11 +5,7 @@ let }; in -{ - config, - lib, - ... -}: +{ config, lib, ... }: lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) { #### garage setup diff --git a/services/fediversity/peertube.nix b/services/fediversity/peertube.nix index 4a4a07b2..1d1ea081 100644 --- a/services/fediversity/peertube.nix +++ b/services/fediversity/peertube.nix @@ -5,11 +5,7 @@ let }; in -{ - config, - lib, - ... -}: +{ config, lib, ... }: lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { networking.firewall.allowedTCPPorts = [ diff --git a/services/flake.nix b/services/flake.nix index aec006b7..b55b2812 100644 --- a/services/flake.nix +++ b/services/flake.nix @@ -128,9 +128,7 @@ }; devShells.${system}.default = pkgs.mkShell { - inputs = with pkgs; [ - nil - ]; + inputs = with pkgs; [ nil ]; shellHook = self.checks.${system}.pre-commit.shellHook; }; }; diff --git a/services/installer.nix b/services/installer.nix index f87be582..a5f787ef 100644 --- a/services/installer.nix +++ b/services/installer.nix @@ -42,9 +42,7 @@ let }; in { - imports = [ - "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" - ]; + imports = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ]; nixpkgs.hostPlatform = "x86_64-linux"; services.getty.autologinUser = lib.mkForce "root"; programs.bash.loginShellInit = nixpkgs.lib.getExe bootstrap; diff --git a/services/tests/mastodon-garage.nix b/services/tests/mastodon-garage.nix index 75e269c3..242e8650 100644 --- a/services/tests/mastodon-garage.nix +++ b/services/tests/mastodon-garage.nix @@ -7,9 +7,7 @@ let seleniumScript = pkgs.writers.writePython3Bin "selenium-script" - { - libraries = with pkgs.python3Packages; [ selenium ]; - } + { libraries = with pkgs.python3Packages; [ selenium ]; } '' from selenium import webdriver from selenium.webdriver.common.by import By diff --git a/services/tests/pixelfed-garage.nix b/services/tests/pixelfed-garage.nix index 746728bd..bdac4029 100644 --- a/services/tests/pixelfed-garage.nix +++ b/services/tests/pixelfed-garage.nix @@ -54,9 +54,7 @@ let seleniumScriptPostPicture = pkgs.writers.writePython3Bin "selenium-script-post-picture" - { - libraries = with pkgs.python3Packages; [ selenium ]; - } + { libraries = with pkgs.python3Packages; [ selenium ]; } '' import os import time @@ -99,9 +97,7 @@ let seleniumScriptGetSrc = pkgs.writers.writePython3Bin "selenium-script-get-src" - { - libraries = with pkgs.python3Packages; [ selenium ]; - } + { libraries = with pkgs.python3Packages; [ selenium ]; } '' ${seleniumImports} ${seleniumSetup} diff --git a/services/vm/pixelfed-vm.nix b/services/vm/pixelfed-vm.nix index 8ec156a7..b5e820f7 100644 --- a/services/vm/pixelfed-vm.nix +++ b/services/vm/pixelfed-vm.nix @@ -1,8 +1,4 @@ -{ - lib, - modulesPath, - ... -}: +{ lib, modulesPath, ... }: let inherit (lib) mkVMOverride;