diff --git a/.forgejo/workflow/ci.yaml b/.forgejo/workflow/ci.yaml new file mode 100644 index 0000000..a2636c6 --- /dev/null +++ b/.forgejo/workflow/ci.yaml @@ -0,0 +1,16 @@ +on: + pull_request: + types: + - opened + - synchronize + - reopened + push: + branches: + - main + +jobs: + check-pre-commit: + runs-on: native + steps: + - uses: actions/checkout@v4 + - run: nix build .#checks.x86_64-linux.pre-commit -L diff --git a/.gitignore b/.gitignore index fbfad60..09cdde3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,15 @@ +.DS_Store +.idea +*.log +tmp/ +*.iso +.proxmox +/.pre-commit-config.yaml +nixos.qcow2 .envrc .direnv -result +result* +.nixos-test-history +*screenshot.png +output +todo diff --git a/deployment/.gitignore b/deployment/.gitignore deleted file mode 100644 index d52229c..0000000 --- a/deployment/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -.DS_Store -.idea -*.log -tmp/ -*.iso -result -.proxmox -.pre-commit-config.yaml diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..8e4758e --- /dev/null +++ b/flake.lock @@ -0,0 +1,149 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1730958623, + "narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "85f7e662eda4fa3a995556527c87b2524b691933", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1730504152, + "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1727672256, + "narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1719f27dd95fd4206afb9cec9f415b539978827e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_2" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..7192e50 --- /dev/null +++ b/flake.nix @@ -0,0 +1,50 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + flake-parts.url = "github:hercules-ci/flake-parts"; + git-hooks.url = "github:cachix/git-hooks.nix"; + }; + + outputs = + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; + + imports = [ inputs.git-hooks.flakeModule ]; + + perSystem = + { config, pkgs, ... }: + { + formatter = pkgs.nixfmt-rfc-style; + + pre-commit.settings.hooks = + ## Not everybody might want pre-commit hooks, so we make them + ## opt-in. Maybe one day we will decide to have them everywhere. + let + inherit (builtins) concatStringsSep; + optin = [ + "deployment" + "services" + ]; + files = "^((" + concatStringsSep "|" optin + ")/.*\\.nix|[^/]*\\.nix)$"; + in + { + nixfmt-rfc-style = { + enable = true; + inherit files; + }; + deadnix = { + enable = true; + inherit files; + }; + }; + + devShells.default = pkgs.mkShell { shellHook = config.pre-commit.installationScript; }; + }; + }; +} diff --git a/services/.gitignore b/services/.gitignore deleted file mode 100644 index 81bd15e..0000000 --- a/services/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -nixos.qcow2 -result* -.direnv -.nixos-test-history -*screenshot.png -output -todo - -/.pre-commit-config.yaml diff --git a/services/fediversity/garage.nix b/services/fediversity/garage.nix index 758a151..16b5702 100644 --- a/services/fediversity/garage.nix +++ b/services/fediversity/garage.nix @@ -141,12 +141,8 @@ in types.submodule { # TODO: these should be managed as secrets, not in the nix store options = { - id = mkOption { - type = types.str; - }; - secret = mkOption { - type = types.str; - }; + id = mkOption { type = types.str; }; + secret = mkOption { type = types.str; }; # TODO: assert at least one of these is true # NOTE: this currently needs to be done at the top level module ensureAccess = mkOption { @@ -184,9 +180,7 @@ in pkgs.awscli ]; - networking.firewall.allowedTCPPorts = [ - fedicfg.rpc.port - ]; + networking.firewall.allowedTCPPorts = [ fedicfg.rpc.port ]; services.garage = { enable = true; package = pkgs.garage_0_9; diff --git a/services/fediversity/mastodon.nix b/services/fediversity/mastodon.nix index 8b6e95b..8cd7454 100644 --- a/services/fediversity/mastodon.nix +++ b/services/fediversity/mastodon.nix @@ -5,11 +5,7 @@ let }; in -{ - config, - lib, - ... -}: +{ config, lib, ... }: lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) { #### garage setup diff --git a/services/fediversity/peertube.nix b/services/fediversity/peertube.nix index 4a4a07b..1d1ea08 100644 --- a/services/fediversity/peertube.nix +++ b/services/fediversity/peertube.nix @@ -5,11 +5,7 @@ let }; in -{ - config, - lib, - ... -}: +{ config, lib, ... }: lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { networking.firewall.allowedTCPPorts = [ diff --git a/services/flake.nix b/services/flake.nix index aec006b..b55b281 100644 --- a/services/flake.nix +++ b/services/flake.nix @@ -128,9 +128,7 @@ }; devShells.${system}.default = pkgs.mkShell { - inputs = with pkgs; [ - nil - ]; + inputs = with pkgs; [ nil ]; shellHook = self.checks.${system}.pre-commit.shellHook; }; }; diff --git a/services/installer.nix b/services/installer.nix index f87be58..a5f787e 100644 --- a/services/installer.nix +++ b/services/installer.nix @@ -42,9 +42,7 @@ let }; in { - imports = [ - "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" - ]; + imports = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ]; nixpkgs.hostPlatform = "x86_64-linux"; services.getty.autologinUser = lib.mkForce "root"; programs.bash.loginShellInit = nixpkgs.lib.getExe bootstrap; diff --git a/services/tests/mastodon-garage.nix b/services/tests/mastodon-garage.nix index 75e269c..242e865 100644 --- a/services/tests/mastodon-garage.nix +++ b/services/tests/mastodon-garage.nix @@ -7,9 +7,7 @@ let seleniumScript = pkgs.writers.writePython3Bin "selenium-script" - { - libraries = with pkgs.python3Packages; [ selenium ]; - } + { libraries = with pkgs.python3Packages; [ selenium ]; } '' from selenium import webdriver from selenium.webdriver.common.by import By diff --git a/services/tests/pixelfed-garage.nix b/services/tests/pixelfed-garage.nix index 746728b..bdac402 100644 --- a/services/tests/pixelfed-garage.nix +++ b/services/tests/pixelfed-garage.nix @@ -54,9 +54,7 @@ let seleniumScriptPostPicture = pkgs.writers.writePython3Bin "selenium-script-post-picture" - { - libraries = with pkgs.python3Packages; [ selenium ]; - } + { libraries = with pkgs.python3Packages; [ selenium ]; } '' import os import time @@ -99,9 +97,7 @@ let seleniumScriptGetSrc = pkgs.writers.writePython3Bin "selenium-script-get-src" - { - libraries = with pkgs.python3Packages; [ selenium ]; - } + { libraries = with pkgs.python3Packages; [ selenium ]; } '' ${seleniumImports} ${seleniumSetup} diff --git a/services/vm/pixelfed-vm.nix b/services/vm/pixelfed-vm.nix index 8ec156a..b5e820f 100644 --- a/services/vm/pixelfed-vm.nix +++ b/services/vm/pixelfed-vm.nix @@ -1,8 +1,4 @@ -{ - lib, - modulesPath, - ... -}: +{ lib, modulesPath, ... }: let inherit (lib) mkVMOverride;