hans/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Flake environment with pre-commit hook; CI to enforce them. (#2)

Browse source 
Reviewed-on: Fediversity/Fediversity#2
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
This commit is contained in:
Nicolas Jeannerod 2024-11-14 17:51:15 +01:00
parent 3ae51fa545 a888540580
commit 7ac8ec85cc
14 changed files with 239 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
.forgejo/workflow/ci.yaml Normal file
View file

@ -0,0 +1,16 @@
on:
pull_request:
types:
- opened
- synchronize
- reopened
push:
branches:
- main
jobs:
check-pre-commit:
runs-on: native
steps:
- uses: actions/checkout@v4
- run: nix build .#checks.x86_64-linux.pre-commit -L

14
.gitignore vendored
View file

@ -1,3 +1,15 @@
.DS_Store
.idea
*.log
tmp/
*.iso
.proxmox
/.pre-commit-config.yaml
nixos.qcow2
.envrc .envrc
.direnv .direnv
result result*
.nixos-test-history
*screenshot.png
output
todo

8
deployment/.gitignore vendored
View file

@ -1,8 +0,0 @@
.DS_Store
.idea
*.log
tmp/
*.iso
result
.proxmox
.pre-commit-config.yaml

149
flake.lock Normal file
View file

@ -0,0 +1,149 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1730814269,
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1730958623,
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f7e662eda4fa3a995556527c87b2524b691933",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1730504152,
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1727672256,
"narHash": "sha256-9/79hjQc9+xyH+QxeMcRsA6hDyw6Z9Eo1/oxjvwirLk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1719f27dd95fd4206afb9cec9f415b539978827e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

50
flake.nix Normal file
View file

@ -0,0 +1,50 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
flake-parts.url = "github:hercules-ci/flake-parts";
git-hooks.url = "github:cachix/git-hooks.nix";
};
outputs =
inputs@{ flake-parts, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
imports = [ inputs.git-hooks.flakeModule ];
perSystem =
{ config, pkgs, ... }:
{
formatter = pkgs.nixfmt-rfc-style;
pre-commit.settings.hooks =
## Not everybody might want pre-commit hooks, so we make them
## opt-in. Maybe one day we will decide to have them everywhere.
let
inherit (builtins) concatStringsSep;
optin = [
"deployment"
"services"
];
files = "^((" + concatStringsSep "|" optin + ")/.*\\.nix|[^/]*\\.nix)$";
in
{
nixfmt-rfc-style = {
enable = true;
inherit files;
};
deadnix = {
enable = true;
inherit files;
};
};
devShells.default = pkgs.mkShell { shellHook = config.pre-commit.installationScript; };
};
};
}

9
services/.gitignore vendored
View file

@ -1,9 +0,0 @@
nixos.qcow2
result*
.direnv
.nixos-test-history
*screenshot.png
output
todo
/.pre-commit-config.yaml

12
services/fediversity/garage.nix
View file

@ -141,12 +141,8 @@ in
types.submodule { types.submodule {
# TODO: these should be managed as secrets, not in the nix store # TODO: these should be managed as secrets, not in the nix store
options = { options = {
id = mkOption { id = mkOption { type = types.str; };
type = types.str; secret = mkOption { type = types.str; };
};
secret = mkOption {
type = types.str;
};
# TODO: assert at least one of these is true # TODO: assert at least one of these is true
# NOTE: this currently needs to be done at the top level module # NOTE: this currently needs to be done at the top level module
ensureAccess = mkOption { ensureAccess = mkOption {
@ -184,9 +180,7 @@ in
pkgs.awscli pkgs.awscli
]; ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [ fedicfg.rpc.port ];
fedicfg.rpc.port
];
services.garage = { services.garage = {
enable = true; enable = true;
package = pkgs.garage_0_9; package = pkgs.garage_0_9;

6
services/fediversity/mastodon.nix
View file

@ -5,11 +5,7 @@ let
}; };
in in
{ { config, lib, ... }:
config,
lib,
...
}:
lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) { lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
#### garage setup #### garage setup

6
services/fediversity/peertube.nix
View file

@ -5,11 +5,7 @@ let
}; };
in in
{ { config, lib, ... }:
config,
lib,
...
}:
lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

4
services/flake.nix
View file

@ -128,9 +128,7 @@
}; };
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
inputs = with pkgs; [ inputs = with pkgs; [ nil ];
nil
];
shellHook = self.checks.${system}.pre-commit.shellHook; shellHook = self.checks.${system}.pre-commit.shellHook;
}; };
}; };

4
services/installer.nix
View file

@ -42,9 +42,7 @@ let
}; };
in in
{ {
imports = [ imports = [ "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ];
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
services.getty.autologinUser = lib.mkForce "root"; services.getty.autologinUser = lib.mkForce "root";
programs.bash.loginShellInit = nixpkgs.lib.getExe bootstrap; programs.bash.loginShellInit = nixpkgs.lib.getExe bootstrap;

4
services/tests/mastodon-garage.nix
View file

@ -7,9 +7,7 @@ let
seleniumScript = seleniumScript =
pkgs.writers.writePython3Bin "selenium-script" pkgs.writers.writePython3Bin "selenium-script"
{ { libraries = with pkgs.python3Packages; [ selenium ]; }
libraries = with pkgs.python3Packages; [ selenium ];
}
'' ''
from selenium import webdriver from selenium import webdriver
from selenium.webdriver.common.by import By from selenium.webdriver.common.by import By

8
services/tests/pixelfed-garage.nix
View file

@ -54,9 +54,7 @@ let
seleniumScriptPostPicture = seleniumScriptPostPicture =
pkgs.writers.writePython3Bin "selenium-script-post-picture" pkgs.writers.writePython3Bin "selenium-script-post-picture"
{ { libraries = with pkgs.python3Packages; [ selenium ]; }
libraries = with pkgs.python3Packages; [ selenium ];
}
'' ''
import os import os
import time import time
@ -99,9 +97,7 @@ let
seleniumScriptGetSrc = seleniumScriptGetSrc =
pkgs.writers.writePython3Bin "selenium-script-get-src" pkgs.writers.writePython3Bin "selenium-script-get-src"
{ { libraries = with pkgs.python3Packages; [ selenium ]; }
libraries = with pkgs.python3Packages; [ selenium ];
}
'' ''
${seleniumImports} ${seleniumImports}
${seleniumSetup} ${seleniumSetup}

6
services/vm/pixelfed-vm.nix
View file

@ -1,8 +1,4 @@
{ { lib, modulesPath, ... }:
lib,
modulesPath,
...
}:
let let
inherit (lib) mkVMOverride; inherit (lib) mkVMOverride;