diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 120000 index 0000000..3d823b1 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1 @@ +/nix/store/ixy9b46hjbk9bpshgkz2v84s1q0p4b0p-pre-commit-config.json \ No newline at end of file diff --git a/apps/rekey.nix b/apps/rekey.nix index 869a4c3..d985180 100644 --- a/apps/rekey.nix +++ b/apps/rekey.nix @@ -12,8 +12,7 @@ with nixpkgs.lib; let pubKeyStr = hostAttrs.config.rekey.pubKey; secretPath = "/tmp/nix-rekey.d/${builtins.hashString "sha1" pubKeyStr}/"; - rekeyCommand = secretName: secretAttrs: let - in '' + rekeyCommand = secretName: secretAttrs: '' echo "Rekeying secret ${secretName} for host ${hostName}" echo "${secretAttrs.file}" ${pkgs.rage}/bin/rage ${masterIdentities} -d ${secretAttrs.file} \ @@ -39,7 +38,7 @@ with nixpkgs.lib; let '' else '' mkdir -p ${secretPath} - ${concatStringsSep "\n" (mapAttrsToList rekeyCommand (hostAttrs.config.rekey.secrets))} + ${concatStringsSep "\n" (mapAttrsToList rekeyCommand hostAttrs.config.rekey.secrets)} ''; rekeyScript = '' diff --git a/configuration.nix b/configuration.nix index 39b1b46..dc62da3 100644 --- a/configuration.nix +++ b/configuration.nix @@ -160,10 +160,6 @@ networking.firewall.enable = false; services.udev.packages = with pkgs; [yubikey-personalization libu2f-host]; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; environment.shellInit = '' gpg-connect-agent /bye diff --git a/flake.lock b/flake.lock index def3114..4e5e2bd 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1667395993, @@ -58,6 +74,27 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -95,12 +132,55 @@ "type": "github" } }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1673800717, + "narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1675688762, + "narHash": "sha256-oit/SxMk0B380ASuztBGQLe8TttO1GJiXF8aZY9AYEc=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "ab608394886fb04b8a5df3cb0bab2598400e3634", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "flake-utils": "flake-utils", "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks" } }, "utils": { diff --git a/flake.nix b/flake.nix index 71411eb..1a1ef7d 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,12 @@ }; flake-utils.url = "github:numtide/flake-utils"; + + pre-commit-hooks = { + url = "github:cachix/pre-commit-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; }; outputs = { @@ -50,6 +56,7 @@ inherit localSystem; }; apps = import ./apps/rekey.nix inputs localSystem; + devShells.default = pkgs.mkShell { name = "patricks tolle nix config"; @@ -58,6 +65,12 @@ statix update-nix-fetchgit ]; + + shellHook = '' + ${self.checks.${system}.pre-commit-check.shellHook} + ''; }; + + checks = import ./modules/checks.nix inputs localSystem; }); } diff --git a/modules/checks.nix b/modules/checks.nix new file mode 100644 index 0000000..52fee99 --- /dev/null +++ b/modules/checks.nix @@ -0,0 +1,15 @@ +{ + self, + pre-commit-hooks, + ... +}: system: { + pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = self.pkgs.${system}.lib.cleanSource ../.; + hooks = { + alejandra.enable = true; + statix.enable = true; + #luacheck + #stylua + }; + }; +} diff --git a/users/common/alias.nix b/users/common/alias.nix index c81dd07..48126af 100644 --- a/users/common/alias.nix +++ b/users/common/alias.nix @@ -1,4 +1,4 @@ -{...}: { +_: { home.shellAliases = { # Aliases l = "ls -lahF --group-directories-first --show-control-chars --quoting-style=escape --color=auto"; diff --git a/users/common/rofi.nix b/users/common/rofi.nix index 88c80bf..e863d3e 100644 --- a/users/common/rofi.nix +++ b/users/common/rofi.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs.rofi = { enable = true; theme = "DarkBlue";