patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: implemented flake check (closes #15)

Browse source
This commit is contained in:
Patrick Großmann 2023-02-08 21:12:32 +01:00
parent cf1805cfa0
commit 19f061288c
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
8 changed files with 114 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.pre-commit-config.yaml Symbolic link
View file

@ -0,0 +1 @@
/nix/store/ixy9b46hjbk9bpshgkz2v84s1q0p4b0p-pre-commit-config.json

5
apps/rekey.nix
View file

@ -12,8 +12,7 @@ with nixpkgs.lib; let
pubKeyStr = hostAttrs.config.rekey.pubKey; pubKeyStr = hostAttrs.config.rekey.pubKey;
secretPath = "/tmp/nix-rekey.d/${builtins.hashString "sha1" pubKeyStr}/"; secretPath = "/tmp/nix-rekey.d/${builtins.hashString "sha1" pubKeyStr}/";
rekeyCommand = secretName: secretAttrs: let rekeyCommand = secretName: secretAttrs: ''
in ''
echo "Rekeying secret ${secretName} for host ${hostName}" echo "Rekeying secret ${secretName} for host ${hostName}"
echo "${secretAttrs.file}" echo "${secretAttrs.file}"
${pkgs.rage}/bin/rage ${masterIdentities} -d ${secretAttrs.file} \ ${pkgs.rage}/bin/rage ${masterIdentities} -d ${secretAttrs.file} \
@ -39,7 +38,7 @@ with nixpkgs.lib; let
'' ''
else '' else ''
mkdir -p ${secretPath} mkdir -p ${secretPath}
${concatStringsSep "\n" (mapAttrsToList rekeyCommand (hostAttrs.config.rekey.secrets))} ${concatStringsSep "\n" (mapAttrsToList rekeyCommand hostAttrs.config.rekey.secrets)}
''; '';
rekeyScript = '' rekeyScript = ''

4
configuration.nix
View file

@ -160,10 +160,6 @@
networking.firewall.enable = false; networking.firewall.enable = false;
services.udev.packages = with pkgs; [yubikey-personalization libu2f-host]; services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
environment.shellInit = '' environment.shellInit = ''
gpg-connect-agent /bye gpg-connect-agent /bye

82
flake.lock
View file

@ -43,6 +43,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
@ -58,6 +74,27 @@
"type": "github" "type": "github"
} }
}, },
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -95,12 +132,55 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1673800717,
"narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1675688762,
"narHash": "sha256-oit/SxMk0B380ASuztBGQLe8TttO1GJiXF8aZY9AYEc=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "ab608394886fb04b8a5df3cb0bab2598400e3634",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks"
} }
}, },
"utils": { "utils": {

13
flake.nix
View file

@ -12,6 +12,12 @@
}; };
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
}; };
outputs = { outputs = {
@ -50,6 +56,7 @@
inherit localSystem; inherit localSystem;
}; };
apps = import ./apps/rekey.nix inputs localSystem; apps = import ./apps/rekey.nix inputs localSystem;
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
name = "patricks tolle nix config"; name = "patricks tolle nix config";
@ -58,6 +65,12 @@
statix statix
update-nix-fetchgit update-nix-fetchgit
]; ];
shellHook = ''
${self.checks.${system}.pre-commit-check.shellHook}
'';
}; };
checks = import ./modules/checks.nix inputs localSystem;
}); });
} }

15
modules/checks.nix Normal file
View file

@ -0,0 +1,15 @@
{
self,
pre-commit-hooks,
...
}: system: {
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = self.pkgs.${system}.lib.cleanSource ../.;
hooks = {
alejandra.enable = true;
statix.enable = true;
#luacheck
#stylua
};
};
}

2
users/common/alias.nix
View file

@ -1,4 +1,4 @@
{...}: { _: {
home.shellAliases = { home.shellAliases = {
# Aliases # Aliases
l = "ls -lahF --group-directories-first --show-control-chars --quoting-style=escape --color=auto"; l = "ls -lahF --group-directories-first --show-control-chars --quoting-style=escape --color=auto";

2
users/common/rofi.nix
View file

@ -1,4 +1,4 @@
{...}: { _: {
programs.rofi = { programs.rofi = {
enable = true; enable = true;
theme = "DarkBlue"; theme = "DarkBlue";