feat: implemented flake check (closes #15)

.pre-commit-config.yaml

@@ -0,0 +1 @@
+/nix/store/ixy9b46hjbk9bpshgkz2v84s1q0p4b0p-pre-commit-config.json

apps/rekey.nix

@@ -12,8 +12,7 @@ with nixpkgs.lib; let
     pubKeyStr = hostAttrs.config.rekey.pubKey;
     secretPath = "/tmp/nix-rekey.d/${builtins.hashString "sha1" pubKeyStr}/";
 
-    rekeyCommand = secretName: secretAttrs: let
-    in ''
+    rekeyCommand = secretName: secretAttrs: ''
       echo "Rekeying secret ${secretName} for host ${hostName}"
       echo "${secretAttrs.file}"
       ${pkgs.rage}/bin/rage ${masterIdentities} -d ${secretAttrs.file} \
@@ -39,7 +38,7 @@ with nixpkgs.lib; let
     ''
     else ''
       mkdir -p ${secretPath}
-      ${concatStringsSep "\n" (mapAttrsToList rekeyCommand (hostAttrs.config.rekey.secrets))}
+      ${concatStringsSep "\n" (mapAttrsToList rekeyCommand hostAttrs.config.rekey.secrets)}
     '';
 
   rekeyScript = ''

configuration.nix

@@ -160,10 +160,6 @@
   networking.firewall.enable = false;
 
   services.udev.packages = with pkgs; [yubikey-personalization libu2f-host];
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
 
   environment.shellInit = ''
     gpg-connect-agent /bye

flake.lock

@@ -43,6 +43,22 @@
         "type": "github"
       }
     },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "locked": {
         "lastModified": 1667395993,
@@ -58,6 +74,27 @@
         "type": "github"
       }
     },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -95,12 +132,55 @@
         "type": "github"
       }
     },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1673800717,
+        "narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1675688762,
+        "narHash": "sha256-oit/SxMk0B380ASuztBGQLe8TttO1GJiXF8aZY9AYEc=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "ab608394886fb04b8a5df3cb0bab2598400e3634",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
       }
     },
     "utils": {

flake.nix

@@ -12,6 +12,12 @@
     };
 
     flake-utils.url = "github:numtide/flake-utils";
+
+    pre-commit-hooks = {
+      url = "github:cachix/pre-commit-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-utils.follows = "flake-utils";
+    };
   };
 
   outputs = {
@@ -50,6 +56,7 @@
         inherit localSystem;
       };
       apps = import ./apps/rekey.nix inputs localSystem;
+
       devShells.default = pkgs.mkShell {
         name = "patricks tolle nix config";
 
@@ -58,6 +65,12 @@
           statix
           update-nix-fetchgit
         ];
+
+        shellHook = ''
+          ${self.checks.${system}.pre-commit-check.shellHook}
+        '';
       };
+
+      checks = import ./modules/checks.nix inputs localSystem;
     });
 }

modules/checks.nix

@@ -0,0 +1,15 @@
+{
+  self,
+  pre-commit-hooks,
+  ...
+}: system: {
+  pre-commit-check = pre-commit-hooks.lib.${system}.run {
+    src = self.pkgs.${system}.lib.cleanSource ../.;
+    hooks = {
+      alejandra.enable = true;
+      statix.enable = true;
+      #luacheck
+      #stylua
+    };
+  };
+}

users/common/alias.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   home.shellAliases = {
     # Aliases
     l = "ls -lahF --group-directories-first --show-control-chars --quoting-style=escape --color=auto";

users/common/rofi.nix

@@ -1,4 +1,4 @@
-{...}: {
+_: {
   programs.rofi = {
     enable = true;
     theme = "DarkBlue";