mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
chore: nf-lint-nix and nf-fmt-nix
This commit is contained in:
arcnmx
parent
ee53c89e40
commit
2a76c4fc98
11 changed files with 100 additions and 13 deletions
11
ci/fmt.nix
Normal file
11
ci/fmt.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
nix = {
|
||||
whitelist = [
|
||||
"systems/mediabox/nixos.nix"
|
||||
];
|
||||
blacklistDirs = [
|
||||
"overlays"
|
||||
"ci"
|
||||
];
|
||||
};
|
||||
}
|
||||
10
ci/statix.toml
Normal file
10
ci/statix.toml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
disabled = [
|
||||
"repeated_keys",
|
||||
"empty_pattern",
|
||||
]
|
||||
nix_version = '2.4'
|
||||
ignore = [
|
||||
'.direnv',
|
||||
'ci',
|
||||
'overlays',
|
||||
]
|
||||
25
devShell.nix
25
devShell.nix
|
|
@ -35,6 +35,26 @@
|
|||
cd "$NF_CONFIG_ROOT/tf"
|
||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-lint-tf" -- "$@"
|
||||
'';
|
||||
nf-lint-nix = pkgs.writeShellScriptBin "nf-lint-nix" ''
|
||||
cd "$NF_CONFIG_ROOT"
|
||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-lint-nix" -- "$@"
|
||||
'';
|
||||
nf-fmt-nix = pkgs.writeShellScriptBin "nf-fmt-nix" ''
|
||||
cd "$NF_CONFIG_ROOT"
|
||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-fmt-nix" -- "$@"
|
||||
'';
|
||||
nf-alejandra = pkgs.writeShellScriptBin "alejandra" ''
|
||||
cd "$NF_CONFIG_ROOT"
|
||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-alejandra" -- "$@"
|
||||
'';
|
||||
nf-statix = pkgs.writeShellScriptBin "statix" ''
|
||||
cd "$NF_CONFIG_ROOT"
|
||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-statix" -- "$@"
|
||||
'';
|
||||
nf-deadnix = pkgs.writeShellScriptBin "deadnix" ''
|
||||
cd "$NF_CONFIG_ROOT"
|
||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-deadnix" -- "$@"
|
||||
'';
|
||||
nf-kustomize = pkgs.writeShellScriptBin "kustomize" ''
|
||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#pkgs.kustomize" -- "$@"
|
||||
'';
|
||||
|
|
@ -52,6 +72,11 @@ in
|
|||
nf-deploy
|
||||
nf-tf
|
||||
nf-lint-tf
|
||||
nf-lint-nix
|
||||
nf-fmt-nix
|
||||
nf-alejandra
|
||||
nf-statix
|
||||
nf-deadnix
|
||||
nf-kustomize
|
||||
nf-argocd
|
||||
];
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ with lib; {
|
|||
};
|
||||
config = {
|
||||
network.importing = {
|
||||
nixosImports = mkDefault (map (path: toString path) [
|
||||
nixosImports = mkDefault (map toString [
|
||||
(root + "/nixos/systems/HN.nix")
|
||||
(root + "/nixos/systems/HN/nixos.nix")
|
||||
]);
|
||||
|
|
|
|||
|
|
@ -7,7 +7,9 @@
|
|||
inherit (lib.options) mkOption;
|
||||
inherit (lib.types) attrsOf package;
|
||||
inherit (lib.meta) getExe;
|
||||
inherit (lib.strings) concatStringsSep concatMapStringsSep;
|
||||
cfg = config.outputs.packages;
|
||||
fmt = import ../../ci/fmt.nix;
|
||||
in {
|
||||
options.outputs.packages = mkOption {
|
||||
type = attrsOf package;
|
||||
|
|
@ -15,13 +17,54 @@ in {
|
|||
};
|
||||
|
||||
config.outputs.packages = {
|
||||
inherit (pkgs.buildPackages) terraform tflint;
|
||||
inherit (pkgs.buildPackages)
|
||||
terraform tflint
|
||||
alejandra deadnix statix
|
||||
;
|
||||
nf-deploy = pkgs.writeShellScriptBin "nf-deploy" ''
|
||||
exec ${pkgs.runtimeShell} ${../../ci/deploy.sh} "$@"
|
||||
'';
|
||||
nf-statix = pkgs.writeShellScriptBin "nf-statix" ''
|
||||
if [[ $# -eq 0 ]]; then
|
||||
set -- check
|
||||
fi
|
||||
|
||||
if [[ ''${1-} = check ]]; then
|
||||
shift
|
||||
set -- check --config ${../../ci/statix.toml} "$@"
|
||||
fi
|
||||
|
||||
exec ${getExe cfg.statix} "$@"
|
||||
'';
|
||||
nf-deadnix = let
|
||||
inherit (fmt.nix) blacklistDirs;
|
||||
excludes = "${getExe pkgs.buildPackages.findutils} ${concatStringsSep " " blacklistDirs} -type f";
|
||||
in pkgs.writeShellScriptBin "nf-deadnix" ''
|
||||
exec ${getExe cfg.deadnix} "$@" \
|
||||
--no-lambda-arg \
|
||||
--exclude $(${excludes})
|
||||
'';
|
||||
nf-alejandra = let
|
||||
inherit (fmt.nix) blacklistDirs;
|
||||
excludes = concatMapStringsSep " " (dir: "--exclude ${dir}") blacklistDirs;
|
||||
in pkgs.writeShellScriptBin "nf-alejandra" ''
|
||||
exec ${getExe cfg.alejandra} \
|
||||
${excludes} \
|
||||
"$@"
|
||||
'';
|
||||
nf-lint-tf = pkgs.writeShellScriptBin "nf-lint-tf" ''
|
||||
${getExe cfg.terraform} fmt "$@" &&
|
||||
${cfg.tflint}/bin/tflint
|
||||
'';
|
||||
nf-lint-nix = pkgs.writeShellScriptBin "nf-lint-nix" ''
|
||||
${getExe cfg.nf-statix} check "$@" &&
|
||||
${getExe cfg.nf-deadnix} -f "$@"
|
||||
'';
|
||||
nf-fmt-nix = let
|
||||
inherit (fmt.nix) whitelist;
|
||||
includes = concatStringsSep " " whitelist;
|
||||
in pkgs.writeShellScriptBin "nf-fmt-nix" ''
|
||||
exec ${getExe cfg.nf-alejandra} ${includes} "$@"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@
|
|||
host ${config.authentication.database} ${config.name} ${formatHost host} ${config.authentication.method}
|
||||
'') config.authentication.hosts);
|
||||
};
|
||||
authentication.database = mkIf (config.ensureDBOwnership) (
|
||||
authentication.database = mkIf config.ensureDBOwnership (
|
||||
mkOptionDefault config.name
|
||||
);
|
||||
};
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@
|
|||
inherit (lib.modules) mkIf mkMerge mkDefault;
|
||||
inherit (lib.strings) escapeRegex;
|
||||
inherit (lib.lists) singleton optional;
|
||||
inherit (config.services) tailscale;
|
||||
inherit (config.services.nginx) virtualHosts;
|
||||
inherit (config.services) nginx tailscale;
|
||||
inherit (nginx) virtualHosts;
|
||||
access = config.services.nginx.access.proxmox;
|
||||
proxyPass = "https://reisen.local.gensokyo.zone:8006/";
|
||||
unencrypted = pkgs.mkSnakeOil {
|
||||
|
|
@ -111,6 +111,6 @@ in {
|
|||
config.sops.secrets.access-proxmox = {
|
||||
sopsFile = mkDefault ../secrets/access-proxmox.yaml;
|
||||
owner = config.services.nginx.user;
|
||||
group = config.services.nginx.group;
|
||||
inherit (nginx) group;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
{ buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, aiofiles
|
||||
, cryptography
|
||||
|
|
|
|||
|
|
@ -89,9 +89,8 @@ in {
|
|||
url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
|
||||
};
|
||||
access.kanidm = assert kanidm.enableServer; {
|
||||
domain = kanidm.server.frontend.domain;
|
||||
inherit (kanidm.server.frontend) domain port;
|
||||
host = tei.networking.access.hostnameForNetwork.local;
|
||||
port = kanidm.server.frontend.port;
|
||||
ldapPort = kanidm.server.ldap.port;
|
||||
ldapEnable = kanidm.server.ldap.enable;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib.modules) mkIf mkMerge;
|
||||
inherit (lib.modules) mkIf;
|
||||
inherit (lib.attrsets) listToAttrs nameValuePair;
|
||||
inherit (access) systemFor;
|
||||
inherit (config.networking) hostName;
|
||||
|
|
|
|||
4
tree.nix
4
tree.nix
|
|
@ -25,7 +25,7 @@
|
|||
"modules/nixos" = {
|
||||
functor = {
|
||||
external =
|
||||
(with (import (inputs.arcexprs + "/modules")).nixos; [
|
||||
with (import (inputs.arcexprs + "/modules")).nixos; [
|
||||
nix
|
||||
systemd
|
||||
dht22-exporter
|
||||
|
|
@ -46,7 +46,7 @@
|
|||
mosh
|
||||
doc-warnings
|
||||
inputs.systemd2mqtt.nixosModules.default
|
||||
]);
|
||||
];
|
||||
};
|
||||
};
|
||||
"modules/nixos".functor.enable = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue