mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
chore: nf-lint-nix and nf-fmt-nix
This commit is contained in:
arcnmx
parent
ee53c89e40
commit
2a76c4fc98
11 changed files with 100 additions and 13 deletions
11
ci/fmt.nix
Normal file
11
ci/fmt.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
nix = {
|
||||||
|
whitelist = [
|
||||||
|
"systems/mediabox/nixos.nix"
|
||||||
|
];
|
||||||
|
blacklistDirs = [
|
||||||
|
"overlays"
|
||||||
|
"ci"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
10
ci/statix.toml
Normal file
10
ci/statix.toml
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
disabled = [
|
||||||
|
"repeated_keys",
|
||||||
|
"empty_pattern",
|
||||||
|
]
|
||||||
|
nix_version = '2.4'
|
||||||
|
ignore = [
|
||||||
|
'.direnv',
|
||||||
|
'ci',
|
||||||
|
'overlays',
|
||||||
|
]
|
||||||
25
devShell.nix
25
devShell.nix
|
|
@ -35,6 +35,26 @@
|
||||||
cd "$NF_CONFIG_ROOT/tf"
|
cd "$NF_CONFIG_ROOT/tf"
|
||||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-lint-tf" -- "$@"
|
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-lint-tf" -- "$@"
|
||||||
'';
|
'';
|
||||||
|
nf-lint-nix = pkgs.writeShellScriptBin "nf-lint-nix" ''
|
||||||
|
cd "$NF_CONFIG_ROOT"
|
||||||
|
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-lint-nix" -- "$@"
|
||||||
|
'';
|
||||||
|
nf-fmt-nix = pkgs.writeShellScriptBin "nf-fmt-nix" ''
|
||||||
|
cd "$NF_CONFIG_ROOT"
|
||||||
|
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-fmt-nix" -- "$@"
|
||||||
|
'';
|
||||||
|
nf-alejandra = pkgs.writeShellScriptBin "alejandra" ''
|
||||||
|
cd "$NF_CONFIG_ROOT"
|
||||||
|
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-alejandra" -- "$@"
|
||||||
|
'';
|
||||||
|
nf-statix = pkgs.writeShellScriptBin "statix" ''
|
||||||
|
cd "$NF_CONFIG_ROOT"
|
||||||
|
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-statix" -- "$@"
|
||||||
|
'';
|
||||||
|
nf-deadnix = pkgs.writeShellScriptBin "deadnix" ''
|
||||||
|
cd "$NF_CONFIG_ROOT"
|
||||||
|
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#nf-deadnix" -- "$@"
|
||||||
|
'';
|
||||||
nf-kustomize = pkgs.writeShellScriptBin "kustomize" ''
|
nf-kustomize = pkgs.writeShellScriptBin "kustomize" ''
|
||||||
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#pkgs.kustomize" -- "$@"
|
exec nix run ''${FLAKE_OPTS-} "$NF_CONFIG_ROOT#pkgs.kustomize" -- "$@"
|
||||||
'';
|
'';
|
||||||
|
|
@ -52,6 +72,11 @@ in
|
||||||
nf-deploy
|
nf-deploy
|
||||||
nf-tf
|
nf-tf
|
||||||
nf-lint-tf
|
nf-lint-tf
|
||||||
|
nf-lint-nix
|
||||||
|
nf-fmt-nix
|
||||||
|
nf-alejandra
|
||||||
|
nf-statix
|
||||||
|
nf-deadnix
|
||||||
nf-kustomize
|
nf-kustomize
|
||||||
nf-argocd
|
nf-argocd
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ with lib; {
|
||||||
};
|
};
|
||||||
config = {
|
config = {
|
||||||
network.importing = {
|
network.importing = {
|
||||||
nixosImports = mkDefault (map (path: toString path) [
|
nixosImports = mkDefault (map toString [
|
||||||
(root + "/nixos/systems/HN.nix")
|
(root + "/nixos/systems/HN.nix")
|
||||||
(root + "/nixos/systems/HN/nixos.nix")
|
(root + "/nixos/systems/HN/nixos.nix")
|
||||||
]);
|
]);
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,9 @@
|
||||||
inherit (lib.options) mkOption;
|
inherit (lib.options) mkOption;
|
||||||
inherit (lib.types) attrsOf package;
|
inherit (lib.types) attrsOf package;
|
||||||
inherit (lib.meta) getExe;
|
inherit (lib.meta) getExe;
|
||||||
|
inherit (lib.strings) concatStringsSep concatMapStringsSep;
|
||||||
cfg = config.outputs.packages;
|
cfg = config.outputs.packages;
|
||||||
|
fmt = import ../../ci/fmt.nix;
|
||||||
in {
|
in {
|
||||||
options.outputs.packages = mkOption {
|
options.outputs.packages = mkOption {
|
||||||
type = attrsOf package;
|
type = attrsOf package;
|
||||||
|
|
@ -15,13 +17,54 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config.outputs.packages = {
|
config.outputs.packages = {
|
||||||
inherit (pkgs.buildPackages) terraform tflint;
|
inherit (pkgs.buildPackages)
|
||||||
|
terraform tflint
|
||||||
|
alejandra deadnix statix
|
||||||
|
;
|
||||||
nf-deploy = pkgs.writeShellScriptBin "nf-deploy" ''
|
nf-deploy = pkgs.writeShellScriptBin "nf-deploy" ''
|
||||||
exec ${pkgs.runtimeShell} ${../../ci/deploy.sh} "$@"
|
exec ${pkgs.runtimeShell} ${../../ci/deploy.sh} "$@"
|
||||||
'';
|
'';
|
||||||
|
nf-statix = pkgs.writeShellScriptBin "nf-statix" ''
|
||||||
|
if [[ $# -eq 0 ]]; then
|
||||||
|
set -- check
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ''${1-} = check ]]; then
|
||||||
|
shift
|
||||||
|
set -- check --config ${../../ci/statix.toml} "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exec ${getExe cfg.statix} "$@"
|
||||||
|
'';
|
||||||
|
nf-deadnix = let
|
||||||
|
inherit (fmt.nix) blacklistDirs;
|
||||||
|
excludes = "${getExe pkgs.buildPackages.findutils} ${concatStringsSep " " blacklistDirs} -type f";
|
||||||
|
in pkgs.writeShellScriptBin "nf-deadnix" ''
|
||||||
|
exec ${getExe cfg.deadnix} "$@" \
|
||||||
|
--no-lambda-arg \
|
||||||
|
--exclude $(${excludes})
|
||||||
|
'';
|
||||||
|
nf-alejandra = let
|
||||||
|
inherit (fmt.nix) blacklistDirs;
|
||||||
|
excludes = concatMapStringsSep " " (dir: "--exclude ${dir}") blacklistDirs;
|
||||||
|
in pkgs.writeShellScriptBin "nf-alejandra" ''
|
||||||
|
exec ${getExe cfg.alejandra} \
|
||||||
|
${excludes} \
|
||||||
|
"$@"
|
||||||
|
'';
|
||||||
nf-lint-tf = pkgs.writeShellScriptBin "nf-lint-tf" ''
|
nf-lint-tf = pkgs.writeShellScriptBin "nf-lint-tf" ''
|
||||||
${getExe cfg.terraform} fmt "$@" &&
|
${getExe cfg.terraform} fmt "$@" &&
|
||||||
${cfg.tflint}/bin/tflint
|
${cfg.tflint}/bin/tflint
|
||||||
'';
|
'';
|
||||||
|
nf-lint-nix = pkgs.writeShellScriptBin "nf-lint-nix" ''
|
||||||
|
${getExe cfg.nf-statix} check "$@" &&
|
||||||
|
${getExe cfg.nf-deadnix} -f "$@"
|
||||||
|
'';
|
||||||
|
nf-fmt-nix = let
|
||||||
|
inherit (fmt.nix) whitelist;
|
||||||
|
includes = concatStringsSep " " whitelist;
|
||||||
|
in pkgs.writeShellScriptBin "nf-fmt-nix" ''
|
||||||
|
exec ${getExe cfg.nf-alejandra} ${includes} "$@"
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -55,7 +55,7 @@
|
||||||
host ${config.authentication.database} ${config.name} ${formatHost host} ${config.authentication.method}
|
host ${config.authentication.database} ${config.name} ${formatHost host} ${config.authentication.method}
|
||||||
'') config.authentication.hosts);
|
'') config.authentication.hosts);
|
||||||
};
|
};
|
||||||
authentication.database = mkIf (config.ensureDBOwnership) (
|
authentication.database = mkIf config.ensureDBOwnership (
|
||||||
mkOptionDefault config.name
|
mkOptionDefault config.name
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,8 @@
|
||||||
inherit (lib.modules) mkIf mkMerge mkDefault;
|
inherit (lib.modules) mkIf mkMerge mkDefault;
|
||||||
inherit (lib.strings) escapeRegex;
|
inherit (lib.strings) escapeRegex;
|
||||||
inherit (lib.lists) singleton optional;
|
inherit (lib.lists) singleton optional;
|
||||||
inherit (config.services) tailscale;
|
inherit (config.services) nginx tailscale;
|
||||||
inherit (config.services.nginx) virtualHosts;
|
inherit (nginx) virtualHosts;
|
||||||
access = config.services.nginx.access.proxmox;
|
access = config.services.nginx.access.proxmox;
|
||||||
proxyPass = "https://reisen.local.gensokyo.zone:8006/";
|
proxyPass = "https://reisen.local.gensokyo.zone:8006/";
|
||||||
unencrypted = pkgs.mkSnakeOil {
|
unencrypted = pkgs.mkSnakeOil {
|
||||||
|
|
@ -111,6 +111,6 @@ in {
|
||||||
config.sops.secrets.access-proxmox = {
|
config.sops.secrets.access-proxmox = {
|
||||||
sopsFile = mkDefault ../secrets/access-proxmox.yaml;
|
sopsFile = mkDefault ../secrets/access-proxmox.yaml;
|
||||||
owner = config.services.nginx.user;
|
owner = config.services.nginx.user;
|
||||||
group = config.services.nginx.group;
|
inherit (nginx) group;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,4 @@
|
||||||
{ lib
|
{ buildPythonPackage
|
||||||
, buildPythonPackage
|
|
||||||
, fetchFromGitHub
|
, fetchFromGitHub
|
||||||
, aiofiles
|
, aiofiles
|
||||||
, cryptography
|
, cryptography
|
||||||
|
|
|
||||||
|
|
@ -89,9 +89,8 @@ in {
|
||||||
url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
|
url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
|
||||||
};
|
};
|
||||||
access.kanidm = assert kanidm.enableServer; {
|
access.kanidm = assert kanidm.enableServer; {
|
||||||
domain = kanidm.server.frontend.domain;
|
inherit (kanidm.server.frontend) domain port;
|
||||||
host = tei.networking.access.hostnameForNetwork.local;
|
host = tei.networking.access.hostnameForNetwork.local;
|
||||||
port = kanidm.server.frontend.port;
|
|
||||||
ldapPort = kanidm.server.ldap.port;
|
ldapPort = kanidm.server.ldap.port;
|
||||||
ldapEnable = kanidm.server.ldap.enable;
|
ldapEnable = kanidm.server.ldap.enable;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
inherit (lib.modules) mkIf mkMerge;
|
inherit (lib.modules) mkIf;
|
||||||
inherit (lib.attrsets) listToAttrs nameValuePair;
|
inherit (lib.attrsets) listToAttrs nameValuePair;
|
||||||
inherit (access) systemFor;
|
inherit (access) systemFor;
|
||||||
inherit (config.networking) hostName;
|
inherit (config.networking) hostName;
|
||||||
|
|
|
||||||
4
tree.nix
4
tree.nix
|
|
@ -25,7 +25,7 @@
|
||||||
"modules/nixos" = {
|
"modules/nixos" = {
|
||||||
functor = {
|
functor = {
|
||||||
external =
|
external =
|
||||||
(with (import (inputs.arcexprs + "/modules")).nixos; [
|
with (import (inputs.arcexprs + "/modules")).nixos; [
|
||||||
nix
|
nix
|
||||||
systemd
|
systemd
|
||||||
dht22-exporter
|
dht22-exporter
|
||||||
|
|
@ -46,7 +46,7 @@
|
||||||
mosh
|
mosh
|
||||||
doc-warnings
|
doc-warnings
|
||||||
inputs.systemd2mqtt.nixosModules.default
|
inputs.systemd2mqtt.nixosModules.default
|
||||||
]);
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"modules/nixos".functor.enable = true;
|
"modules/nixos".functor.enable = true;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue