infra/flake.nix at main · Tietokilta/infra · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
{
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    systems.url = "github:nix-systems/default";
    tikbots = {
      url = "github:Tietokilta/tikbots";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    {
      self,
      nixpkgs,
      systems,
      ...
    }@inputs:
    let
      forAllSystems =
        f:
        nixpkgs.lib.genAttrs (import systems) (
          system:
          f (
            import nixpkgs {
              inherit system;
              config.allowUnfree = true;
            }
          )
        );
    in
    {
      nixosConfigurations.tikpannu = nixpkgs.lib.nixosSystem {
        specialArgs = { inherit inputs; };
        modules = [ ./tikpannu-nixos-config/configuration.nix ];
      };

      checks = forAllSystems (
        pkgs:
        {
          formatting =
            pkgs.runCommand "fmt-check"
              {
                nativeBuildInputs = [ self.formatter.${pkgs.stdenv.hostPlatform.system} ];
              }
              ''
                cp -r ${self} repo
                chmod -R +w repo/
                treefmt --ci --tree-root repo
                touch $out
              '';
        }
        // (import ./tikpannu-nixos-config/tests { inherit pkgs inputs; })
      );

      formatter = forAllSystems (
        pkgs:
        pkgs.treefmt.withConfig {
          runtimeInputs = with pkgs; [
            nixfmt
            opentofu
            yamlfmt
          ];

          settings.formatter = {
            nix = {
              command = "nixfmt";
              includes = [ "*.nix" ];
            };
            terraform = {
              command = "tofu";
              options = [ "fmt" ];
              includes = [ "*.tf" ];
            };
            yaml = {
              command = "yamlfmt";
              includes = [
                "*.yaml"
                "*.yml"
              ];
            };
          };
        }
      );

      devShells = forAllSystems (pkgs: {
        default = pkgs.mkShellNoCC {
          packages = with pkgs; [
            (azure-cli.withExtensions [
              azure-cli-extensions.ssh
            ])
            sops
            terraform
            age-plugin-yubikey
          ];

          shellHook = ''
            if ! cmp --silent .git/hooks/pre-commit .pre-commit-hook.sh ; then
              ./setup-pre-commit.sh
            fi
          '';
        };
      });
    };
}