feat: initial lint

Taskfile.yaml

@@ -17,3 +17,14 @@ tasks:
     silent: true
     cmds:
       - task -l
+
+  lint:
+    desc: Run statix lint
+    cmds:
+      - statix check .
+
+  check:
+    desc: Check project files
+    cmds:
+      - task: lint
+      - task: pc-run

flake.nix

@@ -23,10 +23,19 @@
     nixpkgs,
     sops-nix,
     ...
-  } @ inputs:
+  } @ inputs: let
+    inherit (self) outputs;
+    forAllSystems = nixpkgs.lib.genAttrs [
+      "aarch64-linux"
+      # "i686-linux"
+      "x86_64-linux"
+      # "aarch64-darwin"
+      # "x86_64-darwin"
+    ];
+  in
     with inputs; {
       # Use nixpkgs-fmt for 'nix fmt'
-      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
+      formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
 
       # Each subdirectory in ./machines is a host. Add them all to
       # nixosConfigurations. Host configurations need a file called

images/rpi/flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixos": {
+      "locked": {
+        "lastModified": 1688392541,
+        "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixos": "nixos"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

images/rpi/flake.nix

@@ -0,0 +1,28 @@
+{
+  description = "A flake to build a basic NixOS iso";
+  inputs.nixos.url = "github:nixos/nixpkgs/nixos-22.11";
+  outputs = {
+    self,
+    nixos,
+  }: {
+    nixosConfigurations = let
+      exampleBase = {
+        isoImage.squashfsCompression = "gzip -Xcompression-level 1";
+        systemd.services.sshd.wantedBy = nixos.lib.mkForce ["multi-user.target"];
+        users.users.root.openssh.authorizedKeys.keys = ["<my ssh key>"];
+      };
+    in {
+      x86 = nixos.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          "${nixos}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
+          exampleBase
+        ];
+      };
+      example = nixos.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [exampleBase];
+      };
+    };
+  };
+}

nixos/hosts/common/nixos/packages.nix

@@ -17,7 +17,11 @@
     gh
 
     # TODO Move
+    nil
+    nixpkgs-fmt
+    statix
   ];
+
   programs.direnv = {
     # TODO move to home-manager
     enable = true;

nixos/hosts/common/optional/editors/vscode/default.nix

@@ -1,8 +1,7 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
+{ config
+, pkgs
+, lib
+, ...
 }: {
   # Enable vscode & addons
   environment.systemPackages = with pkgs; [
@@ -11,6 +10,8 @@
       vscodeExtensions = with vscode-extensions;
         [
           bbenoist.nix
+          mkhl.direnv
+
         ]
         ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
           {

nixpkgs.nix

@@ -0,0 +1,8 @@
+# A nixpkgs instance that is grabbed from the pinned nixpkgs commit in the lock file
+# This is useful to avoid using channels when using legacy nix commands
+let lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked;
+in
+import (fetchTarball {
+  url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz";
+  sha256 = lock.narHash;
+})

shell.nix

@@ -14,5 +14,14 @@
 }: pkgs.mkShell {
   # Enable experimental features without having to specify the argument
   NIX_CONFIG = "experimental-features = nix-command flakes";
-  nativeBuildInputs = with pkgs; [ nix home-manager git nil nixpkgs-fmt go-task sops ];
+  nativeBuildInputs = with pkgs; [
+    nix
+    home-manager
+    git
+    nil
+    nixpkgs-fmt
+    go-task
+    sops
+    pre-commit
+  ];
 }