diff --git a/.credentials/SECRET_KEY b/.credentials/SECRET_KEY new file mode 100644 index 0000000..545a6ec --- /dev/null +++ b/.credentials/SECRET_KEY @@ -0,0 +1 @@ +insecure-secret-key diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use nix diff --git a/.gitignore b/.gitignore index e09edb1..f22e893 100644 --- a/.gitignore +++ b/.gitignore @@ -108,6 +108,6 @@ test.py .#* *.sqlite3 .sass-cache -/static/ -settings.py secrets.py +.direnv +.pre-commit-config.yaml diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..27c362f --- /dev/null +++ b/default.nix @@ -0,0 +1,94 @@ +{ + sources ? import ./npins, + pkgs ? import sources.nixpkgs { }, +}: + +let + nix-pkgs = import sources.nix-pkgs { inherit pkgs; }; + + check = (import sources.git-hooks).run { + src = ./.; + + hooks = { + # Python hooks + black = { + enable = true; + stages = [ "pre-push" ]; + }; + + isort = { + enable = true; + stages = [ "pre-push" ]; + }; + + ruff = { + enable = true; + stages = [ "pre-push" ]; + }; + + # Misc Hooks + commitizen.enable = true; + }; + }; + + python3 = pkgs.python3.override { + packageOverrides = _: _: { + inherit (nix-pkgs) + authens + django-braces + django-elasticsearch-dsl + django-simple-email-confirmation + django-taggit-autosuggest + django-tinymce + loadcredential + spatialite + ; + }; + }; +in + +{ + devShell = pkgs.mkShell { + name = "annuaire.dev"; + + packages = [ + (python3.withPackages (ps: [ + ps.authens + ps.django + ps.django-braces + ps.django-elasticsearch-dsl + ps.django-simple-email-confirmation + ps.django-taggit + ps.django-taggit-autosuggest + ps.django-tastypie + ps.django-tinymce + ps.loadcredential + + # Dev packages + ps.django-debug-toolbar + ps.django-stubs + ps.spatialite + ])) + ]; + + env = { + DJANGO_SETTINGS_MODULE = "app.settings"; + + CREDENTIALS_DIRECTORY = builtins.toString ./.credentials; + + EXPERIENS_DEBUG = builtins.toJSON true; + EXPERIENS_STATIC_ROOT = builtins.toString ./.static; + + EXPERIENS_GDAL_LIBRARY_PATH = "${pkgs.gdal}/lib/libgdal.so"; + EXPERIENS_GEOS_LIBRARY_PATH = "${pkgs.geos}/lib/libgeos_c.so"; + }; + + shellHook = '' + ${check.shellHook} + + if [ ! -d .static ]; then + mkdir .static + fi + ''; + }; +} diff --git a/npins/default.nix b/npins/default.nix new file mode 100644 index 0000000..5e7d086 --- /dev/null +++ b/npins/default.nix @@ -0,0 +1,80 @@ +# Generated by npins. Do not modify; will be overwritten regularly +let + data = builtins.fromJSON (builtins.readFile ./sources.json); + version = data.version; + + mkSource = + spec: + assert spec ? type; + let + path = + if spec.type == "Git" then + mkGitSource spec + else if spec.type == "GitRelease" then + mkGitSource spec + else if spec.type == "PyPi" then + mkPyPiSource spec + else if spec.type == "Channel" then + mkChannelSource spec + else + builtins.throw "Unknown source type ${spec.type}"; + in + spec // { outPath = path; }; + + mkGitSource = + { + repository, + revision, + url ? null, + hash, + branch ? null, + ... + }: + assert repository ? type; + # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository + # In the latter case, there we will always be an url to the tarball + if url != null then + (builtins.fetchTarball { + inherit url; + sha256 = hash; # FIXME: check nix version & use SRI hashes + }) + else + assert repository.type == "Git"; + let + urlToName = + url: rev: + let + matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url; + + short = builtins.substring 0 7 rev; + + appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; + in + "${if matched == null then "source" else builtins.head matched}${appendShort}"; + name = urlToName repository.url revision; + in + builtins.fetchGit { + url = repository.url; + rev = revision; + inherit name; + # hash = hash; + }; + + mkPyPiSource = + { url, hash, ... }: + builtins.fetchurl { + inherit url; + sha256 = hash; + }; + + mkChannelSource = + { url, hash, ... }: + builtins.fetchTarball { + inherit url; + sha256 = hash; + }; +in +if version == 3 then + builtins.mapAttrs (_: mkSource) data.pins +else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json new file mode 100644 index 0000000..ff2347f --- /dev/null +++ b/npins/sources.json @@ -0,0 +1,34 @@ +{ + "pins": { + "git-hooks": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "cachix", + "repo": "git-hooks.nix" + }, + "branch": "master", + "revision": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "url": "https://github.com/cachix/git-hooks.nix/archive/3c3e88f0f544d6bb54329832616af7eb971b6be6.tar.gz", + "hash": "04pwjz423iq2nkazkys905gvsm5j39722ngavrnx42b8msr5k555" + }, + "nix-pkgs": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs" + }, + "branch": "main", + "revision": "024f0d09d4ff1a62e11f5fdd74f2d00d0a77da5c", + "url": null, + "hash": "0abpyf4pclslg24wmwl3q6y8x5fmhq9winpgkpbb99yw2815j2iz" + }, + "nixpkgs": { + "type": "Channel", + "name": "nixpkgs-unstable", + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz", + "hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx" + } + }, + "version": 3 +} \ No newline at end of file diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..d6d21cf --- /dev/null +++ b/shell.nix @@ -0,0 +1 @@ +(import ./. { }).devShell