From d7b80ea06ab5d1fd2e360af6b6c5f4e27b435f55 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Wed, 23 Oct 2024 20:01:03 +0200
Subject: [PATCH] feat: Add nix tooling

---
 .credentials/SECRET_KEY |  1 +
 .envrc                  |  1 +
 .gitignore              |  4 +-
 default.nix             | 94 +++++++++++++++++++++++++++++++++++++++++
 npins/default.nix       | 80 +++++++++++++++++++++++++++++++++++
 npins/sources.json      | 34 +++++++++++++++
 shell.nix               |  1 +
 7 files changed, 213 insertions(+), 2 deletions(-)
 create mode 100644 .credentials/SECRET_KEY
 create mode 100644 .envrc
 create mode 100644 default.nix
 create mode 100644 npins/default.nix
 create mode 100644 npins/sources.json
 create mode 100644 shell.nix

diff --git a/.credentials/SECRET_KEY b/.credentials/SECRET_KEY
new file mode 100644
index 0000000..545a6ec
--- /dev/null
+++ b/.credentials/SECRET_KEY
@@ -0,0 +1 @@
+insecure-secret-key
diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..1d953f4
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/.gitignore b/.gitignore
index e09edb1..f22e893 100644
--- a/.gitignore
+++ b/.gitignore
@@ -108,6 +108,6 @@ test.py
 .#*
 *.sqlite3
 .sass-cache
-/static/
-settings.py
 secrets.py
+.direnv
+.pre-commit-config.yaml
diff --git a/default.nix b/default.nix
new file mode 100644
index 0000000..27c362f
--- /dev/null
+++ b/default.nix
@@ -0,0 +1,94 @@
+{
+  sources ? import ./npins,
+  pkgs ? import sources.nixpkgs { },
+}:
+
+let
+  nix-pkgs = import sources.nix-pkgs { inherit pkgs; };
+
+  check = (import sources.git-hooks).run {
+    src = ./.;
+
+    hooks = {
+      # Python hooks
+      black = {
+        enable = true;
+        stages = [ "pre-push" ];
+      };
+
+      isort = {
+        enable = true;
+        stages = [ "pre-push" ];
+      };
+
+      ruff = {
+        enable = true;
+        stages = [ "pre-push" ];
+      };
+
+      # Misc Hooks
+      commitizen.enable = true;
+    };
+  };
+
+  python3 = pkgs.python3.override {
+    packageOverrides = _: _: {
+      inherit (nix-pkgs)
+        authens
+        django-braces
+        django-elasticsearch-dsl
+        django-simple-email-confirmation
+        django-taggit-autosuggest
+        django-tinymce
+        loadcredential
+        spatialite
+        ;
+    };
+  };
+in
+
+{
+  devShell = pkgs.mkShell {
+    name = "annuaire.dev";
+
+    packages = [
+      (python3.withPackages (ps: [
+        ps.authens
+        ps.django
+        ps.django-braces
+        ps.django-elasticsearch-dsl
+        ps.django-simple-email-confirmation
+        ps.django-taggit
+        ps.django-taggit-autosuggest
+        ps.django-tastypie
+        ps.django-tinymce
+        ps.loadcredential
+
+        # Dev packages
+        ps.django-debug-toolbar
+        ps.django-stubs
+        ps.spatialite
+      ]))
+    ];
+
+    env = {
+      DJANGO_SETTINGS_MODULE = "app.settings";
+
+      CREDENTIALS_DIRECTORY = builtins.toString ./.credentials;
+
+      EXPERIENS_DEBUG = builtins.toJSON true;
+      EXPERIENS_STATIC_ROOT = builtins.toString ./.static;
+
+      EXPERIENS_GDAL_LIBRARY_PATH = "${pkgs.gdal}/lib/libgdal.so";
+      EXPERIENS_GEOS_LIBRARY_PATH = "${pkgs.geos}/lib/libgeos_c.so";
+    };
+
+    shellHook = ''
+      ${check.shellHook}
+
+      if [ ! -d .static ]; then
+        mkdir .static
+      fi
+    '';
+  };
+}
diff --git a/npins/default.nix b/npins/default.nix
new file mode 100644
index 0000000..5e7d086
--- /dev/null
+++ b/npins/default.nix
@@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        # hash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 3 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
diff --git a/npins/sources.json b/npins/sources.json
new file mode 100644
index 0000000..ff2347f
--- /dev/null
+++ b/npins/sources.json
@@ -0,0 +1,34 @@
+{
+  "pins": {
+    "git-hooks": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "cachix",
+        "repo": "git-hooks.nix"
+      },
+      "branch": "master",
+      "revision": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
+      "url": "https://github.com/cachix/git-hooks.nix/archive/3c3e88f0f544d6bb54329832616af7eb971b6be6.tar.gz",
+      "hash": "04pwjz423iq2nkazkys905gvsm5j39722ngavrnx42b8msr5k555"
+    },
+    "nix-pkgs": {
+      "type": "Git",
+      "repository": {
+        "type": "Git",
+        "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
+      },
+      "branch": "main",
+      "revision": "024f0d09d4ff1a62e11f5fdd74f2d00d0a77da5c",
+      "url": null,
+      "hash": "0abpyf4pclslg24wmwl3q6y8x5fmhq9winpgkpbb99yw2815j2iz"
+    },
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz",
+      "hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx"
+    }
+  },
+  "version": 3
+}
\ No newline at end of file
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..d6d21cf
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1 @@
+(import ./. { }).devShell