diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..1d953f4 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use nix diff --git a/.gitignore b/.gitignore index 287988c..14c0c89 100644 --- a/.gitignore +++ b/.gitignore @@ -107,3 +107,5 @@ ENV/ # mypy .mypy_cache/ rhosts_dev +.direnv +.pre-commit-config.yaml diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..1c5378c --- /dev/null +++ b/default.nix @@ -0,0 +1,74 @@ +{ + sources ? import ./npins, + pkgs ? import sources.nixpkgs { }, +}: + +let + nix-pkgs = import sources.nix-pkgs { inherit pkgs; }; + + check = (import sources.git-hooks).run { + src = ./.; + + hooks = { + # Python hooks + black = { + enable = true; + stages = [ "pre-push" ]; + }; + + isort = { + enable = true; + stages = [ "pre-push" ]; + }; + + ruff = { + enable = true; + stages = [ "pre-push" ]; + }; + + # Misc Hooks + commitizen.enable = true; + }; + }; + + python3 = pkgs.python3.override { + packageOverrides = _: _: { + inherit (nix-pkgs) django-cas-ng django-solo loadcredential; + }; + }; +in + +{ + devShell = pkgs.mkShell { + name = "annuaire.dev"; + + packages = [ + (python3.withPackages (ps: [ + ps.django + ps.django-cas-ng + ps.django-markdownx + ps.django-solo + ps.markdown + ps.pillow + ps.loadcredential + ])) + ]; + + env = { + DJANGO_SETTINGS_MODULE = "app.settings"; + + CREDENTIALS_DIRECTORY = builtins.toString ./.credentials; + + BOCAL_DEBUG = builtins.toJSON true; + BOCAL_STATIC_ROOT = builtins.toString ./.static; + }; + + shellHook = '' + ${check.shellHook} + + if [ ! -d .static ]; then + mkdir .static + fi + ''; + }; +} diff --git a/npins/default.nix b/npins/default.nix new file mode 100644 index 0000000..5e7d086 --- /dev/null +++ b/npins/default.nix @@ -0,0 +1,80 @@ +# Generated by npins. Do not modify; will be overwritten regularly +let + data = builtins.fromJSON (builtins.readFile ./sources.json); + version = data.version; + + mkSource = + spec: + assert spec ? type; + let + path = + if spec.type == "Git" then + mkGitSource spec + else if spec.type == "GitRelease" then + mkGitSource spec + else if spec.type == "PyPi" then + mkPyPiSource spec + else if spec.type == "Channel" then + mkChannelSource spec + else + builtins.throw "Unknown source type ${spec.type}"; + in + spec // { outPath = path; }; + + mkGitSource = + { + repository, + revision, + url ? null, + hash, + branch ? null, + ... + }: + assert repository ? type; + # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository + # In the latter case, there we will always be an url to the tarball + if url != null then + (builtins.fetchTarball { + inherit url; + sha256 = hash; # FIXME: check nix version & use SRI hashes + }) + else + assert repository.type == "Git"; + let + urlToName = + url: rev: + let + matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url; + + short = builtins.substring 0 7 rev; + + appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; + in + "${if matched == null then "source" else builtins.head matched}${appendShort}"; + name = urlToName repository.url revision; + in + builtins.fetchGit { + url = repository.url; + rev = revision; + inherit name; + # hash = hash; + }; + + mkPyPiSource = + { url, hash, ... }: + builtins.fetchurl { + inherit url; + sha256 = hash; + }; + + mkChannelSource = + { url, hash, ... }: + builtins.fetchTarball { + inherit url; + sha256 = hash; + }; +in +if version == 3 then + builtins.mapAttrs (_: mkSource) data.pins +else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json new file mode 100644 index 0000000..91e3275 --- /dev/null +++ b/npins/sources.json @@ -0,0 +1,34 @@ +{ + "pins": { + "git-hooks": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "cachix", + "repo": "git-hooks.nix" + }, + "branch": "master", + "revision": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "url": "https://github.com/cachix/git-hooks.nix/archive/3c3e88f0f544d6bb54329832616af7eb971b6be6.tar.gz", + "hash": "04pwjz423iq2nkazkys905gvsm5j39722ngavrnx42b8msr5k555" + }, + "nix-pkgs": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs" + }, + "branch": "main", + "revision": "e3fac77b062c9fe98dc1b5a367b0a8e70cde9624", + "url": null, + "hash": "12xqh19mv8zgvyrh4vfnc95acf45x81g398pyqsd1xy1l7030r7i" + }, + "nixpkgs": { + "type": "Channel", + "name": "nixpkgs-unstable", + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz", + "hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx" + } + }, + "version": 3 +} \ No newline at end of file diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..d6d21cf --- /dev/null +++ b/shell.nix @@ -0,0 +1 @@ +(import ./. { }).devShell