feat(shell): Add pre-commit hooks and reformat the repo

2024-02-02 10:51:31 +01:00 · 2024-02-02 10:51:31 +01:00 · 5e3819c9b2
commit 5e3819c9b2
parent 988c44d461
91 changed files with 3772 additions and 2282 deletions
--- a/machines/compute01/k-radius/default.nix
+++ b/machines/compute01/k-radius/default.nix
@ -40,22 +40,23 @@
    };

    authTokenFile = config.age.secrets."radius-auth_token_file".path;
-    privateKeyPasswordFile =
-      config.age.secrets."radius-private_key_password_file".path;
+    privateKeyPasswordFile = config.age.secrets."radius-private_key_password_file".path;

-    certs = builtins.listToAttrs (builtins.map (name:
-      lib.nameValuePair name
-      config.age.secrets."radius-${name}_pem_file".path) [
+    certs = builtins.listToAttrs (
+      builtins.map (name: lib.nameValuePair name config.age.secrets."radius-${name}_pem_file".path) [
        "ca"
        "cert"
        "dh"
        "key"
-      ]);
+      ]
+    );

    radiusClients = { };
  };

-  age-secrets.matches."^radius-.*$" = { owner = "radius"; };
+  age-secrets.matches."^radius-.*$" = {
+    owner = "radius";
+  };

  networking.firewall.allowedTCPPorts = [ 1812 ];
  networking.firewall.allowedUDPPorts = [ 1812 ];
--- a/machines/compute01/k-radius/module.nix
+++ b/machines/compute01/k-radius/module.nix
@ -1,17 +1,27 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:

 let
-  inherit (lib) mkEnableOption mkIf mkOption types;
+  inherit (lib)
+    mkEnableOption
+    mkIf
+    mkOption
+    types
+    ;

  settingsFormat = pkgs.formats.toml { };

  py-pkgs = import ./packages/python { inherit pkgs; };
-  pykanidm =
-    pkgs.callPackage ./packages/pykanidm.nix { inherit (py-pkgs) pydantic; };
+  pykanidm = pkgs.callPackage ./packages/pykanidm.nix { inherit (py-pkgs) pydantic; };
  rlm_python = pkgs.callPackage ./packages/rlm_python.nix { inherit pykanidm; };

  cfg = config.services.k-radius;
-in {
+in
+{
  options.services.k-radius = {
    enable = mkEnableOption "a freeradius service linked to kanidm.";

@ -19,17 +29,17 @@ in {

    freeradius = mkOption {
      type = types.package;
-      default = pkgs.freeradius.overrideAttrs (old: {
-        buildInputs = (old.buildInputs or [ ])
-          ++ [ (pkgs.python3.withPackages (ps: [ ps.kanidm ])) ];
-      });
+      default = pkgs.freeradius.overrideAttrs (
+        old: {
+          buildInputs = (old.buildInputs or [ ]) ++ [ (pkgs.python3.withPackages (ps: [ ps.kanidm ])) ];
+        }
+      );
    };

    configDir = mkOption {
      type = types.path;
      default = "/var/lib/radius/raddb";
-      description =
-        "The path of the freeradius server configuration directory.";
+      description = "The path of the freeradius server configuration directory.";
    };

    authTokenFile = mkOption {
@ -38,12 +48,14 @@ in {
    };

    radiusClients = mkOption {
-      type = types.attrsOf (types.submodule {
-        options = {
-          secret = mkOption { type = types.path; };
-          ipaddr = mkOption { type = types.str; };
-        };
-      });
+      type = types.attrsOf (
+        types.submodule {
+          options = {
+            secret = mkOption { type = types.path; };
+            ipaddr = mkOption { type = types.str; };
+          };
+        }
+      );
      default = { };
      description = "A mapping of clients and their authentication tokens.";
    };
@ -55,8 +67,7 @@ in {
      };
      dh = mkOption {
        type = types.str;
-        description =
-          "The output of `openssl dhparam -in ca.pem -out dh.pem 2048`.";
+        description = "The output of `openssl dhparam -in ca.pem -out dh.pem 2048`.";
      };
      cert = mkOption {
        type = types.str;
@ -113,26 +124,32 @@ in {

        # write the clients configuration
        rm ${cfg.configDir}/clients.conf && touch ${cfg.configDir}/clients.conf
-        ${builtins.concatStringsSep "\n" (builtins.attrValues (builtins.mapAttrs
-          (name:
-            { secret, ipaddr }: ''
-              cat <<EOF >> ${cfg.configDir}/client.conf
-              client ${name} {
-                  ipaddr = ${ipaddr}
-                  secret = $(cat "${secret}")
-                  proto  = *
-              }
-              EOF
-            '') cfg.radiusClients))}
+        ${builtins.concatStringsSep "\n" (
+          builtins.attrValues (
+            builtins.mapAttrs
+              (
+                name:
+                { secret, ipaddr }:
+                ''
+                  cat <<EOF >> ${cfg.configDir}/client.conf
+                  client ${name} {
+                      ipaddr = ${ipaddr}
+                      secret = $(cat "${secret}")
+                      proto  = *
+                  }
+                  EOF
+                ''
+              )
+              cfg.radiusClients
+          )
+        )}

        # Copy the kanidm configuration
        cat <<EOF > /var/lib/radius/kanidm.toml
        auth_token = "$(cat "${cfg.authTokenFile}")"
        EOF

-        cat ${
-          settingsFormat.generate "kanidm.toml" cfg.settings
-        } >> /var/lib/radius/kanidm.toml
+        cat ${settingsFormat.generate "kanidm.toml" cfg.settings} >> /var/lib/radius/kanidm.toml
        chmod u+w /var/lib/radius/kanidm.toml

        # Copy the certificates to the correct directory
@ -154,11 +171,13 @@ in {
        # ${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
      '';

-      path = [ pkgs.openssl pkgs.gnused ];
+      path = [
+        pkgs.openssl
+        pkgs.gnused
+      ];

      serviceConfig = {
-        ExecStart =
-          "${cfg.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout";
+        ExecStart = "${cfg.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout";
        ExecReload = [
          "${cfg.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout"
          "${pkgs.coreutils}/bin/kill -HUP $MAINPID"
--- a/machines/compute01/k-radius/packages/pykanidm.nix
+++ b/machines/compute01/k-radius/packages/pykanidm.nix
@ -1,25 +1,38 @@
-{ lib, fetchFromGitHub, python3, pydantic }:
+{
+  lib,
+  fetchFromGitHub,
+  python3,
+  pydantic,
+}:

 let
  pname = "kanidm";
  version = "0.0.3";
-in python3.pkgs.buildPythonPackage {
+in
+python3.pkgs.buildPythonPackage {
  inherit pname version;
  format = "pyproject";

  disabled = python3.pythonOlder "3.8";

-  src = (fetchFromGitHub {
-    owner = pname;
-    repo = pname;
-    # Latest 1.1.0-rc.15 tip
-    rev = "a5ca8018e3a636dbb0a79b3fd869db059d92979d";
-    hash = "sha256-PFGoeGn7a/lVR6rOmOKA3ydAoo3/+9RlkwBAKS22Psg=";
-  }) + "/pykanidm";
+  src =
+    (fetchFromGitHub {
+      owner = pname;
+      repo = pname;
+      # Latest 1.1.0-rc.15 tip
+      rev = "a5ca8018e3a636dbb0a79b3fd869db059d92979d";
+      hash = "sha256-PFGoeGn7a/lVR6rOmOKA3ydAoo3/+9RlkwBAKS22Psg=";
+    })
+    + "/pykanidm";

  nativeBuildInputs = with python3.pkgs; [ poetry-core ];

-  propagatedBuildInputs = with python3.pkgs; [ aiohttp pydantic toml (authlib.overridePythonAttrs (_: { doCheck = false; })) ];
+  propagatedBuildInputs = with python3.pkgs; [
+    aiohttp
+    pydantic
+    toml
+    (authlib.overridePythonAttrs (_: { doCheck = false; }))
+  ];

  doCheck = false;

@ -29,6 +42,9 @@ in python3.pkgs.buildPythonPackage {
    description = "Kanidm client library";
    homepage = "https://github.com/kanidm/kanidm/tree/master/pykanidm";
    license = licenses.mpl20;
-    maintainers = with maintainers; [ arianvp hexa ];
+    maintainers = with maintainers; [
+      arianvp
+      hexa
+    ];
  };
 }
--- a/machines/compute01/k-radius/packages/python/default.nix
+++ b/machines/compute01/k-radius/packages/python/default.nix
@ -5,8 +5,16 @@ let

  callPackage = lib.callPackageWith (pkgs // pkgs.python3.pkgs // self);

-  self = builtins.listToAttrs (builtins.map (name: {
-    inherit name;
-    value = callPackage (./. + "/${name}.nix") { };
-  }) [ "pydantic" "pydantic-core" ]);
-in self
+  self = builtins.listToAttrs (
+    builtins.map
+      (name: {
+        inherit name;
+        value = callPackage (./. + "/${name}.nix") { };
+      })
+      [
+        "pydantic"
+        "pydantic-core"
+      ]
+  );
+in
+self
--- a/machines/compute01/k-radius/packages/python/pydantic-core.nix
+++ b/machines/compute01/k-radius/packages/python/pydantic-core.nix
@ -1,17 +1,18 @@
-{ stdenv
-, lib
-, buildPythonPackage
-, fetchFromGitHub
-, cargo
-, rustPlatform
-, rustc
-, libiconv
-, typing-extensions
-, pytestCheckHook
-, hypothesis
-, pytest-timeout
-, pytest-mock
-, dirty-equals
+{
+  stdenv,
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  cargo,
+  rustPlatform,
+  rustc,
+  libiconv,
+  typing-extensions,
+  pytestCheckHook,
+  hypothesis,
+  pytest-timeout,
+  pytest-mock,
+  dirty-equals,
 }:

 let
@ -27,9 +28,7 @@ let
      hash = "sha256-UguZpA3KEutOgIavjx8Ie//0qJq+4FTZNQTwb/ZIgb8=";
    };

-    patches = [
-      ./01-remove-benchmark-flags.patch
-    ];
+    patches = [ ./01-remove-benchmark-flags.patch ];

    cargoDeps = rustPlatform.fetchCargoTarball {
      inherit src;
@ -45,13 +44,9 @@ let
      typing-extensions
    ];

-    buildInputs = lib.optionals stdenv.isDarwin [
-      libiconv
-    ];
+    buildInputs = lib.optionals stdenv.isDarwin [ libiconv ];

-    propagatedBuildInputs = [
-      typing-extensions
-    ];
+    propagatedBuildInputs = [ typing-extensions ];

    pythonImportsCheck = [ "pydantic_core" ];

@ -85,4 +80,5 @@ let
      maintainers = with maintainers; [ blaggacao ];
    };
  };
-in pydantic-core
+in
+pydantic-core
--- a/machines/compute01/k-radius/packages/python/pydantic.nix
+++ b/machines/compute01/k-radius/packages/python/pydantic.nix
@ -1,27 +1,28 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
-, pythonOlder
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  pythonOlder,

-# build-system
-, hatchling
-, hatch-fancy-pypi-readme
+  # build-system
+  hatchling,
+  hatch-fancy-pypi-readme,

-# native dependencies
-, libxcrypt
+  # native dependencies
+  libxcrypt,

-# dependencies
-, annotated-types
-, pydantic-core
-, typing-extensions
+  # dependencies
+  annotated-types,
+  pydantic-core,
+  typing-extensions,

-# tests
-, cloudpickle
-, email-validator
-, dirty-equals
-, faker
-, pytestCheckHook
-, pytest-mock
+  # tests
+  cloudpickle,
+  email-validator,
+  dirty-equals,
+  faker,
+  pytestCheckHook,
+  pytest-mock,
 }:

 buildPythonPackage rec {
@ -38,9 +39,7 @@ buildPythonPackage rec {
    hash = "sha256-D0gYcyrKVVDhBgV9sCVTkGq/kFmIoT9l0i5bRM1qxzM=";
  };

-  buildInputs = lib.optionals (pythonOlder "3.9") [
-    libxcrypt
-  ];
+  buildInputs = lib.optionals (pythonOlder "3.9") [ libxcrypt ];

  nativeBuildInputs = [
    hatch-fancy-pypi-readme
@ -54,9 +53,7 @@ buildPythonPackage rec {
  ];

  passthru.optional-dependencies = {
-    email = [
-      email-validator
-    ];
+    email = [ email-validator ];
  };

  nativeCheckInputs = [
@ -93,4 +90,3 @@ buildPythonPackage rec {
    maintainers = with maintainers; [ wd15 ];
  };
 }
-
--- a/machines/compute01/k-radius/packages/rlm_python.nix
+++ b/machines/compute01/k-radius/packages/rlm_python.nix
@ -1,8 +1,14 @@
-{ stdenv, fetchFromGitHub, python3, pykanidm }:
+{
+  stdenv,
+  fetchFromGitHub,
+  python3,
+  pykanidm,
+}:

-let pythonPath = with python3.pkgs; makePythonPath [ pykanidm ];
-
-in stdenv.mkDerivation rec {
+let
+  pythonPath = with python3.pkgs; makePythonPath [ pykanidm ];
+in
+stdenv.mkDerivation rec {
  pname = "rlm_python";
  version = "1.1.0-rc.15";

@ -25,9 +31,15 @@ in stdenv.mkDerivation rec {
    cp -R rlm_python/{mods-available,sites-available} $out/etc/raddb/
  '';

-  phases = [ "unpackPhase" "patchPhase" "installPhase" ];
+  phases = [
+    "unpackPhase"
+    "patchPhase"
+    "installPhase"
+  ];

-  passthru = { inherit pythonPath; };
+  passthru = {
+    inherit pythonPath;
+  };

  preferLocalBuild = true;
 }