-
Notifications
You must be signed in to change notification settings - Fork 94
/
Copy pathdevshells.nix
119 lines (109 loc) · 3.62 KB
/
devshells.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
{lib, ...}: {
perSystem = {
config,
pkgs,
system,
...
}: {
devshells.default = {
commands = [
{
name = "fmt";
category = "linting";
help = "Format this project's code";
command = ''
exec ${config.treefmt.build.wrapper}/bin/treefmt "$@"
'';
}
{
name = "mkdotcert";
category = "maintenance";
help = "Generate the DNS-over-TLS keypair for use in system testing";
command = let
inherit (config.checks.update-systemd-resolved.nodes) resolver;
in ''
export CAROOT="''${PRJ_ROOT:-.}/nix"
${pkgs.mkcert}/bin/mkcert -install || exit
${pkgs.mkcert}/bin/mkcert \
-cert-file "''${CAROOT}/resolver.crt" \
-key-file "''${CAROOT}/resolver.key" \
${resolver.networking.hostName} \
${resolver.networking.hostName}.${resolver.networking.domain}
'';
}
{
name = "mkanchor";
category = "maintenance";
help = "Fetch DNSSEC root anchors and translate them to dnsmasq format";
command = let
unsupported = lib.elem system [
"armv6l-linux"
"armv7l-linux"
"powerpc64le-linux"
"riscv64-linux"
];
in
(lib.optionalString (!unsupported) ''
${pkgs.xidel}/bin/xidel \
--input-format xml \
--output-format json-wrapped \
-e 'for $kd in //TrustAnchor/KeyDigest return string-join((//TrustAnchor/Zone, $kd/KeyTag, $kd/Algorithm, $kd/DigestType, $kd/Digest), ",")' \
https://data.iana.org/root-anchors/root-anchors.xml \
| ${pkgs.jq}/bin/jq flatten > "''${PRJ_ROOT}/nix/trust-anchor.json"
'')
+ (lib.optionalString unsupported ''
printf 1>&2 -- '%s: sorry, this command is unsupported on system `%s`\n' \
"''${0##*/}" ${lib.escapeShellArg system}
exit 1
'');
}
{
name = "mkoptdocs";
category = "maintenance";
help = "Generate NixOS module options documentation";
command = ''
docs="$(${pkgs.nix}/bin/nix "$@" build --print-out-paths --no-link "''${PRJ_ROOT}#docs")" || exit
seen=0
while read -r path; do
seen="$((seen + 1))"
if [ "$seen" -gt 1 ]; then
printf 1>&2 -- 'error: more than one output path...\n'
exit 1
fi
install -Dm0644 "$path" "''${PRJ_ROOT}/docs/nixos-modules.md"
done <<DOCS
$docs
DOCS
'';
}
];
devshell = {
packagesFrom = [config.packages.update-systemd-resolved];
};
};
treefmt = {
programs.alejandra.enable = true;
programs.shellcheck.enable = true;
programs.shfmt.enable = true;
settings.formatter.shellcheck = {
includes = [
"update-systemd-resolved"
"run-tests"
"tests"
];
};
settings.formatter.shfmt = {
inherit (config.treefmt.settings.formatter.shellcheck) includes;
# XXX This duplicates settings in `.editorconfig`, as at the moment the
# `shfmt` process launched by `treefmt` doesn't seem to pick up on the
# settings in `.editorconfig`.
options = [
"-case-indent"
"-space-redirects"
];
};
flakeFormatter = true;
projectRootFile = "flake.nix";
};
};
}