prepare sops and auto fmt devshell hooks

2026-03-13 17:19:02 +01:00 · 2026-03-13 17:19:02 +01:00 · dee37a55e2
commit dee37a55e2
parent 9466ab3656
8 changed files with 205 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@ -18,6 +18,10 @@
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    git-hooks = {
+      url = "github:cachix/git-hooks.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs =
@ -28,6 +32,7 @@
      mailserver,
      disko,
      sops,
+      git-hooks,
    }:
    let
      sshkeys = [
@ -38,6 +43,39 @@
    in
    rec {
      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
+
+      devShells.x86_64-linux.default =
+        let
+          pkgs = nixpkgs.legacyPackages.x86_64-linux;
+          pre-commit-check = git-hooks.lib.x86_64-linux.run {
+            src = ./.;
+            hooks = {
+              nixfmt-rfc-style.enable = true;
+            };
+          };
+        in
+        pkgs.mkShell {
+          # Import GPG keys from keys directory
+          sopsPGPKeyDirs = [
+            "${toString ./.}/keys/hosts"
+            "${toString ./.}/keys/users"
+          ];
+
+          # Isolate sops GPG keys to .git/gnupg (optional)
+          # sopsCreateGPGHome = true;
+
+          shellHook = ''
+            ${pre-commit-check.shellHook}
+          '';
+
+          nativeBuildInputs = [
+            sops.packages.x86_64-linux.sops-import-keys-hook
+          ];
+
+          buildInputs = pre-commit-check.enabledPackages ++ [
+            pkgs.sops
+          ];
+        };
      packages.x86_64-linux =
        builtins.foldl'
          (
@ -47,7 +85,13 @@
              # run nixos-rebuild switch on the target system
              # the config will be built locally and copied over
              "${name}-update" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "update" ''
-                nixos-rebuild switch --flake .#${name} --target-host root@${(builtins.head (nixosConfigurations.${name}.config.networking.interfaces.${builtins.head (builtins.attrNames nixosConfigurations.${name}.config.networking.interfaces)}.ipv4.addresses)).address}
+                nixos-rebuild switch --flake .#${name} --target-host root@${
+                  (builtins.head (
+                    nixosConfigurations.${name}.config.networking.interfaces.${
+                      builtins.head (builtins.attrNames nixosConfigurations.${name}.config.networking.interfaces)
+                    }.ipv4.addresses
+                  )).address
+                }
              '';
            }
          )