hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Use nix flake check for hooks, simplify module, remove apps

Browse Source
This commit is contained in:
Hektor Misplon
2026-02-05 17:26:54 +01:00
parent 4ac16cedc4
commit e5c8fb3d48
21 changed files with 1538 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
CI_HOOKS_SUMMARY.md Normal file
View File

@@ -0,0 +1,189 @@
# Declarative CI and Git Hooks - Summary
## What's New
### 1. GitHub Actions CI ✅
`.github/workflows/flake-check.yaml`
- Runs `nixfmt --check` on every push/PR
- Runs `nix flake check`
- Blocks merging if checks fail
### 2. Nix-Native Git Hooks ✅
`modules/git-hooks/default.nix`
- Hooks defined in `flake.nix` (pure Nix)
- Install automatically on `nixos-rebuild switch`
- Run on every git commit
## Usage
### Install Hooks (One-time per host)
```nix
# Add to hosts/<hostname>/default.nix
{
imports = [
# ... other modules
../../modules/git-hooks
];
services.git-hooks = {
enable = true;
# flake-path = /home/h/nix; # Optional, default
};
}
```
### Rebuild
```bash
sudo nixos-rebuild switch --flake .#andromache
# Output:
# 🪝 Installing git hooks...
# ✅ Done
```
### Now Hooks Work Automatically
```bash
git add .
git commit -m "changes" # Hooks run automatically
```
## Files
| File | Purpose |
|------|---------|
| `.github/workflows/flake-check.yaml` | CI pipeline |
| `modules/git-hooks/default.nix` | Auto-install module |
| `flake.nix` | Hook definitions |
| `.editorconfig` | Code style |
## Enable on Other Hosts
```nix
# hosts/<hostname>/default.nix
imports = [
# ... existing modules
../../modules/git-hooks # Add this
];
services.git-hooks.enable = true;
```
## Add More Hooks
Edit `flake.nix`:
```nix
checks.${system}.pre-commit-check.hooks = {
nixfmt-rfc-style.enable = true; # ✅ Already done
statix.enable = true; # ✅ Already done
deadnix.enable = true; # ✅ Already done
};
```
All Phase 1 hooks are now enabled!
## Testing
```bash
# 1. Rebuild to install hooks
sudo nixos-rebuild switch --flake .#andromache
# 2. Test hooks
git commit -m "test"
# 3. Test CI locally
nix run nixpkgs#nixfmt --check .
nix flake check
```
## Documentation
- `CI_HOOKS_SUMMARY.md` - This file
- `DRUPOL_INFRA_ANALYSIS.md` - Reference patterns
- `AWESOME_NIX_PLAN.md` - Future improvements
- `OPENCODE.md` - Tracking document
## Currently Enabled
| Host | Status | Config File |
|------|--------|--------------|
| andromache | ✅ Enabled | `hosts/andromache/default.nix` |
| astyanax | ✅ Enabled | `hosts/astyanax/default.nix` |
| hecuba | ✅ Enabled | `hosts/hecuba/default.nix` |
| eetion | ✅ Enabled | `hosts/eetion/default.nix` |
| vm | ✅ Enabled | `hosts/vm/default.nix` |
## Clean Slate Test (Astyanax)
```bash
# 1. Remove existing git hooks
rm -rf /home/h/nix/.git/hooks/*
ls -la /home/h/nix/.git/hooks/
# 2. Rebuild astyanax (installs hooks)
sudo nixos-rebuild switch --flake .#astyanax
# Expected output:
# 🪝 Installing git hooks...
# ✅ Done
# 3. Verify hooks were installed
ls -la /home/h/nix/.git/hooks/
# 4. Test hooks work
echo "broken { }" > /home/h/nix/test.nix
git add test.nix
git commit -m "test" # Should fail with nixfmt error
# 5. Clean up
rm /home/h/nix/test.nix
```
## Future Enhancements
### High Priority
- [x] Add statix hook (lint for antipatterns) ✅ Done
- [x] Add deadnix hook (find dead code) ✅ Done
- [x] Enable git-hooks on all hosts ✅ Done
- [ ] Add CI caching (speed up builds)
### Medium Priority
- [ ] Add automated flake.lock updates
- [ ] Add per-host CI checks
- [ ] Add nixos-rebuild tests in CI
## References
- [git-hooks.nix](https://github.com/cachix/git-hooks.nix)
- [nixfmt-rfc-style](https://github.com/NixOS/nixfmt)
- [drupol/infra analysis](DRUPOL_INFRA_ANALYSIS.md)
- [awesome-nix plan](AWESOME_NIX_PLAN.md)
- [OpenCode documentation](OPENCODE.md)
## Quick Reference
```bash
# Rebuild (installs hooks automatically)
sudo nixos-rebuild switch --flake .#<host>
# Verify hooks
ls -la /home/h/nix/.git/hooks/
# Test formatting
nixfmt .
# Check CI status
# https://github.com/hektor/nix/actions
```
## Key Points
**Fully declarative** - Hooks install on every rebuild
**No manual setup** - No `nix develop` needed
**No devShell** - Pure NixOS activation
**Reproducible** - Managed by flake.lock
**Host-aware** - Per-host configuration
**Idempotent** - Checks before installing