From b978c01af4ee6df457e068e3da4ea535019ae2c3 Mon Sep 17 00:00:00 2001 From: Lumpiasty Date: Sun, 1 Feb 2026 01:59:03 +0100 Subject: [PATCH] migrate from raw flake to devenv --- .envrc | 12 +++++ .gitignore | 12 ++++- .vscode/extensions.json | 4 +- .vscode/settings.json | 9 ---- flake.lock => devenv.lock | 102 +++++++++++++++++++++++++++++--------- devenv.nix | 59 ++++++++++++++++++++++ devenv.yaml | 20 ++++++++ flake.nix | 63 ----------------------- shell.nix | 15 ------ 9 files changed, 183 insertions(+), 113 deletions(-) create mode 100644 .envrc rename flake.lock => devenv.lock (54%) create mode 100644 devenv.nix create mode 100644 devenv.yaml delete mode 100644 flake.nix delete mode 100644 shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..cc5c18b --- /dev/null +++ b/.envrc @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +export DIRENV_WARN_TIMEOUT=20s + +eval "$(devenv direnvrc)" + +# `use devenv` supports the same options as the `devenv shell` command. +# +# To silence all output, use `--quiet`. +# +# Example usage: use devenv --quiet --impure --option services.postgres.enable:bool true +use devenv diff --git a/.gitignore b/.gitignore index 2803b81..42d8b00 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,12 @@ secrets.yaml -talos/generated \ No newline at end of file +talos/generated +# Devenv +.devenv* +devenv.local.nix +devenv.local.yaml + +# direnv +.direnv + +# pre-commit +.pre-commit-config.yaml diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 931f30e..c2b792c 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,7 +1,7 @@ { "recommendations": [ - "arrterian.nix-env-selector", "jnoortheen.nix-ide", - "detachhead.basedpyright" + "detachhead.basedpyright", + "mkhl.direnv" ] } diff --git a/.vscode/settings.json b/.vscode/settings.json index dbba6d1..dd4f691 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,13 +1,4 @@ { - "nixEnvSelector.nixFile": "${workspaceFolder}/shell.nix", - "terminal.integrated.profiles.linux": { - "Nix Shell": { - "path": "nix", - "args": ["develop"], - "icon": "terminal-linux" - } - }, - "terminal.integrated.defaultProfile.linux": "Nix Shell", "ansible.python.interpreterPath": "/bin/python", "python.defaultInterpreterPath": "${env:PYTHON_BIN}" } diff --git a/flake.lock b/devenv.lock similarity index 54% rename from flake.lock rename to devenv.lock index eaba385..600e051 100644 --- a/flake.lock +++ b/devenv.lock @@ -1,17 +1,34 @@ { "nodes": { - "flake-compat": { + "devenv": { "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "revCount": 69, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + "dir": "src/modules", + "lastModified": 1769881431, + "owner": "cachix", + "repo": "devenv", + "rev": "72d5e66e2dd5112766ef4c9565872b51094b542d", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.1.0.tar.gz" + "dir": "src/modules", + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" } }, "flake-utils": { @@ -20,7 +37,6 @@ }, "locked": { "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", @@ -32,6 +48,47 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769069492, + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762808025, + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "krew2nix": { "inputs": { "flake-utils": "flake-utils", @@ -42,11 +99,10 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1751765453, - "narHash": "sha256-tgo3BwFM2UUYQz6dVARztbj5AjKfz4exlPxnKLS/ZRg=", + "lastModified": 1769904483, "owner": "a1994sc", "repo": "krew2nix", - "rev": "11f66e65a0146645388eeab68b6212de0b732ed9", + "rev": "17d6ad3375899bd3f7d4d298481536155f3ec13c", "type": "github" }, "original": { @@ -57,11 +113,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751637120, - "narHash": "sha256-xVNy/XopSfIG9c46nRmPaKfH1Gn/56vQ8++xWA8itO4=", + "lastModified": 1769461804, "owner": "NixOS", "repo": "nixpkgs", - "rev": "5c724ed1388e53cc231ed98330a60eb2f7be4be3", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -73,15 +128,18 @@ }, "root": { "inputs": { - "flake-compat": "flake-compat", + "devenv": "devenv", + "git-hooks": "git-hooks", "krew2nix": "krew2nix", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "pre-commit-hooks": [ + "git-hooks" + ] } }, "systems": { "locked": { "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", "repo": "default", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", @@ -96,7 +154,6 @@ "systems_2": { "locked": { "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", "repo": "default", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", @@ -116,11 +173,10 @@ ] }, "locked": { - "lastModified": 1750931469, - "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", + "lastModified": 1769691507, "owner": "numtide", "repo": "treefmt-nix", - "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", + "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", "type": "github" }, "original": { diff --git a/devenv.nix b/devenv.nix new file mode 100644 index 0000000..98110a3 --- /dev/null +++ b/devenv.nix @@ -0,0 +1,59 @@ +{ pkgs, lib, config, inputs, ... }: + +let + # Python with hvac package + python = pkgs.python313.withPackages (python-pkgs: with python-pkgs; [ + hvac + ]); +in +{ + # Overlays - apply krew2nix to get kubectl with krew support + overlays = [ + inputs.krew2nix.overlay + ]; + + # Environment variables + env = { + GREET = "devenv"; + TALOSCONFIG = "${config.devenv.root}/talos/generated/talosconfig"; + EDITOR = "vim"; + RESTIC_REPOSITORY = "s3:https://s3.eu-central-003.backblazeb2.com/lumpiasty-backups"; + VAULT_ADDR = "https://openbao.lumpiasty.xyz:8200"; + PATH = "${config.devenv.root}/utils:${pkgs.coreutils}/bin"; + PYTHON_BIN = "${python}/bin/python"; + }; + + # Packages + packages = with pkgs; [ + python + vim gnumake + talosctl cilium-cli + kubectx k9s kubernetes-helm + (kubectl.withKrewPlugins (plugins: with plugins; [ + mayastor + openebs + ])) + ansible + fluxcd + restic + openbao + pv-migrate + ]; + + # Scripts + scripts.hello.exec = '' + echo hello from $GREET + ''; + + # Shell hooks + enterShell = '' + source ${pkgs.bash-completion}/share/bash-completion/bash_completion + echo "Environment ready!" + ''; + + # Tests + enterTest = '' + echo "Running tests" + git --version | grep --color=auto "${pkgs.git.version}" + ''; +} diff --git a/devenv.yaml b/devenv.yaml new file mode 100644 index 0000000..f9f252c --- /dev/null +++ b/devenv.yaml @@ -0,0 +1,20 @@ +# yaml-language-server: $schema=https://devenv.sh/devenv.schema.json +inputs: + nixpkgs: + url: github:NixOS/nixpkgs/nixos-unstable + krew2nix: + url: github:a1994sc/krew2nix + inputs: + nixpkgs: + follows: nixpkgs + +# If you're using non-OSS software, you can set allowUnfree to true. +# allowUnfree: true + +# If you're willing to use a package that's vulnerable +# permittedInsecurePackages: +# - "openssl-1.1.1w" + +# If you have more than one devenv you can merge them +#imports: +# - ./backend diff --git a/flake.nix b/flake.nix deleted file mode 100644 index e55c2b2..0000000 --- a/flake.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - - # Only to ease updating flake.lock, flake-compat is used by shell.nix - flake-compat.url = https://flakehub.com/f/edolstra/flake-compat/1.1.0.tar.gz; - - # Allows us to install krew plugins - krew2nix.url = "github:a1994sc/krew2nix"; - krew2nix.inputs.nixpkgs.follows = "nixpkgs"; - }; - - outputs = { self, nixpkgs, krew2nix, ... }: let - system = "x86_64-linux"; - in { - devShells."${system}".default = - let - pkgs = import nixpkgs { - overlays = [ krew2nix.overlay ]; - inherit system; - }; - python = (pkgs.python313.withPackages (python-pkgs: with python-pkgs; [ - hvac - ])); - in - pkgs.mkShell { - packages = with pkgs; [ - python - vim gnumake - talosctl cilium-cli - kubectx k9s kubernetes-helm - (kubectl.withKrewPlugins (plugins: with plugins; [ - mayastor - openebs - ])) - ansible - fluxcd - restic - openbao - pv-migrate - ]; - - shellHook = '' - # Get completions working - source ${pkgs.bash-completion}/share/bash-completion/bash_completion - - export TALOSCONFIG=$(pwd)/talos/generated/talosconfig - export EDITOR=vim - - export RESTIC_REPOSITORY=s3:https://s3.eu-central-003.backblazeb2.com/lumpiasty-backups - # export AWS_ACCESS_KEY_ID=? - # export AWS_SECRET_ACCESS_KEY=? - # export RESTIC_PASSWORD=? - export VAULT_ADDR=https://openbao.lumpiasty.xyz:8200 - - # Add scripts from utils subdir - export PATH="$PATH:$(pwd)/utils" - - export PYTHON_BIN=${python}/bin/python - ''; - }; - }; -} \ No newline at end of file diff --git a/shell.nix b/shell.nix deleted file mode 100644 index fccd2dc..0000000 --- a/shell.nix +++ /dev/null @@ -1,15 +0,0 @@ -# Needed for Nix Environment Selector -# https://github.com/edolstra/flake-compat/ -(import - ( - let - lock = builtins.fromJSON (builtins.readFile ./flake.lock); - nodeName = lock.nodes.root.inputs.flake-compat; - in - fetchTarball { - url = lock.nodes.${nodeName}.locked.url; - sha256 = lock.nodes.${nodeName}.locked.narHash; - } - ) - { src = ./.; } -).shellNix \ No newline at end of file