Merge branch 'flake_refactoring' into 'main'

refactor(flake): Massive flake refactoring with flake-parts.

See merge request garuda-linux/infra-nix!5

.ansible-lint

@@ -0,0 +1,3 @@
+---
+profile: production
+skip_list: [run-once, command-instead-of-module]

.envrc

@@ -0,0 +1 @@
+use nix shell.nix

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @garudalinux

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+---
+liberapay: garudalinux
+open_collective: garudalinux

.github/workflows/flake_check.yml

@@ -0,0 +1,21 @@
+---
+name: Run nix flake check
+on:
+  pull_request_target:
+    types: [labeled]
+  push:
+    branches: [main]
+jobs:
+  flake_check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@6a9a9e84a173d90b3ffb42c5ddaf9ea033fad011 # v23
+        with:
+          extra_nix_config: |
+            accept-flake-config = true
+            experimental-features = nix-command flakes
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+          nix_path: nixpkgs=channel:nixos-unstable
+      - name: Run nix flake check
+        run: nix flake check

.gitignore

@@ -1,6 +1,3 @@
 .direnv
-.envrc
+.pre-commit-config.yaml
 .vault_pass
-node_modules/
-package-lock.json
-package.json

.prettierignore

@@ -0,0 +1,4 @@
+.github/**
+flake.lock
+docker-compose/**
+secrets/**

.yamllint

@@ -0,0 +1,34 @@
+---
+yaml-files: ["*.yaml", "*.yml", .yamllint]
+rules:
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+    min-spaces-from-content: 1
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines: enable
+  empty-values: disable
+  float-values: disable
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    check-keys: false
+
+ignore: |
+  .pre-commit-config.yaml
+  secrets/*

devshell/flake-module.nix

@@ -0,0 +1,92 @@
+_:
+{
+  perSystem = { devShells, pkgs, ... }:
+    {
+      # The default development shell spawned by "nix develop"
+      devshells.default = {
+        commands = [
+          {
+            package = "pre-commit";
+            category = "formatter";
+          }
+          {
+            package = "manix";
+            category = "handbook";
+          }
+          {
+            name = "deploy";
+            category = "deployment";
+            command = ''
+              ansible-playbook playbooks/garuda.yml
+            '';
+          }
+          {
+            name = "apply";
+            category = "deployment";
+            command = ''
+              ansible-playbook playbooks/apply.yml
+            '';
+          }
+          {
+            name = "clean";
+            category = "tools";
+            command = ''
+              ansible-playbook playbooks/garbage_collect.yml
+            '';
+          }
+          {
+            name = "update";
+            category = "deployment";
+            command = ''
+              ansible-playbook playbooks/system_update.yml
+            '';
+          }
+          {
+            package = "nixpkgs-fmt";
+            category = "formatter";
+          }
+          {
+            package = "ansible";
+            category = "deployment";
+          }
+          {
+            package = "yamlfix";
+            category = "formatter";
+          }
+        ];
+        motd = ''
+          {202}🔨 Welcome to the Garuda infra-nix shell ❄️{reset}
+          $(type -p menu &>/dev/null && menu)
+        '';
+        name = "infra-nix";
+      };
+
+      # Pre-commit linters & formatters
+      pre-commit = {
+        check.enable = true;
+        devShell = devShells.default;
+        inherit pkgs;
+        settings = {
+          hooks = {
+            actionlint.enable = true;
+            ansible-lint.enable = true;
+            commitizen.enable = true;
+            deadnix.enable = true;
+            nil.enable = true;
+            nixpkgs-fmt.enable = true;
+            prettier.enable = true;
+            shellcheck.enable = true;
+            shfmt.enable = true;
+            statix.enable = true;
+            yamllint.enable = true;
+          };
+          settings.deadnix = {
+            edit = true;
+            hidden = true;
+            noLambdaArg = true;
+          };
+          src = ../.;
+        };
+      };
+    };
+}

nix/docker-compose/all-in-one/docker-compose.yml → docker-compose/all-in-one/docker-compose.yml

@@ -1,5 +1,5 @@
 ---
-version: '3.9'
+version: "3.9"
 services:
   # Garuda Cloud
   nextcloud_app:
@@ -40,7 +40,7 @@ services:
     environment:
       FF_SYNCSERVER_ACCESSLOG: true
       FF_SYNCSERVER_FORCE_WSGI_ENVIRON: true
-      FF_SYNCSERVER_FORWARDED_ALLOW_IPS: '*'
+      FF_SYNCSERVER_FORWARDED_ALLOW_IPS: "*"
       FF_SYNCSERVER_PUBLIC_URL: https://ffsync.garudalinux.org
       FF_SYNCSERVER_SECRET: ${FF_SYNCSERVER_SECRET:-?err}
       FF_SYNCSERVER_SQLURI: sqlite:////data/syncserver.db
@@ -181,7 +181,8 @@ services:
       MINUTES_BETWEEN_RUNS: 240
       NSFW: false
       POST_COUNT: 50
-      REMOTE_INSTANCES: '[ "beehaw.org", "lemmy.world", "lemmy.ml", "sh.itjust.works",
+      REMOTE_INSTANCES:
+        '[ "beehaw.org", "lemmy.world", "lemmy.ml", "sh.itjust.works",
         "lemmy.one" ]'
       SECONDS_AFTER_COMMUNITY_ADD: 17
     restart: unless-stopped
@@ -190,7 +191,8 @@ services:
   watchtower:
     image: containrrr/watchtower
     container_name: watchtower
-    command: --cleanup matrix_web matrix_admin wikijs mongodb homer privatebin bitwarden
+    command:
+      --cleanup matrix_web matrix_admin wikijs mongodb homer privatebin bitwarden
       thelounge syncserver nextcloud_app lemmy_seeder
     volumes: [/var/run/docker.sock:/var/run/docker.sock]
     restart: always

nix/docker-compose/github-runner/docker-compose.yml → docker-compose/github-runner/docker-compose.yml

@@ -1,5 +1,5 @@
 ---
-version: '3.9'
+version: "3.9"
 services:
   github-runner:
     image: myoung34/github-runner:latest

nix/docker-compose/proxied/docker-compose.yml → docker-compose/proxied/docker-compose.yml

@@ -1,5 +1,5 @@
 ---
-version: '3.9'
+version: "3.9"
 services:
   # Whoogle search engine
   whoogle:
@@ -38,7 +38,7 @@ services:
       BIND_ADDRESS: 0.0.0.0:8080
       HTTPS_PROXY: http://10.0.5.1:3128
       HTTP_PROXY: http://10.0.5.1:3128
-      NO_PROXY: '*.garudalinux.org'
+      NO_PROXY: "*.garudalinux.org"
       MORTY_KEY: ${SX_MORTY_KEY:-?err}
       MORTY_URL: https://searx.garudalinux.org/morty/
     cap_drop: [ALL]
@@ -77,7 +77,7 @@ services:
     image: thedaviddelta/lingva-translate:latest
     container_name: lingva
     environment:
-      DARK_THEME: 'true'
+      DARK_THEME: "true"
       DEFAULT_SOURCE_LANG: auto
       DEFAULT_TARGET_LANG: en
       HTTP_PROXY: http://10.0.5.1:3128
@@ -116,10 +116,11 @@ services:
         statistics_enabled: true
         use_pubsub_feeds: true
         use_quic: true
-      NO_PROXY: '*.lbry.com'
+      NO_PROXY: "*.lbry.com"
     ports: [3003:3000]
     healthcheck:
-      test: wget -nv --tries=1 --spider http://10.0.5.20:3003/api/v1/comments/jNQXAC9IVRw
+      test:
+        wget -nv --tries=1 --spider http://10.0.5.20:3003/api/v1/comments/jNQXAC9IVRw
         || exit 1
       interval: 30s
       timeout: 5s
@@ -154,7 +155,8 @@ services:
   piped_frontend:
     image: 1337kavin/piped-frontend:latest
     container_name: piped_frontend
-    entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/piped-api.garudalinux.org/g
+    entrypoint:
+      ash -c 'sed -i s/pipedapi.kavin.rocks/piped-api.garudalinux.org/g
       /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon
       off;"'
     environment:
@@ -204,7 +206,8 @@ services:
   watchtower:
     image: containrrr/watchtower
     container_name: watchtower
-    command: --cleanup piped_backend piped_frontend piped_proxy invidious searx lingva
+    command:
+      --cleanup piped_backend piped_frontend piped_proxy invidious searx lingva
       whoogle
     volumes: [/var/run/docker.sock:/var/run/docker.sock]
     restart: always