style(treewide): Apply linter suggestions

feat(checks): Add linters
2025-05-20 20:42:08 +08:00 · 2025-05-20 20:37:05 +08:00
16 changed files with 115 additions and 65 deletions
--- a/checks/default.nix
+++ b/checks/default.nix
@ -0,0 +1,52 @@
+{
+  self,
+  nixpkgs,
+  deploy-rs,
+  system,
+  ...
+}:
+let
+  pkgs = nixpkgs.legacyPackages.${system};
+
+  runNuCheck =
+    {
+      name,
+      packages,
+      check,
+    }:
+    pkgs.stdenvNoCC.mkDerivation {
+      inherit name;
+
+      src = nixpkgs.lib.cleanSourceWith {
+        src = self;
+        filter = nixpkgs.lib.cleanSourceFilter;
+      };
+
+      dontPatch = true;
+      dontConfigure = true;
+      dontBuild = true;
+      dontInstall = true;
+      dontFixup = true;
+      doCheck = true;
+
+      checkInputs = nixpkgs.lib.singleton pkgs.nushell ++ packages;
+
+      checkPhase = ''
+        nu ${check}
+      '';
+    };
+in
+nixpkgs.lib.recursiveUpdate {
+  lints = runNuCheck {
+    name = "lints";
+
+    packages = [
+      pkgs.deadnix
+      pkgs.nixfmt-rfc-style
+      pkgs.shellcheck
+      pkgs.statix
+    ];
+
+    check = ./lints.nu;
+  };
+} (deploy-rs.lib.${system}.deployChecks self.deploy)
--- a/checks/lints.nu
+++ b/checks/lints.nu
@ -0,0 +1,39 @@
+#!/usr/bin/env nu
+
+let shell_files = ls **/*.sh | get name
+let nix_files = ls **/*.nix | where name !~ "hardware-configuration.nix|_sources" | get name
+
+let linters = [
+  ([shellcheck] ++ $shell_files)
+  ([nixfmt --check --strict] ++ $nix_files)
+  ([deadnix --fail] ++ $nix_files)
+  ([statix check] ++ $nix_files)
+]
+
+mkdir $env.out
+
+def run-linter [linterArgs: list<string>] {
+  print $'Running ($linterArgs.0)...'
+
+  let exit_code = try {
+    ^$linterArgs.0 ...($linterArgs | skip 1)
+    $env.LAST_EXIT_CODE
+  } catch {|e| $e.exit_code}
+
+  [$linterArgs.0, $exit_code]
+}
+
+let results = $linters | each {|linter| run-linter $linter}
+
+print 'Linter results:'
+
+let success = $results | each {|result|
+  match $result.1 {
+    0 => {print $'(ansi green)($result.0)(ansi reset)'}
+    _ => {print $'(ansi red)($result.0)(ansi reset)'}
+  }
+
+  $result.1
+} | math sum
+
+exit $success
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -1,7 +1,5 @@
 {
  config,
-  pkgs,
-  lib,
  modulesPath,
  flake-inputs,
  ...
@ -32,13 +30,7 @@
    ./sops.nix
  ];

-  nixpkgs.overlays = [
-    (final: prev: {
-      local = import ../pkgs {
-        pkgs = prev;
-      };
-    })
-  ];
+  nixpkgs.overlays = [ (_: prev: { local = import ../pkgs { pkgs = prev; }; }) ];

  nix = {
    extraOptions = ''
--- a/configuration/hardware-specific/vm.nix
+++ b/configuration/hardware-specific/vm.nix
@ -15,9 +15,7 @@

  systemd.network.networks."10-eth0" = {
    matchConfig.Name = "eth0";
-    gateway = [
-      "192.168.9.1"
-    ];
+    gateway = [ "192.168.9.1" ];
    networkConfig = {
      Address = "192.168.9.2/24";
    };
--- a/configuration/services/backups.nix
+++ b/configuration/services/backups.nix
@ -57,7 +57,7 @@ in
      '';
      type = types.attrsOf (
        types.submodule (
-          { config, name, ... }:
+          { name, ... }:
          {
            options = {
              user = lib.mkOption {
@ -246,7 +246,7 @@ in
        };
      }
      // lib.mapAttrs' (
-        name: backup:
+        name: _:
        lib.nameValuePair "backup-${name}" {
          wantedBy = [ "timers.target" ];
          timerConfig = {
--- a/configuration/services/conduit/matrix-hookshot.nix
+++ b/configuration/services/conduit/matrix-hookshot.nix
@ -74,9 +74,7 @@ in
  services.matrix-hookshot = {
    enable = true;

-    serviceDependencies = [
-      "conduit.service"
-    ];
+    serviceDependencies = [ "conduit.service" ];

    registrationFile = "/run/matrix-hookshot/registration.yaml";

@ -126,15 +124,11 @@ in
      listeners = [
        {
          port = 9000;
-          resources = [
-            "webhooks"
-          ];
+          resources = [ "webhooks" ];
        }
        {
          port = 9001;
-          resources = [
-            "metrics"
-          ];
+          resources = [ "metrics" ];
        }
      ];

--- a/configuration/services/crowdsec.nix
+++ b/configuration/services/crowdsec.nix
@ -8,9 +8,7 @@
  security.crowdsec = {
    enable = true;

-    parserWhitelist = [
-      "10.45.249.2"
-    ];
+    parserWhitelist = [ "10.45.249.2" ];

    extraGroups = [
      "systemd-journal"
@ -21,25 +19,19 @@
      {
        source = "journalctl";
        labels.type = "syslog";
-        journalctl_filter = [
-          "SYSLOG_IDENTIFIER=Nextcloud"
-        ];
+        journalctl_filter = [ "SYSLOG_IDENTIFIER=Nextcloud" ];
      }

      {
        source = "journalctl";
        labels.type = "syslog";
-        journalctl_filter = [
-          "SYSLOG_IDENTIFIER=sshd-session"
-        ];
+        journalctl_filter = [ "SYSLOG_IDENTIFIER=sshd-session" ];
      }

      {
        labels.type = "nginx";
        filenames =
-          [
-            "/var/log/nginx/*.log"
-          ]
+          [ "/var/log/nginx/*.log" ]
          ++ lib.mapAttrsToList (
            vHost: _: "/var/log/nginx/${vHost}/access.log"
          ) config.services.nginx.virtualHosts;
--- a/configuration/services/metrics/exporters.nix
+++ b/configuration/services/metrics/exporters.nix
@ -74,7 +74,7 @@ in
        listenAddress = "127.0.0.1";
        group = "nginx";

-        settings.namespaces = lib.mapAttrsToList (name: virtualHost: {
+        settings.namespaces = lib.mapAttrsToList (name: _: {
          inherit name;
          metrics_override.prefix = "nginxlog";
          namespace_label = "vhost";
--- a/configuration/services/metrics/options.nix
+++ b/configuration/services/metrics/options.nix
@ -38,7 +38,7 @@ in
    services.victoriametrics.scrapeConfigs = mkOption {
      type = types.attrsOf (
        types.submodule (
-          { name, self, ... }:
+          { name, ... }:
          {
            options = {
              job_name = mkOption {
@ -212,7 +212,7 @@ in

    services.victoriametrics.scrapeConfigs =
      let
-        allExporters = lib.mapAttrs (name: exporter: { inherit (exporter) listenAddress port; }) (
+        allExporters = lib.mapAttrs (_: exporter: { inherit (exporter) listenAddress port; }) (
          (lib.filterAttrs (
            name: exporter:
            # A bunch of deprecated exporters that need to be ignored
--- a/configuration/services/metrics/victorialogs.nix
+++ b/configuration/services/metrics/victorialogs.nix
@ -1,8 +1,4 @@
-{
-  config,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 let
  cfg = config.services.victorialogs;
 in
--- a/configuration/services/nextcloud.nix
+++ b/configuration/services/nextcloud.nix
@ -15,12 +15,12 @@ in
    package = nextcloud;
    phpPackage = lib.mkForce (
      pkgs.php.override {
-        packageOverrides = final: prev: {
+        packageOverrides = _: prev: {
          extensions = prev.extensions // {
-            pgsql = prev.extensions.pgsql.overrideAttrs (old: {
+            pgsql = prev.extensions.pgsql.overrideAttrs (_: {
              configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package}" ];
            });
-            pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (old: {
+            pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (_: {
              configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package}" ];
            });
          };
--- a/flake.nix
+++ b/flake.nix
@ -96,7 +96,7 @@
      #########
      # Tests #
      #########
-      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+      checks.${system} = import ./checks (inputs // { inherit system; });

      ###########################
      # Garbage collection root #
--- a/modules/crowdsec/default.nix
+++ b/modules/crowdsec/default.nix
@ -267,9 +267,7 @@ in
      };
    };

-    systemd.packages = [
-      cfg.package
-    ];
+    systemd.packages = [ cfg.package ];

    environment = {
      systemPackages = [
--- a/modules/crowdsec/remediations/cs-firewall-bouncer.nix
+++ b/modules/crowdsec/remediations/cs-firewall-bouncer.nix
@ -31,9 +31,7 @@ in
    security.crowdsec.remediationComponents.firewallBouncer.settings = {
      mode = lib.mkDefault "${if config.networking.nftables.enable then "nftables" else "iptables"}";
      log_mode = "stdout";
-      iptables_chains = [
-        "nixos-fw"
-      ];
+      iptables_chains = [ "nixos-fw" ];

      # Don't let users easily override this; unfortunately we need to
      # set up this key through substitution at runtime.
@ -78,9 +76,7 @@ in
          requiredBy = [ "crowdsec.service" ];

          path =
-            lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [
-              pkgs.ipset
-            ]
+            lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [ pkgs.ipset ]
            ++ lib.optional (cfg.settings.mode == "iptables") pkgs.iptables
            ++ lib.optional (cfg.settings.mode == "nftables") pkgs.nftables;
        };
--- a/modules/crowdsec/remediations/default.nix
+++ b/modules/crowdsec/remediations/default.nix
@ -1,5 +1 @@
-{
-  imports = [
-    ./cs-firewall-bouncer.nix
-  ];
-}
+{ imports = [ ./cs-firewall-bouncer.nix ]; }
--- a/pkgs/crowdsec/hub.nix
+++ b/pkgs/crowdsec/hub.nix
@ -1,4 +1 @@
-{
-  sources,
-}:
-sources.crowdsec-hub.src
+{ sources }: sources.crowdsec-hub.src
Author	SHA1	Message	Date
Tristan Daniël Maat	3e9f6f2b23	style(treewide): Apply linter suggestions	2025-05-20 20:42:08 +08:00
Tristan Daniël Maat	5192ec9633	feat(checks): Add linters	2025-05-20 20:37:05 +08:00