{ self, ... }: { perSystem = { inputs', lib, pkgs, ... }: let mkLint = { name, fileset, checkInputs ? [ ], script, }: pkgs.stdenvNoCC.mkDerivation { inherit name; src = lib.fileset.toSource { root = ../.; fileset = lib.fileset.difference fileset ( lib.fileset.fileFilter ( file: file.type != "regular" || file.name == "hardware-configuration.nix" ) ../. ); }; checkInputs = [ pkgs.nushell ] ++ checkInputs; checkPhase = '' nu -c '${script}' | tee $out ''; dontPatch = true; dontConfigure = true; dontBuild = true; dontInstall = true; dontFixup = true; doCheck = true; }; in { checks = { nix = mkLint { name = "nix-lints"; fileset = lib.fileset.fileFilter (file: file.hasExt "nix") ../.; checkInputs = lib.attrValues { inherit (pkgs) deadnix nixfmt-rfc-style; statix = pkgs.statix.overrideAttrs (old: { patches = old.patches ++ [ (pkgs.fetchpatch { url = "https://github.com/oppiliappan/statix/commit/925dec39bb705acbbe77178b4d658fe1b752abbb.patch"; hash = "sha256-0wacO6wuYJ4ufN9PGucRVJucFdFFNF+NoHYIrLXsCWs="; }) ]; }); }; script = /* bash */ '' statix check **/*.nix deadnix --fail **/*.nix nixfmt --check --strict **/*.nix ''; }; lockfile = mkLint { name = "nix-lockfile"; fileset = ../flake.lock; checkInputs = lib.attrValues { inherit (inputs'.flint.packages) flint; }; script = /* bash */ '' flint --fail-if-multiple-versions ''; }; } // self.nixosConfigurations.hetzner-1.config.serviceTests; }; }