feat: Linting and formatting (#293)

* Remove .pre-commit-config.yaml

* Configure git hooks and formatters

* Apply new configured hooks

* Update gh workflow

* Code style

.config/ansible-lint.yml

@@ -1,3 +1,2 @@
----
 skip_list:
   - "name[template]"

.github/workflows/bump-flakes.yml

@@ -3,7 +3,6 @@ on:
   workflow_dispatch:
   schedule:
     - cron: '0 1 * * 5'
-
 jobs:
   lockfile:
     runs-on: ubuntu-latest

.github/workflows/nix-checks.yml

@@ -1,7 +1,5 @@
 name: Nix code analysis
-
 on: [push]
-
 jobs:
   deadnix:
     name: Deadnix

.github/workflows/pre-commit.yml

@@ -1,23 +1,19 @@
----
 name: CI
-
 on:
   pull_request:
   push:
     branches:
       - master
       - develop
-
 jobs:
-  pre-commit:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v3
-      - uses: pre-commit/[email protected]
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
+  # pre-commit:
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: actions/setup-python@v3
+  #     - uses: pre-commit/[email protected]
+  #       with:
+  #         repo-token: ${{ secrets.GITHUB_TOKEN }}
   check:
     runs-on: ubuntu-latest
     permissions:
@@ -31,5 +27,5 @@ jobs:
           extra-conf: |
             extra-platforms = aarch64-linux
       - uses: DeterminateSystems/magic-nix-cache-action@main
-      # - run: nix flake check
+      - run: nix flake check
       - run: nix flake show

.gitignore

@@ -1,3 +1,4 @@
 result
 .luarc.json
 .direnv
+.pre-commit-config.yaml

.sops.yaml

@@ -1,41 +1,40 @@
 keys:
   - users:
-    - &sebas_pgp 9AE57D3DE601A79560DD0F4B14F35C58A2191587
+      - &sebas_pgp 9AE57D3DE601A79560DD0F4B14F35C58A2191587
   - hosts:
-    - &pilsen age1jn9egcppvq5n5lus9lx63sh8maw77w3f23dqz67e8tk7e6dlvf2qes0djq
-    - &bock age13vhnxwmqlln7t6k8np3zsx59egu305nam9f3nqf962zcf7ll84gqzwmey4
-    - &weisse age1vett5c0wd2p5gzua6569nyu45s8tq3a4wd3jm93nml3d458nlvjs6yp7gv
-    - &elastic age1h0nqk3eneuz726km59keqrgew2q0zamcxr7hlumd8gjr5ppyv5fsaj6n7d
-    - &lambic age148m362lc6wyqwdd5jf6g6hmr79c4fpcwueqq3duczzsyv8mfkf7qmy8ks7
-
+      - &pilsen age1jn9egcppvq5n5lus9lx63sh8maw77w3f23dqz67e8tk7e6dlvf2qes0djq
+      - &bock age13vhnxwmqlln7t6k8np3zsx59egu305nam9f3nqf962zcf7ll84gqzwmey4
+      - &weisse age1vett5c0wd2p5gzua6569nyu45s8tq3a4wd3jm93nml3d458nlvjs6yp7gv
+      - &elastic age1h0nqk3eneuz726km59keqrgew2q0zamcxr7hlumd8gjr5ppyv5fsaj6n7d
+      - &lambic age148m362lc6wyqwdd5jf6g6hmr79c4fpcwueqq3duczzsyv8mfkf7qmy8ks7
 creation_rules:
   - path_regex: system/pilsen/secrets.yaml
     key_groups:
-    - age:
-      - *pilsen
-      pgp:
-      - *sebas_pgp
+      - age:
+          - *pilsen
+        pgp:
+          - *sebas_pgp
   - path_regex: system/bock/secrets.yaml
     key_groups:
-    - age:
-      - *bock
-      pgp:
-      - *sebas_pgp
+      - age:
+          - *bock
+        pgp:
+          - *sebas_pgp
   - path_regex: system/zaffarano-elastic/secrets.*
     key_groups:
-    - age:
-      - *elastic
-      pgp:
-      - *sebas_pgp
+      - age:
+          - *elastic
+        pgp:
+          - *sebas_pgp
   - path_regex: system/weisse/secrets.yaml
     key_groups:
-    - age:
-      - *weisse
-      pgp:
-      - *sebas_pgp
+      - age:
+          - *weisse
+        pgp:
+          - *sebas_pgp
   - path_regex: system/lambic/secrets.*
     key_groups:
-    - age:
-      - *lambic
-      pgp:
-      - *sebas_pgp
+      - age:
+          - *lambic
+        pgp:
+          - *sebas_pgp

README.md

@@ -8,79 +8,104 @@
 
 1. Create a ssh keypair for the target machine
 
-        # use a ramfs to not store the key in the disk
-        mkdir -p /tmp/pki/ram && sudo mount -t tmpfs -o size=10M tmpfs /tmp/pki/ram
-        mkdir -p /tmp/pki/ram/etc/ssh && cd /tmp/pki/ram/etc/ssh
-        ssh-keygen -t ed25519 -C <some comment> -f ssh_host_ed25519_key
-        ssh-keygen -t rsa -C <some comment> -f ssh_host_rsa_key
+   ```bash
+    # use a ramfs to not store the key in the disk
+    mkdir -p /tmp/pki/ram && sudo mount -t tmpfs -o size=10M tmpfs /tmp/pki/ram
+    mkdir -p /tmp/pki/ram/etc/ssh && cd /tmp/pki/ram/etc/ssh
+    ssh-keygen -t ed25519 -C <some comment> -f ssh_host_ed25519_key
+    ssh-keygen -t rsa -C <some comment> -f ssh_host_rsa_key
+   ```
+
 1. Generate an age recipient using the above public key (using the
-[ssh-to-age](https://github.com/Mic92/ssh-to-age) tool)
+   [ssh-to-age](https://github.com/Mic92/ssh-to-age) tool)
+
+   ```bash
+    ssh-to-age  -i ssh_host_ed25519_key.pub -o ssh_host_ed25519_key.pub.age
+    ssh-to-age -private-key  -i ssh_host_ed25519_key -o ssh_host_ed25519_key.age
+   ```
 
-        ssh-to-age  -i ssh_host_ed25519_key.pub -o ssh_host_ed25519_key.pub.age
-        ssh-to-age -private-key  -i ssh_host_ed25519_key -o ssh_host_ed25519_key.age
 1. Update the [.sops.yaml](./.sops.yaml) configuration file adding the age
    recipient.
+
 1. Generate secrets for this machine using both the root and your key
    recipients.  Example for the OS user:
 
-            # copy the following command output
-            openssl passwd -6
+   ```bash
+        # copy the following command output
+        openssl passwd -6
 
-            # Add or edit the secrets.yaml file
-            sops system/<machine-name>/secrets.yaml
+        # Add or edit the secrets.yaml file
+        sops system/<machine-name>/secrets.yaml
+   ```
 
 ### New machine configuration
 
 1. Based on an existent configuration, create a new one under the
    [system](./system), e.g., `./system/<machine-name>/default.nix`. Pay
-attention to the [Disko](https://github.com/nix-community/disko) configuration
-file to avoid any hard-to-recover mistakes.
+   attention to the [Disko](https://github.com/nix-community/disko) configuration
+   file to avoid any hard-to-recover mistakes.
+
 1. Same as above but with home-manager configurations, under [users](./users),
    e.g., `./users/<user-name>/<machine-name>.nix`
+
 1. Boot the new machine using
    [nixos-anywhere](https://github.com/nix-community/nixos-anywhere).
-Eventually, you would need to install rsync, `nix-env -iA nixos.rsync` in the
-target machine.
+   Eventually, you would need to install rsync, `nix-env -iA nixos.rsync` in the
+   target machine.
+
 1. Run nixos-anywhere in the host machine, including the SSH keys generated as
    preconditions.
 
-        tree /tmp/pki/ram
-        /tmp/pki/ram
-        └── etc
-            └── ssh
-                ├── ssh_host_ed25519_key
-                ├── ssh_host_ed25519_key.age.pub
-                └── ssh_host_ed25519_key.pub
+   ```bash
+    tree /tmp/pki/ram
+    /tmp/pki/ram
+    └── etc
+        └── ssh
+            ├── ssh_host_ed25519_key
+            ├── ssh_host_ed25519_key.age.pub
+            └── ssh_host_ed25519_key.pub
+
+    # copy the pub keys as part of the new machine's configuration
+    cp /tmp/pki/ram/etc/ssh/*pub ./system/<machine-name>
 
-        # copy the pub keys as part of the new machine's configuration
-        cp /tmp/pki/ram/etc/ssh/*pub ./system/<machine-name>
+    nix run github:nix-community/nixos-anywhere -- \
+        --flake .#<machine-name> \
+        --extra-files /tmp/pki/ram root@<new-machine-ip>
+   ```
 
-        nix run github:nix-community/nixos-anywhere -- \
-            --flake .#<machine-name> \
-            --extra-files /tmp/pki/ram root@<new-machine-ip>
 1. Once finished, login in to the new machine, clone the repo and run home-manager
 
-        ssh <user-name>@<new-machine-ip>
-        git clone https://github.com/szaffarano/nix-dotfiles .dotfiles
-        cd .dotfiles
-        home-manager switch --flake .
+   ```bash
+    ssh <user-name>@<new-machine-ip>
+    git clone https://github.com/szaffarano/nix-dotfiles .dotfiles
+    cd .dotfiles
+    home-manager switch --flake .
+   ```
 
 ### Raspberry Pi
 
 1. Build RPI image
 
-        nix build '.#nixosConfigurations.<name>.config.system.build.sdImage'
+   ```bash
+    nix build '.#nixosConfigurations.<name>.config.system.build.sdImage'
+   ```
 
-2. Flash the image
+1. Flash the image
 
-        unzstd result/sd-image/nixos-sd-image-....img.zst -c > nixos-sd-image.img
-        dd if=nixos-sd-image.img | pv | sudo dd of=/dev/mmcblk0 bs=64k
+   ```bash
+    unzstd result/sd-image/nixos-sd-image-....img.zst -c > nixos-sd-image.img
+    dd if=nixos-sd-image.img | pv | sudo dd of=/dev/mmcblk0 bs=64k
+   ```
 
-3. After booting, update the ssh keys
+1. After booting, update the ssh keys
 
-         # mount the NIXOS_SD partition
-         sudo cp /tmp/pki/ram/ssh/... /nixos/partition/etc/ssh/...
+   ```bash
+     # mount the NIXOS_SD partition
+     sudo cp /tmp/pki/ram/ssh/... /nixos/partition/etc/ssh/...
+   ```
 
-4. Remote deploy
+1. Remote deploy
 
-        nixos-rebuild switch --flake .#<name> --target-host sebas@<ip>  --use-remote-sudo
+   ```bash
+    nixos-rebuild switch --flake .#<name> --target-host sebas@<ip>  --use-remote-sudo
+   ```

ansible/README.md

@@ -6,6 +6,6 @@ Python 3 installed
 
 ## Supported Operating Systems
 
-- [X] Ubuntu 2022.04
-- [ ] Debian Bookworm
-- [ ] Archlinux
+- \[X\] Ubuntu 2022.04
+- \[ \] Debian Bookworm
+- \[ \] Archlinux

ansible/host_vars/dell.local.yml

@@ -1,4 +1,3 @@
----
 wakeup_devices:
   - id_vendor: "046d"
     id_product: "c52b"

ansible/linux.yml

@@ -1,4 +1,3 @@
----
 - name: Setup Linux Workstation
   gather_facts: true
   become: true
@@ -9,10 +8,10 @@
     - name: Load common variables
       ansible.builtin.include_vars:
         file: all.yml
-
     - name: Load a variable file based on the OS type
       ansible.builtin.include_vars: >
         {{ lookup('ansible.builtin.first_found', params) }}
+
       vars:
         params:
           files:

ansible/requirements.yml

@@ -1,4 +1,3 @@
----
 collections:
   - name: community.general
 roles:

ansible/roles/packages/defaults/main.yml

@@ -1,6 +1,4 @@
----
 user_home: "{{ lookup('env', 'HOME') }}"
-
 distro:
   is_debian: "{{ ansible_os_family == 'Debian' }}"
   is_arch: "{{ ansible_os_family == 'Archlinux' }}"

ansible/roles/packages/handlers/main.yml

@@ -1,4 +1,3 @@
----
 - name: Init yay db
   ansible.builtin.command:
     cmd: yay -Y --gendb

ansible/roles/packages/tasks/Archlinux.yml

@@ -1,28 +1,25 @@
----
 - name: Install Chaotic-AUR
   become: true
   vars:
     chaotic_base: "https://cdn-mirror.chaotic.cx/chaotic-aur"
   ansible.builtin.shell: |
-   pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com \
-    && pacman-key --lsign-key 3056513887B78AEB \
-    && pacman -U --noconfirm \
-      "{{ chaotic_base }}/chaotic-keyring.pkg.tar.zst" \
-      "{{ chaotic_base }}/chaotic-mirrorlist.pkg.tar.zst" \
-    && tee -a /etc/pacman.conf << EOF
-    [chaotic-aur]
-    Include = /etc/pacman.d/chaotic-mirrorlist
-    EOF
+    pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com \
+     && pacman-key --lsign-key 3056513887B78AEB \
+     && pacman -U --noconfirm \
+       "{{ chaotic_base }}/chaotic-keyring.pkg.tar.zst" \
+       "{{ chaotic_base }}/chaotic-mirrorlist.pkg.tar.zst" \
+     && tee -a /etc/pacman.conf << EOF
+     [chaotic-aur]
+     Include = /etc/pacman.d/chaotic-mirrorlist
+     EOF
   args:
     creates: "/etc/pacman.d/chaotic-mirrorlist"
-
 - name: Update Linux packages (Archlinux)
   community.general.pacman:
     update_cache: true
     upgrade: true
   when:
     - distro.is_arch
-
 - name: Install Linux packages (Archlinux)
   community.general.pacman:
     name: "{{ packages }}"

ansible/roles/packages/tasks/Debian.yml

@@ -1,4 +1,3 @@
----
 - name: Update Linux packages (Debian)
   ansible.builtin.apt:
     update_cache: true
@@ -8,7 +7,6 @@
     autoclean: true
   when:
     - distro.is_debian
-
 - name: Install Linux packages (Debian)
   ansible.builtin.apt:
     name: "{{ packages }}"