From e686663bd3dd2f50d3b784f74e9627a3ccc2736d Mon Sep 17 00:00:00 2001 From: eric Date: Wed, 4 Mar 2026 05:07:26 +0100 Subject: [PATCH] feat: add template --- .gitignore | 1 + .gitlint | 9 ++++ template/.envrc | 1 + template/.gitignore | 8 ++++ template/.gitleaks.toml | 45 ++++++++++++++++++++ template/.gitlint | 8 ++++ template/flake.nix | 92 +++++++++++++++++++++++++++++++++++++++++ 7 files changed, 164 insertions(+) create mode 100644 .gitignore create mode 100644 .gitlint create mode 100644 template/.envrc create mode 100644 template/.gitignore create mode 100644 template/.gitleaks.toml create mode 100644 template/.gitlint create mode 100644 template/flake.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1c6f3fa --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.pre-commit-config.yaml \ No newline at end of file diff --git a/.gitlint b/.gitlint new file mode 100644 index 0000000..2a32b35 --- /dev/null +++ b/.gitlint @@ -0,0 +1,9 @@ +[general] +ignore=B6 + + +[title-max-length] +line-length=72 + +[title-match-regex] +regex=^(feat|fix|chore|docs|refactor|test|ci)(\(.+\))?: .+ \ No newline at end of file diff --git a/template/.envrc b/template/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/template/.envrc @@ -0,0 +1 @@ +use flake diff --git a/template/.gitignore b/template/.gitignore new file mode 100644 index 0000000..2f88ca4 --- /dev/null +++ b/template/.gitignore @@ -0,0 +1,8 @@ +.direnv/ +.pre-commit-config.yaml + +bazel-* +build/ +dist/ + +node_modules/ \ No newline at end of file diff --git a/template/.gitleaks.toml b/template/.gitleaks.toml new file mode 100644 index 0000000..ea27ccc --- /dev/null +++ b/template/.gitleaks.toml @@ -0,0 +1,45 @@ +# .gitleaks.toml +title = "gitleaks config" + +[extend] +# extend the default ruleset rather than replacing it +useDefault = true + +[allowlist] +description = "Global allowlist" +paths = [ + # lock files often contain hashes that trip up gitleaks + '''flake\.lock''', + '''package-lock\.json''', + '''yarn\.lock''', + '''bun\.lockb''', +] +regexes = [ + # nix store hashes + '''/nix/store/[a-z0-9]{32}-''', +] + +[[rules]] +id = "generic-api-key-extended" +description = "Extended generic API key detection" +regex = '''(?i)(api[_-]?key|api[_-]?secret|access[_-]?token|auth[_-]?token)\s*[:=]\s*['"]?[a-zA-Z0-9_\-]{16,}['"]?''' +entropy = 3.5 +tags = ["api", "key", "token"] + +[[rules]] +id = "private-key-file" +description = "Private key files" +regex = '''-----BEGIN (RSA|EC|DSA|OPENSSH|PGP) PRIVATE KEY''' +tags = ["key", "private"] + +[[rules]] +id = "environment-file" +description = "Committed .env files" +path = '''(^|/)\.env(\.[a-z]+)?$''' +regex = '''.+''' +tags = ["env"] +[rules.allowlist] + paths = [ + # allow .env.example and .env.template + '''\.env\.(example|template|sample)$''', + ] \ No newline at end of file diff --git a/template/.gitlint b/template/.gitlint new file mode 100644 index 0000000..a76e65b --- /dev/null +++ b/template/.gitlint @@ -0,0 +1,8 @@ +[general] +ignore=B6 + +[title-max-length] +line-length=72 + +[title-match-regex] +regex=^(feat|fix|chore|docs|refactor|test|ci)(\(.+\))?: .+ \ No newline at end of file diff --git a/template/flake.nix b/template/flake.nix new file mode 100644 index 0000000..8730a26 --- /dev/null +++ b/template/flake.nix @@ -0,0 +1,92 @@ +# flake.nix — product repo template +{ + description = "my-product"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + devshell-lib.url = "github:yourorg/devshell-lib"; + devshell-lib.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = + { + self, + nixpkgs, + devshell-lib, + ... + }: + let + supportedSystems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + in + { + devShells = forAllSystems ( + system: + let + pkgs = import nixpkgs { inherit system; }; + env = devshell-lib.lib.mkDevShell { + inherit system; + + extraPackages = with pkgs; [ + # add your tools here, e.g.: + # go + # bun + # rustc + ]; + + features = { + # oxfmt = true; # enables oxfmt + oxlint from nixpkgs + }; + + formatters = { + # shfmt.enable = true; + # gofmt.enable = true; + }; + + formatterSettings = { + # shfmt.options = [ "-i" "2" "-s" "-w" ]; + # oxfmt.includes = [ "*.ts" "*.tsx" "*.js" "*.json" ]; + }; + + additionalHooks = { + # my-hook = { + # enable = true; + # entry = "${pkgs.some-tool}/bin/some-tool"; + # pass_filenames = false; + # }; + }; + + tools = [ + # { name = "Bun"; bin = "${pkgs.bun}/bin/bun"; versionCmd = "--version"; color = "YELLOW"; } + # { name = "Go"; bin = "${pkgs.go}/bin/go"; versionCmd = "version"; color = "CYAN"; } + # { name = "Rust"; bin = "${pkgs.rustc}/bin/rustc"; versionCmd = "--version"; color = "YELLOW"; } + ]; + + extraShellHook = '' + # any repo-specific shell setup here + ''; + }; + in + { + default = env.shell; + } + ); + + checks = forAllSystems ( + system: + let + env = devshell-lib.lib.mkDevShell { inherit system; }; + in + { + inherit (env) pre-commit-check; + } + ); + + formatter = forAllSystems (system: (devshell-lib.lib.mkDevShell { inherit system; }).formatter); + }; +}