eric/nix-flake-lib
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add template

Browse Source
This commit is contained in:
eric
2026-03-04 05:07:26 +01:00
parent 765ad16b4f
commit e686663bd3
7 changed files with 164 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.pre-commit-config.yaml

9
.gitlint Normal file
View File

@@ -0,0 +1,9 @@
[general]
ignore=B6
[title-max-length]
line-length=72
[title-match-regex]
regex=^(feat|fix|chore|docs|refactor|test|ci)(\(.+\))?: .+

1
template/.envrc Normal file
View File

@@ -0,0 +1 @@
use flake

8
template/.gitignore vendored Normal file
View File

@@ -0,0 +1,8 @@
.direnv/
.pre-commit-config.yaml
bazel-*
build/
dist/
node_modules/

45
template/.gitleaks.toml Normal file
View File

@@ -0,0 +1,45 @@
# .gitleaks.toml
title = "gitleaks config"
[extend]
# extend the default ruleset rather than replacing it
useDefault = true
[allowlist]
description = "Global allowlist"
paths = [
# lock files often contain hashes that trip up gitleaks
'''flake\.lock''',
'''package-lock\.json''',
'''yarn\.lock''',
'''bun\.lockb''',
]
regexes = [
# nix store hashes
'''/nix/store/[a-z0-9]{32}-''',
]
[[rules]]
id = "generic-api-key-extended"
description = "Extended generic API key detection"
regex = '''(?i)(api[_-]?key|api[_-]?secret|access[_-]?token|auth[_-]?token)\s*[:=]\s*['"]?[a-zA-Z0-9_\-]{16,}['"]?'''
entropy = 3.5
tags = ["api", "key", "token"]
[[rules]]
id = "private-key-file"
description = "Private key files"
regex = '''-----BEGIN (RSA|EC|DSA|OPENSSH|PGP) PRIVATE KEY'''
tags = ["key", "private"]
[[rules]]
id = "environment-file"
description = "Committed .env files"
path = '''(^|/)\.env(\.[a-z]+)?$'''
regex = '''.+'''
tags = ["env"]
[rules.allowlist]
paths = [
# allow .env.example and .env.template
'''\.env\.(example|template|sample)$''',
]

8
template/.gitlint Normal file
View File

@@ -0,0 +1,8 @@
[general]
ignore=B6
[title-max-length]
line-length=72
[title-match-regex]
regex=^(feat|fix|chore|docs|refactor|test|ci)(\(.+\))?: .+

92
template/flake.nix Normal file
View File

@@ -0,0 +1,92 @@
# flake.nix — product repo template
{
description = "my-product";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
devshell-lib.url = "github:yourorg/devshell-lib";
devshell-lib.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
nixpkgs,
devshell-lib,
...
}:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{
devShells = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system; };
env = devshell-lib.lib.mkDevShell {
inherit system;
extraPackages = with pkgs; [
# add your tools here, e.g.:
# go
# bun
# rustc
];
features = {
# oxfmt = true; # enables oxfmt + oxlint from nixpkgs
};
formatters = {
# shfmt.enable = true;
# gofmt.enable = true;
};
formatterSettings = {
# shfmt.options = [ "-i" "2" "-s" "-w" ];
# oxfmt.includes = [ "*.ts" "*.tsx" "*.js" "*.json" ];
};
additionalHooks = {
# my-hook = {
# enable = true;
# entry = "${pkgs.some-tool}/bin/some-tool";
# pass_filenames = false;
# };
};
tools = [
# { name = "Bun"; bin = "${pkgs.bun}/bin/bun"; versionCmd = "--version"; color = "YELLOW"; }
# { name = "Go"; bin = "${pkgs.go}/bin/go"; versionCmd = "version"; color = "CYAN"; }
# { name = "Rust"; bin = "${pkgs.rustc}/bin/rustc"; versionCmd = "--version"; color = "YELLOW"; }
];
extraShellHook = ''
# any repo-specific shell setup here
'';
};
in
{
default = env.shell;
}
);
checks = forAllSystems (
system:
let
env = devshell-lib.lib.mkDevShell { inherit system; };
in
{
inherit (env) pre-commit-check;
}
);
formatter = forAllSystems (system: (devshell-lib.lib.mkDevShell { inherit system; }).formatter);
};
}