Filter encrypted files from linting

3 files changed, 26 insertions, 28 deletions

diff --git a/default.nix b/default.nix
index 7078a01..0c86c8e 100644
--- a/default.nix
+++ b/default.nix
@@ -29,10 +29,10 @@ in rec {
     ];
   };
   test = utils.test [
-    (utils.shellcheck null)
+    (utils.shellcheck ".*secrets/secret-envrc.sh.*")
     (utils.fixme null)
     (utils.shellEnvironmentBuild subtasks.shellBuildInputs)
-    utils.formatNix
+    (utils.formatNix ".*secrets/nix.*")
     subtasks.formatTerraform
   ];
   shell = utils.shellEnvironment subtasks.shellBuildInputs;
diff --git a/utils.nix b/utils.nix
index 5bcbb10..2c231d7 100644
--- a/utils.nix
+++ b/utils.nix
@@ -20,23 +20,26 @@
         touch $out
       '';
     });
-  formatNix = baseTask.overrideAttrs (baseAttrs: {
-    name = "${baseAttrs.name}-nixfmt";
-    buildInputs = baseAttrs.buildInputs ++ [ pkgs.nixfmt ];
-    buildPhase = ''
-      format() {
-        nix_file="$1"
-        diff <(nixfmt < "$nix_file") "$nix_file" || {
-          echo "The $nix_file is unformatted. To fix it, run:"
-          echo "  nixfmt $nix_file"
-          exit 1
+  formatNix = ignoredFindPattern:
+    baseTask.overrideAttrs (baseAttrs: rec {
+      name = "${baseAttrs.name}-nixfmt";
+      buildInputs = baseAttrs.buildInputs ++ [ pkgs.nixfmt ];
+      ignoredPattern =
+        if ignoredFindPattern == null then "" else ignoredFindPattern;
+      buildPhase = ''
+        format() {
+          nix_file="$1"
+          diff <(nixfmt < "$nix_file") "$nix_file" || {
+            echo "The $nix_file is unformatted. To fix it, run:"
+            echo "  nixfmt $nix_file"
+            exit 1
+          }
         }
-      }
-      export -f format
-      find . -type f -name '*.nix' -print0 | xargs -0 -I{} bash -c "format {}" \;
-      touch $out
-    '';
-  });
+        export -f format
+        find . -type f \( -name '*.nix' -and -regextype egrep ! -regex '${ignoredPattern}' \) -print0 | xargs -0 -I{} bash -c "format {}" \;
+        touch $out
+      '';
+    });
   fixme = ignoredFiles:
     baseTask.overrideAttrs (baseAttrs: rec {
       name = "${baseAttrs.name}-fixme";
diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix
index 6ffd900..2283449 100644
--- a/vps-configuration.env.nix
+++ b/vps-configuration.env.nix
@@ -25,10 +25,7 @@ in {
     interfaces.ens3.useDHCP = true;
   };
 
-  environment.systemPackages = with pkgs; [
-    vim
-    git
-  ];
+  environment.systemPackages = with pkgs; [ vim git ];
 
   networking.firewall.allowedTCPPorts = [ 80 443 22 ];
 
@@ -89,12 +86,10 @@ in {
     postgresql = {
       enable = true;
       ensureDatabases = [ "nextcloud" ];
-      ensureUsers = [
-        {
-          name = "nextcloud";
-          ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
-        }
-      ];
+      ensureUsers = [{
+        name = "nextcloud";
+        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
+      }];
     };
 
     gitweb = {