infrastructure/devenv.nix

34 lines
794 B
Nix

{ pkgs, lib, config, inputs, ... }:
{
languages.ansible.enable = true;
languages.opentofu.enable = true;
languages.python.enable = true;
languages.python.uv.enable = true;
languages.python.uv.sync.enable = true;
languages.python.venv.enable = true;
packages = [
pkgs.d2
pkgs.dnscontrol
pkgs.minio-client
];
enterShell = ''
set -a
eval "$(ansible-vault view .env)"
set +a
'';
git-hooks.hooks.ansible-lint.enable = true;
git-hooks.hooks.ansible-lint.verbose = true;
git-hooks.hooks.gitleaks = {
enable = true;
name = "Detect hardcoded secrets";
package = pkgs.gitleaks;
description = "Detect hardcoded secrets using Gitleaks";
entry = "gitleaks git --pre-commit --redact --staged --verbose";
pass_filenames = false;
};
}