nix fmt

Reviewed-on: Luis/consulting-website#5

.envrc

@@ -3,3 +3,5 @@ if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
 fi
 
 use flake
+
+

.gitea/workflows/ui_assets.yaml

@@ -15,7 +15,7 @@ jobs:
         id: changed-files
         uses: tj-actions/changed-files@v32
         with:
-          fetch-depth: 2
+          fetch-depth: 0
 
       - name: Check if UI files are in the list of modified files
         run: |
@@ -35,8 +35,8 @@ jobs:
               export PATH=$PATH:$DEPS
 
               # Setup git config
-              git config --global user.email "ui-asset-bot@clan.lol"
+              git config --global user.email "$BOT_EMAIL"
-              git config --global user.name "ui-asset-bot"
+              git config --global user.name "$BOT_NAME"
 
               ################################################
               #                                              #
@@ -66,3 +66,5 @@ jobs:
         env:
           MODIFIED_FILES: ${{ steps.changed-files.outputs.modified_files }}
           GITEA_TOKEN: ${{ secrets.BOT_ACCESS_TOKEN }}
+          BOT_NAME: "ui-asset-bot"
+          BOT_EMAIL: "ui-asset-bot@gchq.icu"

README.md

@@ -1,9 +1,120 @@
-# clan.lol core
+# Website Template
 
-This is the monorepo of the clan.lol project
+This repository is a template to build high quality websites as a team.
-In here are all the packages we use, all the nixosModules we use/expose, the CLI and tests for everything.
+The frontend uses [React NextJS
+](https://nextjs.org/) and the backend uses Python with the [Fastapi framework](https://fastapi.tiangolo.com/). To ensure API compatibility between frontend and backend an `openapi.json` file is generated from the Python backend code, which defines the REST API. This `openapi.json` file is then fed into [Orval](https://orval.dev/), which generates Typescript bindings for the Rest API. To ensure code correctness, we use [mypy](https://mypy-lang.org/) to ensure the Python code is correctly statically typed, and [pytest](https://docs.pytest.org/en/7.4.x/) for backend tests. A Continuos Integration (CI) Bot, verifies the code with previously mentioned Quality Assurance (QA) tools and blocks Pull requests if any errors arise.
+For dependency management we use the [Nix package manager](https://nixos.org/) to ensure reproducibility.
 
-## cLAN config tool
+## Getting Started: Development Environment
 
-- The quickstart guide can be found here: [here](/clan/clan-core/src/branch/main/docs/quickstart.md)
+1. Install the Nix package manager by [downloading the nix installer](https://github.com/DeterminateSystems/nix-installer/releases) or executing this command:
-- Find the docs [here](/clan/clan-core/src/branch/main/docs/clan-config.md)
+
+```bash
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
+```
+
+2. Install direnv by [downloading the direnv package](https://direnv.net/docs/installation.html) or executing this command:
+
+```bash
+curl -sfL https://direnv.net/install.sh | bash
+```
+
+3. Clone the repository and cd into it
+4. You should see an error message reading like this:
+
+```bash
+direnv: error .envrc is blocked. Run `direnv allow` to approve its content
+```
+
+5. Execute `direnv allow` to allow automatically executing the shell script `.envrc` on entering the directory
+6. Go to `pkgs/clan-cli` and execute
+
+```bash
+direnv allow
+```
+
+Then wait for the backend to build  
+7. To start the backend server then execute:
+
+```
+clan webui --reload --no-open --log-level debug
+```
+
+The server will automatically restart if any Python file changes.  
+8. In a different shell go to `pkgs/ui` and execute
+
+```bash
+direnv allow
+```
+
+Then wait for the frontend to build.  
+9. To start the frontend, execute:
+
+```bash
+npm run dev
+```
+
+Visit the website by going to [http://localhost:3000](http://localhost:3000)
+
+## Getting started: Setup Git Workflow
+
+1. Register your Gitea account locally by executing
+
+```bash
+tea login add
+```
+
+You will then see a prompt, please fill it out like outlined below:
+
+```
+? URL of Gitea instance:  https://gitea.gchq.icu
+? Name of new Login [gitea.gchq.icu]:  gitea.gchq.icu:7171
+? Do you have an access token? No
+? Username:  MyUserName
+? Password:  **********
+? Set Optional settings: No
+```
+
+2. First add your changes to git:
+
+   1. `git add <file1> <file2>` your changes
+   2. Execute `nix fmt` to lint your files
+   3. `git commit -a -m "My descriptive commit message"`
+   4. Make sure your branch has the latest changes from upstream by executing:
+
+   ```bash
+   git fetch && git rebase origin/main --autostash
+   ```
+
+   5. Execute `git status` to see if you have a merge conflict.
+   6. If so edit the file and fix the conflict. Here is a tutorial how to do so in [vscode](https://code.visualstudio.com/docs/sourcecontrol/overview#_merge-conflicts)
+   7. Execute `git merge --continue` and repeat step 5 till there are no conflicts anymore
+
+3. To automatically open up a pull request, that gets merged if all tests pass execute:
+
+```bash
+merge-after-ci
+```
+
+4. Go to https://gitea.gchq.icu to the project page, and look under "Pull Requests" if there are any issues with it.
+5. If there are issues, fix them and redo step 2. Afterwards execute
+
+```
+git push origin HEAD:MyUserName-main
+```
+
+to directly push to your open pull request
+
+## Using this template
+
+Setup two new gitea accounts.
+One named `ui-asset-bot`, generate an access token for it with all access permissions and set under `settings/actions/secrets` a secret called `BOT_ACCESS_TOKEN` with the token.
+Also edit the file `.gitea/workflows/ui_assets.yaml` and change the `BOT_EMAIL` variable to the email you set for that account.
+The second account is called `merge-bot` edit the file `pkgs/merge-after-ci/default.nix`
+if the name should be different.
+Under Branches set the main branch to protected and add `merge-bot` to whitelisted users for pushing.
+Also set an unprotected file pattern to `**/ui-assets.nix`.
+Also set the option `Enable Status Check` to `build / test (pull_request)`
+Add `merge-bot` and `ui-asset-bot` as collaborators.
+Also set the option `Delete pull request branch after merge by default`
+Also the the default merge style to `Rebase then create merge commit`

checks/flake-module.nix

@@ -2,28 +2,16 @@
   imports = [
     ./impure/flake-module.nix
   ];
-  perSystem = { pkgs, lib, self', ... }: {
+  perSystem = { lib, self', ... }: {
     checks =
       let
-        nixosTestArgs = {
+
-          # reference to nixpkgs for the current system
-          inherit pkgs;
-          # this gives us a reference to our flake but also all flake inputs
-          inherit self;
-        };
-        nixosTests = lib.optionalAttrs (pkgs.stdenv.isLinux) {
-          # import our test
-          secrets = import ./secrets nixosTestArgs;
-        };
-        schemaTests = pkgs.callPackages ./schemas.nix {
-          inherit self;
-        };
 
         flakeOutputs = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) self.nixosConfigurations
           // lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages
           // lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells
           // lib.mapAttrs' (name: config: lib.nameValuePair "home-manager-${name}" config.activation-script) (self'.legacyPackages.homeConfigurations or { });
       in
-      nixosTests // schemaTests // flakeOutputs;
+      flakeOutputs;
   };
 }

checks/schema.nix

@@ -1,54 +0,0 @@
-{ self, lib, inputs, ... }:
-let
-  inherit (builtins)
-    mapAttrs
-    toJSON
-    toFile
-    ;
-  inherit (lib)
-    mapAttrs'
-    ;
-  clanLib = self.lib;
-  clanModules = self.clanModules;
-
-
-in
-{
-  perSystem = { pkgs, ... }:
-    let
-      baseModule = {
-        imports =
-          (import (inputs.nixpkgs + "/nixos/modules/module-list.nix"))
-          ++ [{
-            nixpkgs.hostPlatform = pkgs.system;
-          }];
-      };
-
-      optionsFromModule = module:
-        let
-          evaled = lib.evalModules {
-            modules = [ module baseModule ];
-          };
-        in
-        evaled.options.clan.networking;
-
-      clanModuleSchemas =
-        mapAttrs
-          (_: module: clanLib.jsonschema.parseOptions (optionsFromModule module))
-          clanModules;
-
-      mkTest = name: schema: pkgs.runCommand "schema-${name}" { } ''
-        ${pkgs.check-jsonschema}/bin/check-jsonschema \
-          --check-metaschema ${toFile "schema-${name}" (toJSON schema)}
-        touch $out
-      '';
-    in
-    {
-      checks = mapAttrs'
-        (name: schema: {
-          name = "schema-${name}";
-          value = mkTest name schema;
-        })
-        clanModuleSchemas;
-    };
-}

checks/schemas.nix

@@ -1,34 +0,0 @@
-{ self, runCommand, check-jsonschema, pkgs, lib, ... }:
-let
-  clanModules.clanCore = self.nixosModules.clanCore;
-
-  baseModule = {
-    imports =
-      (import (pkgs.path + "/nixos/modules/module-list.nix"))
-      ++ [{
-        nixpkgs.hostPlatform = "x86_64-linux";
-      }];
-  };
-
-  optionsFromModule = module:
-    let
-      evaled = lib.evalModules {
-        modules = [ module baseModule ];
-      };
-    in
-    evaled.options.clan;
-
-  clanModuleSchemas = lib.mapAttrs (_: module: self.lib.jsonschema.parseOptions (optionsFromModule module)) clanModules;
-
-  mkTest = name: schema: runCommand "schema-${name}" { } ''
-    ${check-jsonschema}/bin/check-jsonschema \
-      --check-metaschema ${builtins.toFile "schema-${name}" (builtins.toJSON schema)}
-      touch $out
-  '';
-in
-lib.mapAttrs'
-  (name: schema: {
-    name = "schema-${name}";
-    value = mkTest name schema;
-  })
-  clanModuleSchemas

checks/secrets/clan-secrets

@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-
-set -eux -o pipefail
-SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-export SOPS_AGE_KEY_FILE="${SCRIPT_DIR}/key.age"
-nix run .# -- secrets "$@"

checks/secrets/default.nix

@@ -1,21 +0,0 @@
-(import ../lib/test-base.nix) {
-  name = "secrets";
-
-  nodes.machine = { self, config, ... }: {
-    imports = [
-      (self.nixosModules.clanCore)
-    ];
-    environment.etc."secret".source = config.sops.secrets.secret.path;
-    environment.etc."group-secret".source = config.sops.secrets.group-secret.path;
-    sops.age.keyFile = ./key.age;
-
-    clanCore.clanDir = "${./.}";
-    clanCore.machineName = "machine";
-
-    networking.hostName = "machine";
-  };
-  testScript = ''
-    machine.succeed("cat /etc/secret >&2")
-    machine.succeed("cat /etc/group-secret >&2")
-  '';
-}

checks/secrets/key.age

@@ -1 +0,0 @@
-AGE-SECRET-KEY-1UCXEUJH6JXF8LFKWFHDM4N9AQE2CCGQZGXLUNV4TKR5KY0KC8FDQ2TY4NX

checks/secrets/sops/groups/group/machines/machine

@@ -1 +0,0 @@
-../../../machines/machine

checks/secrets/sops/machines/machine/key.json

@@ -1,4 +0,0 @@
-{
-  "publickey": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
-  "type": "age"
-}

checks/secrets/sops/secrets/group-secret/groups/group

@@ -1 +0,0 @@
-../../../groups/group

checks/secrets/sops/secrets/group-secret/secret

@@ -1,20 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:FgF3,iv:QBbnqZ6405qmwGKhbolPr9iobngXt8rtfUwCBOnmwRA=,tag:7gqI1zLVnTkZ0xrNn/LEkA==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArMHcxKzhUZzNHQmQrb28x\nRC9UMlZMeDN3S1l1eHdUWmV4VUVReHhhQ0RnCjAyUXVlY1FmclVmL2lEdFZuTmll\nVENpa3AwbjlDck5zdGdHUTRnNEdEOUkKLS0tIER3ZlNMSVFnRElkRDcxajZnVmFl\nZThyYzcvYUUvaWJYUmlwQ3dsSDdjSjgK+tj34yBzrsIjm6V+T9wTgz5FdNGOR7I/\nVB4fh8meW0vi/PCK/rajC8NbqmK8qq/lwsF/JwfZKDSdG0FOJUB1AA==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2023-09-03T12:44:56Z",
-		"mac": "ENC[AES256_GCM,data:d5a0WfE5ZRLKF1NZkBfOl+cVI8ZZHd2rC+qX/giALjyrzk09rLxBeY4lO827GFfMmVy/oC7ceH9pjv2O7ibUiQtcbGIQVBg/WP+dVn8fRMWtF0jpv9BhYTutkVk3kiddqPGhp3mpwvls2ot5jtCRczTPk3JSxN3B1JSJCmj9GfQ=,iv:YmlkTYFNUaFRWozO8+OpEVKaSQmh+N9zpatwUNMPNyw=,tag:mEGQ4tdo82qlhKWalQuufg==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.7.3"
-	}
-}

checks/secrets/sops/secrets/secret/machines/machine

@@ -1 +0,0 @@
-../../../machines/machine

checks/secrets/sops/secrets/secret/secret

@@ -1,20 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:bhxF,iv:iNs+IfSU/7EwssZ0GVTF2raxJkVlddfQEPGIBeUYAy8=,tag:JMOKTMW3/ic3UTj9eT9YFQ==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS0g4TEt4S09LQnFKdCtk\nZTlUQWhNUHZmcmZqdGtuZkhhTkMzZDVaWWdNCi9vNnZQeklNaFBBU2x0ditlUDR0\nNGJlRmFFb09WSUFGdEh5TGViTWtacFEKLS0tIE1OMWdQMHhGeFBwSlVEamtHUkcy\ndzI1VHRkZ1o4SStpekVNZmpQSnRkeUkKYmPS9sR6U0NHxd55DjRk29LNFINysOl6\nEM2MTrntLxOHFWZ1QgNx34l4rYIIXx97ONvR0SRpxN0ECL9VonQeZg==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2023-08-23T09:11:08Z",
-		"mac": "ENC[AES256_GCM,data:8z819mP4FJXE/ExWM1+/dhaXIXzCglhBuZwE6ikl/jNLUAnv3jYL9c9vPrPFl2by3wXSNzqB4AOiTKDQoxDx2SBQKxeWaUnOajD6hbzskoLqCCBfVx7qOHrk/BULcBvMSxBca4RnzXXoMFTwKs2A1fXqAPvSQd1X4gX6Xm9VXWM=,iv:3YxZX+gaEcRKDN0Kuf9y1oWL+sT/J5B/5CtCf4iur9Y=,tag:0dwyjpvjCqbm9vIrz6WSWQ==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.7.3"
-	}
-}

checks/secrets/sops/secrets/secret/users/admin

@@ -1 +0,0 @@
-../../../users/admin

checks/secrets/sops/users/admin/key.json

@@ -1,4 +0,0 @@
-{
-  "publickey": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
-  "type": "age"
-}

pkgs/clan-cli/README.md

@@ -56,15 +56,15 @@ Add this `launch.json` to your .vscode directory to have working breakpoints in
 
 ## Run locally single-threaded for debugging
 
-By default tests run in parallel using pytest-parallel.
+By default tests run in parallel using pytest-xdist.
-pytest-parallel however breaks `breakpoint()`. To disable it, use this:
+pytest-xdist however breaks `breakpoint()`. To disable it, use this:
 
 ```console
-pytest --workers "" -s
+pytest -n0 -s
 ```
 
 You can also run a single test like this:
 
 ```console
-pytest --workers "" -s tests/test_secrets_cli.py::test_users
+pytest -n0 -s tests/test_secrets_cli.py::test_users
 ```

pkgs/clan-cli/tests/test_webui.py

@@ -9,6 +9,11 @@ import pytest
 from ports import PortFunction
 
 
+@pytest.mark.impure
+def test_nothing_much() -> None:
+    pass
+
+
 @pytest.mark.timeout(10)
 def test_start_server(unused_tcp_port: PortFunction, temporary_home: Path) -> None:
     port = unused_tcp_port()

pkgs/flake-module.nix

@@ -10,6 +10,8 @@
     packages = {
       tea-create-pr = pkgs.callPackage ./tea-create-pr { };
 
+      #theme = pkgs.callPackage ./theme { inherit (self.inputs) floco; clanPkgs = self'.packages; };
+
       merge-after-ci = pkgs.callPackage ./merge-after-ci {
         inherit (config.packages) tea-create-pr;
       };

pkgs/merge-after-ci/default.nix

@@ -21,6 +21,6 @@ writeShellApplication {
     remoteName="''${1:-origin}"
     targetBranch="''${2:-main}"
     shift && shift
-    tea-create-pr "$remoteName" "$targetBranch" --assignees consulting-bot "$@"
+    tea-create-pr "$remoteName" "$targetBranch" --assignees merge-bot "$@"
   '';
 }

pkgs/ui/.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "search.exclude": {
+        "**/.direnv": true
+    }
+}

pkgs/ui/flake-module.nix

@@ -8,7 +8,7 @@
     {
       packages = {
         ui = base.pkg.global;
-        theme = base.pkg.theme;
+
         ui-assets = pkgs.callPackage ./nix/ui-assets.nix { };
         # EXAMPLE: GITEA_TOKEN=$(rbw get -f GITEA_TOKEN git.clan.lol) nix run .#update-ui-assets
         update-ui-assets = pkgs.callPackage ./nix/update-ui-assets.nix { };

pkgs/ui/nix/ui-assets.nix

@@ -1,5 +1,5 @@
 { fetchzip }:
 fetchzip {
-  url = "https://git.clan.lol/api/packages/clan/generic/ui/1xk9if1sykv2kcv3zn0dxn7gd7hlqjbhzz6hrsw0yiksf03skg9r/assets.tar.gz";
+  url = "https://gitea.gchq.icu/api/packages/ui-asset-bot/generic/ui/1inlxk1i9q87bw00zwqyvpm3m0hdgdffhxlymzgi5wvqn9syd0cm/assets.tar.gz";
-  sha256 = "1xk9if1sykv2kcv3zn0dxn7gd7hlqjbhzz6hrsw0yiksf03skg9r";
+  sha256 = "1inlxk1i9q87bw00zwqyvpm3m0hdgdffhxlymzgi5wvqn9syd0cm";
 }

pkgs/ui/nix/update-ui-assets.sh

@@ -3,8 +3,17 @@ set -xeuo pipefail
 
 # GITEA_TOKEN
 if [[ -z "${GITEA_TOKEN:-}" ]]; then
-  echo "GITEA_TOKEN is not set"
+  echo "GITEA_TOKEN is not set. Check if the secret BOT_ACCESS_TOKEN is set in the repository settings."
-  echo "Go to https://gitea.gchq.icu/user/settings/applications and generate a token"
+  exit 1
+fi
+
+if [[ -z "${BOT_NAME:-}" ]]; then
+  echo "Env var BOT_NAME is not set. Use the name of the bot user here."
+  exit 1
+fi
+
+if [[ -z "${GITHUB_SERVER_URL:-}" ]]; then
+  echo "Env var GITHUB_SERVER_URL is not set. Please use the Gitea base URL here."
   exit 1
 fi
 
@@ -22,10 +31,12 @@ nix build '.#ui' --out-link "$tmpdir/result"
 tar --transform 's,^\.,assets,' -czvf "$tmpdir/assets.tar.gz" -C "$tmpdir"/result/lib/node_modules/*/out .
 NAR_HASH=$(nix-prefetch-url --unpack file://<(cat "$tmpdir/assets.tar.gz"))
 
-owner=Luis
+owner=$BOT_NAME
-package_name=consulting-website
+package_name=ui
 package_version=$NAR_HASH
-url="https://gitea.gchq.icu/api/packages/$owner/generic/$package_name/$package_version/assets.tar.gz"
+baseurl=$GITHUB_SERVER_URL
+
+url="$baseurl/api/packages/$owner/generic/$package_name/$package_version/assets.tar.gz"
 set +x
 curl --upload-file "$tmpdir/assets.tar.gz" -X PUT "$url?token=$GITEA_TOKEN"
 set -x

pkgs/ui/src/components/join/vmBuildLogs.tsx

@@ -1,30 +0,0 @@
-"use client";
-import { useGetVmLogs } from "@/api/default/default";
-import { Log } from "./log";
-import { LoadingOverlay } from "./loadingOverlay";
-
-interface VmBuildLogsProps {
-  vmUuid: string;
-}
-export const VmBuildLogs = (props: VmBuildLogsProps) => {
-  const { vmUuid } = props;
-
-  const { data: logs, isLoading } = useGetVmLogs(vmUuid as string, {
-    swr: {
-      enabled: vmUuid !== null,
-    },
-    axios: {
-      responseType: "stream",
-    },
-  });
-
-  return (
-    <div className="w-full">
-      {isLoading && <LoadingOverlay title="Initializing" subtitle="" />}
-      <Log
-        lines={(logs?.data as string)?.split("\n") || ["..."]}
-        title="Building..."
-      />
-    </div>
-  );
-};