33 lines
1.7 KiB
Plaintext
33 lines
1.7 KiB
Plaintext
## Nix
|
|
|
|
## General Instructions
|
|
1. Do not use Nix flakes.
|
|
2. Always check if an option (https://search.nixos.org/options), a package (https://search.nixos.org/packages) or a function (https://noogle.dev/) exists before inventing one.
|
|
3. Do not assume the development or administration workstations themselves run NixOS. The development environment is more likely Debian Trixie.
|
|
4. Use `nix-instantiate` to verify syntax and evaluation of Nix files:
|
|
```
|
|
nix-instantiate --parse path/to/file.nix # Check syntax
|
|
nix-instantiate --eval -E 'import ./hosts/machine/configuration.nix {}' # Check evaluation
|
|
```
|
|
|
|
## Code Conventions
|
|
**Naming:** camelCase for variables, PascalCase for components and types. UPPER_CASE and "_" for shell environment variables.
|
|
**Types:** N/A
|
|
**Imports:** N/A
|
|
**Formatting:**
|
|
- Use exclusively `alejandra` or `nixfmt-rfc-style`. Never leave trailing whitespace.
|
|
- Prefer `inherit` for same-name variables.
|
|
- Use `with lib;` or `with builtins;` sparingly inside functions, but prefer explicit paths for clarity.
|
|
- Always declare arguments at the beginning of the file: `{ config, pkgs, lib, ... }:`.
|
|
**Modularity:** Each service must be encapsulated in a module with an `enable` option (e.g., `services.mon-service.enable = true;`).
|
|
|
|
## Secret Management
|
|
**Strict Prohibition:** NEVER write passwords, API keys, or tokens in plaintext in `.nix` files.
|
|
**Tool:** Use **agenix**.
|
|
|
|
## Specific Guidelines
|
|
1. **Never** expose passwords, API keys, or any secrets in plaintext. Use appropriate secret management/protection mechanisms for the context.
|
|
2. Prefer SSH keys for system authentication.
|
|
3. Limit line lengths to 78 printable characters.
|
|
4. Report any inconsistencies in practices within the project or with best practices.
|