diff --git a/flake.lock b/flake.lock index a815cf6c..e82100a5 100644 --- a/flake.lock +++ b/flake.lock @@ -56,11 +56,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1685866647, - "narHash": "sha256-4jKguNHY/edLYImB+uL8jKPL/vpfOvMmSlLAGfxSrnY=", + "lastModified": 1689261696, + "narHash": "sha256-LzfUtFs9MQRvIoQ3MfgSuipBVMXslMPH/vZ+nM40LkA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a53a3bec10deef6e1cc1caba5bc60f53b959b1e8", + "rev": "df1eee2aa65052a18121ed4971081576b25d6b5c", "type": "github" }, "original": { diff --git a/modules/hooks.nix b/modules/hooks.nix index 947d30d7..be7425c4 100644 --- a/modules/hooks.nix +++ b/modules/hooks.nix @@ -1024,6 +1024,20 @@ in "${binPath} ${lib.optionalString write "--write"} ${lib.optionalString (output != null) "--${output}"} --ignore-unknown"; types = [ "text" ]; }; + pre-commit-hook-ensure-sops = { + name = "pre-commit-hook-ensure-sops"; + entry = + ## NOTE: pre-commit-hook-ensure-sops landed in nixpkgs on 8 July 2022. Once it reaches a + ## release of NixOS, the `throwIf` piece of code below will become + ## useless. + lib.throwIf + (tools.pre-commit-hook-ensure-sops == null) + "The version of nixpkgs used by pre-commit-hooks.nix does not have the `pre-commit-hook-ensure-sops` package. Please use a more recent version of nixpkgs." + '' + ${tools.pre-commit-hook-ensure-sops}/bin/pre-commit-hook-ensure-sops + ''; + files = lib.mkDefault "^secrets"; + }; hunspell = { name = "hunspell"; diff --git a/nix/tools.nix b/nix/tools.nix index 4ce494e7..fe8cbf19 100644 --- a/nix/tools.nix +++ b/nix/tools.nix @@ -41,6 +41,7 @@ , opam , ormolu , pkgsBuildBuild +, pre-commit-hook-ensure-sops ? null , python39Packages , ruff ? null , runCommand @@ -100,6 +101,7 @@ in nixpkgs-fmt opam ormolu + pre-commit-hook-ensure-sops revive ruff rustfmt