diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..07fd338 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake . \ No newline at end of file diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml new file mode 100644 index 0000000..06c8715 --- /dev/null +++ b/.github/workflows/checks.yaml @@ -0,0 +1,14 @@ +name: checks + +on: + pull_request: + push: + branches: [main] + +jobs: + checks: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: DeterminateSystems/nix-installer-action@main + - run: nix flake check diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a4abc69 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.direnv +result +.pre-commit-config.yaml diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..a938185 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,214 @@ +# Contributing + +## Introduction + +This document outlines the process for updating the charter of the +Newcastle Cybersecurity Group (NCSG) using a pull request (PR) and approval +from another organiser, with all status checks configured to pass before +merging the changes. + +Additionally, it includes guidance on optionally +applying pre-commit hooks using Nix. Required code for +this process exists in the repository already and can be leveraged +to ensure consistent check processes as the status checks configured. + +## Change Process + +To propose changes to the charter, follow these steps: + +1. **Fork the Repository** + + - Fork the repository containing the NCSG charter to your own GitHub + account. + +2. **Create a New Branch** + + - Create a new branch on your forked repository. Use a descriptive name + for the branch related to the changes you are proposing. + +3. **Make Changes** + + - Make the necessary updates to the charter document in your branch. + Ensure that the changes comply with the guidelines outlined in the + charter update process. + +4. **Submit a Pull Request (PR)** + + - Once the changes are made, submit a PR from your branch to the main + repository's master branch. Provide a clear and concise description of + the proposed changes in the PR description. + +5. **Status Checks** + + - All status checks configured for the repository must pass before the PR + can be merged. These status checks may include automated tests, code + formatting checks, and other quality assurance measures. + +6. **Approval** + + - Request approval for your PR from an organiser of the NCSG. The + approving organiser should review the proposed changes to ensure they + align with the group's objectives and principles. + +7. **Address Feedback (if any)** + + - If any feedback or suggested modifications are provided during the + review process, address them promptly in your PR. Make the necessary + adjustments to the charter document as needed. + +8. **Merge PR** + + - Once the PR has been approved by another organiser and all status checks + are passing, the PR can be merged into the main repository's master + branch. + +9. **Update Documentation (if necessary)** + + - If significant changes were made to the charter, ensure that the + documentation outlining the update process is also updated accordingly. + +10. **Announce Changes** + - Communicate the approved changes to the NCSG members through + appropriate channels, such as group meetings, email, or messaging + platforms. + +## Status Checks + +The status checks applied on this repository match the +pre-commit controls applied via nix; you can avoid status failures +by ensuring you've checked locally ahead of time for any changes. + +Two paths exist to do this as described below depending on your +tooling preferences. + +## Using Pre-commit Hooks via Nix Natively (Optional) + +Using the pre-commit hooks from nix natively can be achieved by the below +steps: + +1. **Install Nix** + + - Utilise the most suitable method of installing nix for + your configuration. We'd recommend the [DeterminateSystems Installer](https://github.com/DeterminateSystems/nix-installer) + however a number of avenues exist. + +2. **Activate Ephemeral Shell** + + - Activate an ephemeral shell via the below command: + + ```sh + nix develop + ``` + + - Loading the above shell will generate a + `.pre-commit-config.yaml` file in the root of your repository + +3. **Run All Checks** + + - Running the following command will apply all checks: + + ```sh + nix flake check + ``` + + - Optionally, the ephemeral shell will include the `pre-commit` + tool also, run any of the following checks in isolation if you require: + + ```sh + pre-commit run actionlint + pre-commit run deadnix + pre-commit run nixfmt + pre-commit run prettier + pre-commit run statix + pre-commit run statix-write + pre-commit run typos + ``` + +4. **Commit Changes** + - Now, every time you commit changes to the repository, the pre-commit + hooks will automatically format and validate the charter document + according to the defined rules. + +## Using Pre-commit Hooks via Docker (Optional) + +Using the pre-commit hooks from docker can be achieved by the below +steps: + +1. **Pull Image** + + - Pull the latest nixpkgs flake image via the following command: + + ```sh + docker pull nixpkgs/nix-flakes:latest + ``` + +2. **Utilise Docker Image in Current Directory** + + - Enter the docker instance via the following command: + + ```sh + docker run --rm -it -v $(pwd):/tmp -w /tmp nixpkgs/nix-flakes:latest + ``` + +3. **Activate Ephemeral Shell** + + - Activate an ephemeral shell via the below command: + + ```sh + nix develop + ``` + + - Loading the above shell will generate a + `.pre-commit-config.yaml` file in the root of your repository + +4. **Run All Checks** + + - Running the following command will apply all checks: + + ```sh + nix flake check + ``` + + - Optionally, the ephemeral shell will include the `pre-commit` + tool also, run any of the following checks in isolation if you require: + + ```sh + pre-commit run actionlint + pre-commit run deadnix + pre-commit run nixfmt + pre-commit run prettier + pre-commit run statix + pre-commit run statix-write + pre-commit run typos + ``` + +5. **Commit Changes** + - Now, every time you commit changes to the repository, the pre-commit + hooks will automatically format and validate the charter document + according to the defined rules. + +## Shortcut Method + +For both the docker and nix routes, you can do the following commands +to run checks without some of the intermediate steps: + +### Nix + +```sh +nix flake check +``` + +### Docker + +```sh +docker run --rm -it -v $(pwd):/tmp -w /tmp nixpkgs/nix-flakes:latest nix flake check +``` + +## Conclusion + +Following this process ensures transparency, collaboration, and +accountability in updating the repository. + +By leveraging pull requests and approvals, along with rigorous status checks +and optional pre-commit hooks, the integrity and quality of the charter can be +maintained while accommodating necessary updates and improvements. diff --git a/ORGANISER_CHARTER.md b/ORGANISER_CHARTER.md new file mode 100644 index 0000000..31fc1d6 --- /dev/null +++ b/ORGANISER_CHARTER.md @@ -0,0 +1,95 @@ +# Charter for the Organizers of Newcastle Cybersecurity Group (NCSG) + +## Mission Statement + +The mission of the Newcastle Cybersecurity Group (NCSG) is to create a +collaborative and inclusive community for individuals interested in +cybersecurity, where members can share knowledge, learn from each other, and +stay updated on the latest developments in the field. + +## Purpose + +The purpose of this charter is to outline the responsibilities and +expectations of the organizers of the NCSG, ensuring their active involvement +in the success and growth of the group. + +## Organizer Responsibilities + +1. **Leadership** + + - Organizers are expected to provide leadership and guidance to the group, + fostering an environment of collaboration and mutual respect. + - They should lead by example, demonstrating professionalism and integrity + in all interactions within the group. + +2. **Event Planning and Coordination** + + - Organizers are responsible for planning and coordinating group meetings, + workshops, seminars, and other events. + - They should ensure that events are relevant, informative, and engaging + for group members, catering to a diverse range of interests and skill + levels within the cybersecurity field. + +3. **Communication** + + - Organizers must maintain regular communication with group members, + providing updates on upcoming events, relevant news, and opportunities + within the cybersecurity community. + - They should be responsive to inquiries and feedback from group members, + actively seeking input to improve the group's activities and offerings. + +4. **Knowledge Sharing** + + - Organizers should actively participate in knowledge sharing within the + group, contributing insights, resources, and expertise to facilitate + learning and growth among members. + - They should encourage collaboration and mentorship opportunities, + fostering a supportive environment for members to develop their skills + and advance their careers in cybersecurity. + +5. **Professional Development** + + - Organizers are encouraged to pursue ongoing professional development in + the field of cybersecurity, staying updated on emerging trends, + technologies, and best practices. + - They should leverage their knowledge and expertise to enhance the + quality and relevance of the group's activities and events. + +6. **Presentation Requirement** + - Organizers are required to deliver a presentation or workshop at least + once every two years, flexibly scheduled to accommodate their + availability and expertise. + - Presentations should cover topics relevant to cybersecurity, catering + to the interests and skill levels of group members. + - Organizers should use presentations as an opportunity to share their + knowledge, insights, and experiences with the group, fostering learning + and discussion amongst members. + +## Adherence as an Absolute Requirement + +All organizers are required to adhere strictly to the provisions of this +charter. Failure to fulfill their responsibilities as outlined may result in +reconsideration of their role within the NCSG. + +## Accountability + +Organizers are accountable to the members of the NCSG, as well as to each +other, for upholding the principles outlined in this charter. In the event of +any concerns or disputes, organizers should work together to resolve issues in +a fair and transparent manner, prioritizing the best interests of the group +and its members. + +## Adherence to Charter + +All organizers are expected to read, understand, and strictly adhere to the +provisions of this charter. Any proposed amendments or revisions to the +charter must be discussed and approved by the group's organizers, with input +from group members as appropriate. + +## Conclusion + +By committing to the principles outlined in this charter, the organizers of +the NCSG demonstrate their dedication to fostering a vibrant and supportive +community for cybersecurity professionals and enthusiasts. Through +collaborative efforts and shared expertise, the group will continue to thrive +and make valuable contributions to the cybersecurity landscape. diff --git a/README.md b/README.md new file mode 100644 index 0000000..c2560ee --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +# Newcastle Cybersecurity Group Charter Documents + +Welcome! + +This repository houses the charter documents for the Newcastle Cybersecurity +Group + +Please refer to the following documents: + +- [Organiser Charter](./ORGANISER_CHARTER.md) +- [Contributing Guide](./CONTRIBUTING.md) diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..44b4ec0 --- /dev/null +++ b/flake.lock @@ -0,0 +1,135 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": ["pre-commit-hooks", "nixpkgs"] + }, + "locked": { + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1707451808, + "narHash": "sha256-UwDBUNHNRsYKFJzyTMVMTF5qS4xeJlWoeyJf+6vvamU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "442d407992384ed9c0e6d352de75b69079904e4e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1704874635, + "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": ["flake-compat"], + "flake-utils": ["flake-utils"], + "gitignore": "gitignore", + "nixpkgs": ["nixpkgs"], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1707297608, + "narHash": "sha256-ADjo/5VySGlvtCW3qR+vdFF4xM9kJFlRDqcC9ZGI8EA=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "0db2e67ee49910adfa13010e7f012149660af7f0", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": "pre-commit-hooks" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b728091 --- /dev/null +++ b/flake.nix @@ -0,0 +1,80 @@ +{ + description = "NixOS/Darwin configurations"; + + inputs = { + flake-compat = { + flake = false; + url = "github:edolstra/flake-compat"; + }; + + flake-utils.url = "github:numtide/flake-utils"; + + nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + + pre-commit-hooks = { + inputs = { + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + nixpkgs.follows = "nixpkgs"; + }; + url = "github:cachix/pre-commit-hooks.nix"; + }; + }; + + outputs = { self, flake-utils, nixpkgs, pre-commit-hooks, ... }: + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { inherit system; }; + # The below packages are included in the ephemeral shell + # for convenience of the user. + packages = with pkgs; [ + deadnix + nil + nixfmt + nodePackages.prettier + statix + typos + ]; + in { + # Pre-commit hooks to enforce formatting, lining, find + # antipatterns and ensure they don't reach upstream + checks.pre-commit = pre-commit-hooks.lib.${system}.run { + src = self; + hooks = { + # Builtin hooks + actionlint.enable = true; + deadnix.enable = true; + nixfmt.enable = true; + prettier.enable = true; + statix.enable = true; + typos.enable = true; + + # Custom hooks + statix-write = { + enable = true; + entry = "${pkgs.statix}/bin/statix fix"; + files = "\\.nix$"; + language = "system"; + name = "Statix Write"; + pass_filenames = false; + }; + }; + + # Settings for builtin hooks, see also: https://github.com/cachix/pre-commit-hooks.nix/blob/master/modules/hooks.nix + settings = { + deadnix.edit = true; + nixfmt.width = 80; + prettier.write = true; + typos.locale = "en-au"; + }; + }; + + # Shell environments (applied to both nix develop and nix-shell via + # shell.nix in top level directory) + devShells.default = pkgs.mkShell { + name = "development-shell"; + inherit packages; + inherit (self.checks.${system}.pre-commit) shellHook; + }; + }); +} diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..fa2a56c --- /dev/null +++ b/shell.nix @@ -0,0 +1,6 @@ +(import (let lock = builtins.fromJSON (builtins.readFile ./flake.lock); +in fetchTarball { + url = + "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; +}) { src = ./.; }).shellNix