shell/modules/development/libraries/nix-plugins.nix

   1 { config, lib, pkgs, ... }:
   2 with lib;
   3 let cfg = config.nix-plugins;
   4 in
   5 {
   6   options.nix-plugins = {
   7     enable = lib.mkEnableOption "nix-plugins";
   8     extra-builtins = mkOption {
   9       type = types.lines;
  10       default = ''
  11         pass         = path: exec [ "${config.nix-plugins.nix-pass}/bin/nix-pass" path ];
  12         pass-to-file = path: file: exec [ "${config.nix-plugins.nix-pass-to-file}/bin/nix-pass-to-file" path file ];
  13         git          = dir: args: exec ([ "${config.nix-plugins.nix-git}/bin/nix-git" (builtins.toPath dir) ] ++ args);
  14         git-time     = dir: path: exec [ "${config.nix-plugins.nix-git}/bin/nix-git" (builtins.toPath dir) "log" "-1" "--format=%ct" "--" path ];
  15       '';
  16       description = ''
  17         Content put in extra-builtins.nix for nix-plugins.
  18       '';
  19       apply = lines: pkgs.writeText "extra-builtins.nix" (''
  20         { exec, ... }:
  21         {
  22         '' + lines + ''
  23         }
  24         '');
  25     };
  26
  27     nix-with-extra-builtins = mkOption {
  28       type = types.str;
  29       apply = pkgs.writeShellScriptBin "nix-with-extra-builtins";
  30       default = ''
  31         ${pkgs.nix}/bin/nix \
  32          --option plugin-files ${pkgs.nix-plugins}/lib/nix/plugins/libnix-extra-builtins.so \
  33          --option extra-builtins-file ${cfg.extra-builtins} \
  34          "$@"
  35       '';
  36       description = ''
  37         Wrapper around nix to load extra-builtins.nix with nix-plugins.
  38       '';
  39     };
  40
  41     nix-pass = mkOption {
  42       type = types.str;
  43       apply = pkgs.writeShellScriptBin "nix-pass";
  44       default = ''
  45         set -e
  46         f=$(mktemp)
  47         trap "shred -u $f" EXIT
  48         ${pkgs.pass}/bin/pass show "$1" >$f
  49         nix-instantiate --eval -E "builtins.readFile $f"
  50       '';
  51       /*
  52         nix-store --add $f
  53       */
  54       /*
  55         set -o pipefail
  56         ${pkgs.pass}/bin/pass show "$1" |
  57         ${pkgs.gnused}/bin/sed \
  58          -e 's:\n:\\n:g;s:\r:\\r:g;s:\t:\\t:g;s:":\\":g;1s:^:":;$s:$:":;'
  59       */
  60       description = ''
  61         Wrapper around pass to call it with exec in extra-builtins.nix.
  62         Unfortunately it can only load secrets which can be represented as a Nix string,
  63         hence without null-byte and such special characters.
  64       '';
  65     };
  66
  67     nix-pass-to-file = mkOption {
  68       type = types.str;
  69       apply = pkgs.writeShellScriptBin "nix-pass-to-file";
  70       default = ''
  71         set -e
  72         set -o pipefail
  73         ${pkgs.pass}/bin/pass show "$1" |
  74         install -D -m 400 /dev/stdin "$2"
  75         printf '%s\n' "$PWD/$2"
  76       '';
  77       description = ''
  78         Wrapper around pass to call it with exec in extra-builtins.nix and put the output in a file.
  79         Needed for boot.initrd.network.ssh.host*Key.
  80       '';
  81     };
  82
  83     nix-git = mkOption {
  84       type = types.str;
  85       apply = pkgs.writeShellScriptBin "nix-git";
  86       default = ''
  87         cd "$1"; shift
  88         ${pkgs.git}/bin/git "$@"
  89       '';
  90       description = ''
  91         Wrapper around git to call it with exec in extra-builtins.nix.
  92       '';
  93     };
  94   };
  95 }