shell.nix

   1 let
   2   nixpkgs = import .lib/nix/nixpkgs.nix;
   3   pkgs = import nixpkgs {
   4     config   = {}; # Make the config pure, ignoring user's config.
   5     overlays = import .lib/nixpkgs-sourcephile/build/overlays.nix;
   6   };
   7   sourcephile-nix-build-modules =
   8     (import .lib/nixpkgs-sourcephile/build/modules.nix {
   9       inherit pkgs;
  10       inherit (pkgs) lib;
  11       modules = [ ( import build/modules.nix ) ];
  12     }).config;
  13   /*
  14   sourcephile-nix-build =
  15     pkgs.stdenv.mkDerivation {
  16       name = "sourcephile-nix-build";
  17       preferLocalBuild = true;
  18       allowSubstitutes = false;
  19       inherit (pkgs) coreutils;
  20       builder = pkgs.writeText "builder.sh" sourcephile-nix-build-modules.init.builder;
  21     };
  22   */
  23   sourcephile-nix-build =
  24     pkgs.buildEnv {
  25       name        = "sourcephile-nix-build";
  26       pathsToLink = [ "/bin" ];
  27       paths       = with sourcephile-nix-build-modules; [
  28         gnupg.init
  29         #gnupg.gpg-fingerprint
  30         #nix-plugins.nix-with-extra-builtins
  31       ];
  32     };
  33   nixos = pkgs.nixos {};
  34   nixos-generate-config = nixos.nixos-generate-config;
  35   nixos-install         = nixos.nixos-install;
  36   nixos-enter           = nixos.nixos-enter;
  37 in
  38 pkgs.stdenv.mkDerivation {
  39   name = "sourcephile-nix";
  40   src = null;
  41   #preferLocalBuild = true;
  42   #allowSubstitutes = false;
  43   buildInputs = [
  44     sourcephile-nix-build
  45     nixpkgs
  46     nixos-generate-config
  47     nixos-install
  48     nixos-enter
  49     #pkgs.binutils
  50     pkgs.coreutils
  51     pkgs.cryptsetup
  52     pkgs.curl
  53     #pkgs.direnv
  54     #pkgs.dnsutils
  55     #pkgs.dropbear
  56     pkgs.e2fsprogs
  57     pkgs.git
  58     pkgs.glibcLocales
  59     pkgs.gnumake
  60     pkgs.gnupg
  61     pkgs.htop
  62     #pkgs.inetutils
  63     pkgs.less
  64     pkgs.libfaketime
  65     #pkgs.mailutils
  66     pkgs.man
  67     pkgs.mdadm
  68     pkgs.gptfdisk
  69     pkgs.ncdu
  70     pkgs.ncurses
  71     pkgs.nixops
  72     #pkgs.openssl
  73     pkgs.pass
  74     pkgs.procps
  75     #pkgs.rxvt_unicode.terminfo
  76     #pkgs.sqlite
  77     pkgs.sqlite
  78     pkgs.sudo
  79     pkgs.tig
  80     pkgs.time
  81     #pkgs.tmux
  82     pkgs.tree
  83     pkgs.utillinux
  84     pkgs.vim
  85     #pkgs.virtualbox
  86     pkgs.which
  87     pkgs.xdg_utils
  88     pkgs.zfs
  89     pkgs.fio
  90     pkgs.strace
  91     #pkgs.zfstools
  92   ];
  93   #enableParallelBuilding = true;
  94   shellHook = ''
  95     echo >&2 "nix: running shellHook"
  96
  97     # nix
  98     export NIX_PATH="nixpkgs=${nixpkgs}:nixpkgs-sourcephile=$PWD/.lib/nixpkgs-sourcephile"
  99     #NIX_PATH+=":nixpkgs-overlays="$PWD"/install/overlays.nix"
 100     #NIX_PATH+=""
 101
 102     # executables
 103     PATH_NIX=$(dirname $(readlink -e ~/.nix-profile/bin/nix))
 104     PATH_NIXOS=/run/wrappers/bin
 105     PATH_FHS="$PWD"/.lib/nix/fhs-bin
 106     PATH_FHS_VBOX="$PWD"/.lib/fhs-vbox-bin
 107     export PATH="$PATH_NIXOS:$PATH_FHS_VBOX:$PATH_FHS:$PATH:$PATH_NIX"
 108     ln -sfn ${sourcephile-nix-build}/bin "$PWD"/.bin
 109
 110     # nix.conf
 111     export NIX_CONF_DIR="$PWD"/.config/nix
 112     install -D /dev/stdin "$PWD"/.config/nix/nix.conf <<-EOF
 113     auto-optimise-store = true
 114     plugin-files        = ${pkgs.nix-plugins}/lib/nix/plugins/libnix-extra-builtins.so
 115     extra-builtins-file = ${sourcephile-nix-build-modules.nix-plugins.extra-builtins}
 116     EOF
 117
 118     # NOTE: sudo needs to be own by root with the setuid bit,
 119     # but this won't be the case for the sudo provided by Nix outside NixOS,
 120     # hence the addition of $PATH_FHS in shellHook
 121     # to provide the host system's sudo.
 122     # WARNING: beware that sudo may reset the environment,
 123     # and especially PATH, to some system's default.
 124
 125     # locales
 126     export LANG=fr_FR.UTF-8
 127     export LC_CTYPE=fr_FR.UTF-8
 128
 129     # gnupg
 130     export GNUPGHOME="$PWD"/../sec/gnupg
 131     install -dm700 "$GNUPGHOME"
 132     export GPG_TTY=$(tty)
 133     gpgconf --launch gpg-agent
 134     export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
 135
 136     # password-store
 137     export PASSWORD_STORE_DIR="$PWD"/../sec/pass
 138
 139     # openssl
 140     export NIX_SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
 141     export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
 142
 143     # git
 144     gitdir="$PWD"/.git
 145     test ! -f "$gitdir" || while IFS=" :" read -r hdr gitdir; do [ "$hdr" != gitdir ] || break; done <"$gitdir"
 146     ln -fnsr \
 147      "$PWD"/.lib/git/hooks/prepare-commit-msg--longuest-common-prefix \
 148      "$gitdir"/hooks/prepare-commit-msg
 149
 150     # nixops
 151     #export NIXOPS_DEPLOYMENT="staging"
 152     export NIXOPS_STATE="$PWD"/.sec/nixops/state.nixops
 153     # Extend the Nix interpreter
 154     # to enable builtins.extraBuiltins,
 155     # which provides an unsafe exec useful to get secrets
 156     # from the local password-store.
 157     NIXOPS_OPTS+=" --show-trace"
 158     NIXOPS_OPTS+=" --option plugin-files ${pkgs.nix-plugins}/lib/nix/plugins/libnix-extra-builtins.so"
 159     NIXOPS_OPTS+=" --option extra-builtins-file ${sourcephile-nix-build-modules.nix-plugins.extra-builtins}"
 160     export NIXOPS_OPTS
 161
 162     # disnix
 163     #export DISNIXOS_USE_NIXOPS=1
 164     #export DISNIX_CLIENT_INTERFACE=disnix-nixops-client
 165     #export DISNIX_PROFILE=default
 166     #export DISNIX_TARGET_PROPERTY=hostname
 167     #export DYSNOMIA_STATEDIR="$PWD"/.sec/dysnomia
 168   '';
 169 }