]> Git — Sourcephile - sourcephile-nix.git/blob - shell/modules/tools/package-management/nix.nix
losurdo: acme: fix nftables and RFC2136_TSIG_SECRET_FILE
[sourcephile-nix.git] / shell / modules / tools / package-management / nix.nix
1 { pkgs, lib, config, ... }:
2 let
3 cfg = config.nix;
4 inherit (lib) types;
5 # Alternative which does not need to re-export envvars when called via sudo.
6 # But this is maybe more clear to just (re-)export envvars.
7 # And anyway, using NIX_CONF_DIR=${cfg.nixConf} directly does not work,
8 # maybe because of filesystem restriction access set by nix, I don't know.
9 /*
10 nix = pkgs.writeShellScriptBin "nix" ''
11 NIX_CONF_DIR=${cfg.nixConf} \
12 NIX_SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" \
13 SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" \
14 ${pkgs.nix}/bin/nix "$@"
15 '';
16 */
17 in
18 {
19 options.nix = {
20 enable = lib.mkEnableOption "nix";
21 nixConf = lib.mkOption {
22 type = types.lines;
23 apply = s: pkgs.writeText "nix.conf" s;
24 default = ''
25 auto-optimise-store = true
26 '';
27 description = ''
28 Nix's nix.conf content.
29 '';
30 };
31 };
32 config = lib.mkIf cfg.enable {
33 #nix-shell.buildInputs = [ nix ];
34 nix-shell.shellHook = ''
35 # nix
36 # NOTE: linking NIX_CONF_DIR directly to ${cfg.nixConf} does not work.
37 mkdir -p "$PWD"/.config/nix
38 ln -fns ${cfg.nixConf} "$PWD"/.config/nix/nix.conf
39 export NIX_CONF_DIR="$PWD"/.config/nix
40 export NIX_SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
41 export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
42 '';
43 };
44 }