]> Git — Sourcephile - sourcephile-nix.git/blob - shell/modules/development/libraries/nix-plugins.nix
mermet: add unlock target.
[sourcephile-nix.git] / shell / modules / development / libraries / nix-plugins.nix
1 { config, lib, pkgs, ... }:
2 let cfg = config.nix-plugins;
3 inherit (lib) types;
4
5 # Wrapper around nix to load extra-builtins.nix with nix-plugins.
6 nix-with-extra-builtins = pkgs.writeShellScriptBin "nix-with-extra-builtins" ''
7 ${pkgs.nix}/bin/nix \
8 --option plugin-files ${pkgs.nix-plugins}/lib/nix/plugins/libnix-extra-builtins.so \
9 --option extra-builtins-file ${cfg.extra-builtins} \
10 "$@"
11 '';
12
13 # Wrapper around pass to call it with exec in extra-builtins.nix.
14 # Unfortunately it can only load secrets which can be represented as a Nix string,
15 # hence without null-byte and such special characters.
16 nix-pass = pkgs.writeShellScriptBin "nix-pass" ''
17 set -e
18 f=$(mktemp)
19 trap "shred -u $f" EXIT
20 ${pkgs.pass}/bin/pass show "$1" >$f
21 nix-instantiate --eval -E "builtins.readFile $f"
22 '';
23 /*
24 nix-store --add $f
25 */
26 /*
27 set -o pipefail
28 ${pkgs.pass}/bin/pass show "$1" |
29 ${pkgs.gnused}/bin/sed \
30 -e 's:\n:\\n:g;s:\r:\\r:g;s:\t:\\t:g;s:":\\":g;1s:^:":;$s:$:":;'
31 */
32
33 # Wrapper around pass to call it with exec in extra-builtins.nix and put the output in a file.
34 # Needed for boot.initrd.network.ssh.host*Key.
35 nix-pass-to-file = pkgs.writeShellScriptBin "nix-pass-to-file" ''
36 set -e
37 set -o pipefail
38 ${pkgs.pass}/bin/pass show "$1" |
39 install -D -m 400 /dev/stdin "$2"
40 printf '%s\n' "$PWD/$2"
41 '';
42
43 # Wrapper around git to call it with exec in extra-builtins.nix.
44 nix-git = pkgs.writeShellScriptBin "nix-git" ''
45 cd "$1"; shift
46 ${pkgs.git}/bin/git "$@"
47 '';
48 in
49 {
50 options.nix-plugins = {
51 enable = lib.mkEnableOption "nix-plugins";
52 extra-builtins = lib.mkOption {
53 type = types.lines;
54 default = ''
55 pass = path: exec [ "${nix-pass}/bin/nix-pass" path ];
56 pass-to-file = path: file: exec [ "${nix-pass-to-file}/bin/nix-pass-to-file" path file ];
57 git = dir: args: exec ([ "${nix-git}/bin/nix-git" (builtins.toPath dir) ] ++ args);
58 git-time = dir: path: exec [ "${nix-git}/bin/nix-git" (builtins.toPath dir) "log" "-1" "--format=%ct" "--" path ];
59 '';
60 description = ''
61 Content put in extra-builtins.nix for nix-plugins.
62 '';
63 apply = lines: pkgs.writeText "extra-builtins.nix" (''
64 { exec, ... }:
65 {
66 '' + lines + ''
67 }
68 '');
69 };
70 };
71 config = lib.mkIf cfg.enable {
72 nix.enable = true;
73 nix.nixConf = ''
74 plugin-files = ${pkgs.nix-plugins}/lib/nix/plugins/libnix-extra-builtins.so
75 extra-builtins-file = ${cfg.extra-builtins}
76 '';
77 };
78 }