]> Git — Sourcephile - sourcephile-nix.git/blob - shell.nix
nix: shell: fix PASSWORD_STORE_DIR
[sourcephile-nix.git] / shell.nix
1 { inputs, pkgs, ... }:
2 let
3 # Configuration of shell/modules/
4 # to expand shellHook and buildInputs of this shell.nix
5 shellConfig = {config, ...}: {
6 imports = [
7 shell/gnupg.nix
8 ];
9 nix = {
10 nixConf = ''
11 auto-optimise-store = true
12 experimental-features nix-command flake
13 '';
14 };
15 gnupg = {
16 enable = true;
17 gnupgHome = "../sec/gnupg";
18 gpgExtraConf = ''
19 # julm@sourcephile.fr
20 trusted-key 0xB2450D97085B7B8C
21 default-key 0x4FE467034C11017B429BAC53A58CD81C3863926F
22 '';
23 gpgAgentExtraConf = ''
24 #pretend-request-origin remote
25 #extra-socket ${toString ./.}/S.gpg-agent.extra
26 #log-file ${toString ./.}/gpg-agent.log
27 #no-grab
28 #debug-level expert
29 #allow-loopback-pinentry
30 '';
31 };
32 /*
33 openssl = {
34 enable = true;
35 opensslHome = "../sec/openssl";
36 certificates = import shell/x509.nix;
37 };
38 */
39 openssh = {
40 enable = true;
41 sshConf = ''
42 Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr
43 Compression no
44 #CompressionLevel 4
45 ControlMaster auto
46 ControlPath .ssh-%h-%p-%r.socket
47 HashKnownHosts no
48 #SSAPIAuthentication no
49 SendEnv LANG LC_*
50 StrictHostKeyChecking yes
51 UserKnownHostsFile ${inputs.secrets + "/ssh/known_hosts"}
52 '';
53 };
54 virtualbox = {
55 enable = false;
56 };
57 };
58
59 # Using modules enables to separate specific configurations
60 # from reusable code in shell/modules.nix and shell/modules/
61 # which may find its way in another git repository one day.
62 shell = (pkgs.lib.evalModules {
63 modules = [
64 shellConfig
65 { config._module.args = { inherit inputs pkgs; }; }
66 ] ++ map import (pkgs.lib.findFiles ".*\\.nix" (inputs.shell + "/modules"));
67 }).config;
68
69 pwd = toString (./. + "");
70 sourcephile-shred-tmp = pkgs.writeShellScriptBin "sourcephile-shred-tmp" ''
71 # This is done when entering the nix-shell
72 # because direnv already hooks trap EXIT.
73 cd "${pwd}"
74 test ! -e sec/tmp || {
75 find sec/tmp -type f -exec shred -fu {} +
76 rm -rf sec/tmp
77 }
78 '';
79 in
80 pkgs.mkShell {
81 name = "sourcephile-nix";
82 src = null;
83 #preferLocalBuild = true;
84 #allowSubstitutes = false;
85 buildInputs = shell.nix-shell.buildInputs ++ [
86 sourcephile-shred-tmp
87 (pkgs.nixos []).nixos-generate-config
88 (pkgs.nixos []).nixos-install
89 (pkgs.nixos []).nixos-enter
90 #pkgs.binutils
91 pkgs.coreutils
92 pkgs.cryptsetup
93 pkgs.curl
94 #pkgs.direnv
95 pkgs.dnsutils
96 #pkgs.dropbear
97 pkgs.e2fsprogs
98 pkgs.git
99 pkgs.glibcLocales
100 pkgs.gnumake
101 pkgs.gnupg
102 pkgs.htop
103 #pkgs.inetutils
104 pkgs.ipcalc
105 #pkgs.iputils
106 pkgs.less
107 pkgs.libfaketime
108 pkgs.ldns
109 #pkgs.ldns.examples
110 #pkgs.mailutils
111 pkgs.man
112 pkgs.mdadm
113 pkgs.gptfdisk
114 pkgs.ncdu
115 pkgs.ncurses
116 #pkgs.nixops
117 #pkgs.openssl
118 pkgs.pass
119 pkgs.procps
120 pkgs.rsync
121 #pkgs.rxvt_unicode.terminfo
122 #pkgs.sqlite
123 pkgs.sqlite
124 #pkgs.sudo
125 pkgs.tig
126 pkgs.time
127 #pkgs.tmux
128 pkgs.tree
129 pkgs.utillinux
130 #pkgs.vim
131 #pkgs.virtualbox
132 pkgs.which
133 pkgs.xdg_utils
134 pkgs.fio
135 pkgs.strace
136 pkgs.utillinux
137 #pkgs.zfstools
138 pkgs.linuxPackages.perf
139 #pkgs.go2nix
140 pkgs.wireguard-tools
141 pkgs.stun
142 pkgs.mkpasswd
143 #pkgs.ubootTools
144 #pkgs.hydra-unstable
145 ];
146 #enableParallelBuilding = true;
147
148 GNUPGHOME = shell.gnupg.gnupgHome;
149 NIX_PATH = pkgs.lib.concatStringsSep ":" [
150 "nixpkgs=${pkgs.path}"
151 ("nixpkgs-overlays=" + pkgs.writeText "overlays.nix" ''
152 import ${inputs.self + "/nixpkgs/overlays.nix"} ++
153 import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
154 '')
155 ];
156
157 shellHook = ''
158 echo >&2 "nix: running shellHook"
159
160 # Since the .envrc calls this shellHook
161 # the EXIT trap cannot be freely used
162 # because it's already used by direnv,
163 # hence shred at startup, which is not ideal.
164 sourcephile-shred-tmp
165
166 ${shell.nix-shell.shellHook}
167
168 # gpg
169 export GPG_TTY=$(tty)
170 gpg-connect-agent updatestartuptty /bye >/dev/null
171
172 # pass
173 export PASSWORD_STORE_DIR="$PWD"/pass
174 '';
175 }