3 # Configuration of shell/modules/
4 # to expand shellHook and buildInputs of this shell.nix
5 shellConfig = {config, ...}: {
11 auto-optimise-store = true
12 experimental-features nix-command flake
17 gnupgHome = "../sec/gnupg";
20 trusted-key 0xB2450D97085B7B8C
21 default-key 0x4FE467034C11017B429BAC53A58CD81C3863926F
23 gpgAgentExtraConf = ''
24 #pretend-request-origin remote
25 #extra-socket ${toString ./.}/S.gpg-agent.extra
26 #log-file ${toString ./.}/gpg-agent.log
29 #allow-loopback-pinentry
35 opensslHome = "../sec/openssl";
36 certificates = import shell/x509.nix;
42 Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr
46 ControlPath .ssh-%h-%p-%r.socket
48 #SSAPIAuthentication no
50 StrictHostKeyChecking yes
51 UserKnownHostsFile ${inputs.secrets + "/ssh/known_hosts"}
59 # Using modules enables to separate specific configurations
60 # from reusable code in shell/modules.nix and shell/modules/
61 # which may find its way in another git repository one day.
62 shell = (pkgs.lib.evalModules {
65 { config._module.args = { inherit inputs pkgs; }; }
66 ] ++ map import (pkgs.lib.findFiles ".*\\.nix" (inputs.shell + "/modules"));
69 pwd = toString (./. + "");
70 sourcephile-shred-tmp = pkgs.writeShellScriptBin "sourcephile-shred-tmp" ''
71 # This is done when entering the nix-shell
72 # because direnv already hooks trap EXIT.
74 test ! -e sec/tmp || {
75 find sec/tmp -type f -exec shred -fu {} +
81 name = "sourcephile-nix";
83 #preferLocalBuild = true;
84 #allowSubstitutes = false;
85 buildInputs = shell.nix-shell.buildInputs ++ [
87 (pkgs.nixos []).nixos-generate-config
88 (pkgs.nixos []).nixos-install
89 (pkgs.nixos []).nixos-enter
121 #pkgs.rxvt_unicode.terminfo
138 pkgs.linuxPackages.perf
146 #enableParallelBuilding = true;
148 GNUPGHOME = shell.gnupg.gnupgHome;
149 NIX_PATH = pkgs.lib.concatStringsSep ":" [
150 "nixpkgs=${pkgs.path}"
151 ("nixpkgs-overlays=" + pkgs.writeText "overlays.nix" ''
152 import ${inputs.self + "/nixpkgs/overlays.nix"} ++
153 import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
158 echo >&2 "nix: running shellHook"
160 # Since the .envrc calls this shellHook
161 # the EXIT trap cannot be freely used
162 # because it's already used by direnv,
163 # hence shred at startup, which is not ideal.
164 sourcephile-shred-tmp
166 ${shell.nix-shell.shellHook}
169 export GPG_TTY=$(tty)
170 gpg-connect-agent updatestartuptty /bye >/dev/null
173 export PASSWORD_STORE_DIR="$PWD"/pass