]> Git — Sourcephile - sourcephile-nix.git/blob - .envrc
fix cleartext in /nix/store by using hashedPassword
[sourcephile-nix.git] / .envrc
1 # manual config
2 nix_version=2.3
3 nix_openpgp=B541D55301270E0BCF15CA5D8170B4726D7198DE
4 nixpkgs_channel=nixos-19.09-small
5 nixshell_sources=(shell.nix $(test ! -d shell || find shell -type f -not -name "*~" | sort))
6
7 # nix
8 if ! has nix || test "$(nix --version)" != "nix (Nix) $nix_version"
9 then log_status "installing Nix core tools"
10 if test ! -e .config/nix/install -o ! -e .config/nix/install.asc
11 then
12 mkdir -p .config/nix
13 (cd .config/nix; curl -OO https://nixos.org/releases/nix/nix-"$nix_version"/{install,install.asc})
14 gpg2 --keyserver hkp://keys.gnupg.net --recv-keys "$nix_openpgp"
15 fi
16 test -e ~/.nix-profile/etc/profile.d/nix.sh || {
17 gpg --verify .config/nix/install.asc
18 sh .config/nix/install
19 }
20 . ~/.nix-profile/etc/profile.d/nix.sh
21 fi
22
23 # nixpkgs
24 if test ! -e .config/nixpkgs-channel/$nixpkgs_channel.nix
25 then log_status "installing nixpkgs from $nixpkgs_channel (This may take some time. To update: delete .config/nixpkgs-channel/$nixpkgs_channel.nix)"
26 rev=$(curl -L https://nixos.org/channels/"$nixpkgs_channel"/git-revision | head -n1 | tr -dC 'a-z0-9')
27 sha256=$(nix-prefetch-url --unpack https://github.com/NixOS/nixpkgs-channels/archive/"$rev".tar.gz)
28 mkdir -p .config/nixpkgs-channel
29 echo >.config/nixpkgs-channel/$nixpkgs_channel.nix "builtins.fetchTarball {url=\"https://github.com/NixOS/nixpkgs-channels/archive/$rev.tar.gz\"; sha256=\"$sha256\";}"
30 else log_status "using nixpkgs from $nixpkgs_channel"
31 fi
32 watch_file .config/nixpkgs-channel/$nixpkgs_channel.nix
33 # Get the store path of this nixpkgs,
34 # it will not be registered as a root for the garbage-collector
35 # but will be preserved as long as it is used by shell.nix
36 # which itself will produce a registered derivation.
37 nixpkgs=$(nix-instantiate --eval .config/nixpkgs-channel/$nixpkgs_channel.nix)
38 nixpkgs=${nixpkgs#'"'}
39 nixpkgs=${nixpkgs%'"'}
40 export NIX_PATH="${NIX_PATH:+$NIX_PATH:}nixpkgs=$nixpkgs"
41
42 # nix-shell
43 has shasum || fail "shasum is needed to cache environment"
44 for e in "${nixshell_sources[@]}"
45 do watch_file "$e"; done
46 hash=$(for e in "${nixshell_sources[@]}"; do shasum -a 256 "$e"; done | shasum -a 256 | cut -c -64)
47 if test -e ".cache/nix-shell/${hash}/dump"
48 then log_status "reusing .cache/nix-shell/$hash/"
49 else log_status "building .cache/nix-shell/$hash/"
50 # Unregister previous derivations
51 rm -rf ".cache/nix-shell"
52 trap "rm -rf '$PWD/.cache/nix-shell'" EXIT
53 mkdir -p ".cache/nix-shell/$hash"
54 # Register the derivation as a root for the garbage-collector
55 nix-instantiate >/dev/null ./shell.nix \
56 --indirect --add-root .cache/nix-shell/"$hash"/shell.drv \
57 ${TRACE:+--show-trace} \
58 ${OFFLINE:+--option substituters ""}
59 nix-store >/dev/null \
60 --indirect --add-root .cache/nix-shell/"$hash"/shell.dep \
61 ${OFFLINE:+--option substituters ""} \
62 --realise $(nix-store --query --references .cache/nix-shell/"$hash"/shell.drv)
63 # Dump the environment from within the nix-shell
64 local dump
65 dump="$(mktemp .cache/nix-shell/dump-XXXXXXXX)"
66 if nix-shell ${TRACE:+--show-trace} --pure \
67 --run "$(command -v direnv) dump" >"$dump" \
68 ${OFFLINE:+--option substituters ""}
69 then mv -f "$dump" .cache/nix-shell/"$hash"/dump
70 else rm -f "$dump"; false
71 fi
72 trap "" EXIT
73 fi
74 # Load the cached environment
75 direnv_load cat .cache/nix-shell/"$hash"/dump