shell/modules/tools/package-management/nix.nix

   1 { pkgs, lib, config, ... }:
   2 let cfg = config.nix;
   3     inherit (lib) types;
   4     # Alternative which does not need to re-export envvars when called via sudo.
   5     # But this is maybe more clear to just (re-)export envvars.
   6     # And anyway, using NIX_CONF_DIR=${cfg.nixConf} directly does not work,
   7     # maybe because of filesystem restriction access set by nix, I don't know.
   8     /*
   9     nix = pkgs.writeShellScriptBin "nix" ''
  10       NIX_CONF_DIR=${cfg.nixConf} \
  11       NIX_SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" \
  12       SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" \
  13       ${pkgs.nix}/bin/nix "$@"
  14     '';
  15     */
  16 in
  17 {
  18   options.nix = {
  19     enable = lib.mkEnableOption "nix";
  20     nixConf = lib.mkOption {
  21       type = types.lines;
  22       apply = s: pkgs.writeText "nix.conf" s;
  23       default = ''
  24         auto-optimise-store = true
  25       '';
  26       description = ''
  27         Nix's nix.conf content.
  28       '';
  29     };
  30   };
  31   config = lib.mkIf cfg.enable {
  32     #nix-shell.buildInputs = [ nix ];
  33     nix-shell.shellHook = ''
  34       # nix
  35       # NOTE: linking NIX_CONF_DIR directly to ${cfg.nixConf} does not work.
  36       mkdir -p "$PWD"/.config/nix
  37       ln -fns ${cfg.nixConf} "$PWD"/.config/nix/nix.conf
  38       export NIX_CONF_DIR="$PWD"/.config/nix
  39       export NIX_SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
  40       export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
  41     '';
  42   };
  43 }