ssh: StrictHostKeyChecking=yes

[sourcephile-nix.git] / shell.nix

let
  nixpkgs = import .lib/nix/nixpkgs.nix;
  pkgs = import nixpkgs {
    config   = {}; # Make the config pure, ignoring user's config.
    overlays = import ./overlays.nix;
  };
  nixos = pkgs.nixos {};

  # Configuration of shell/modules/
  configuration = {config, ...}: {
    imports = [
    ];
    nix = {
      nixConf = ''
        auto-optimise-store = true
      '';
    };
    nix-plugins = {
      enable = true;
    };
    gnupg = {
      enable = true;
      gnupgHome = toString ../sec/gnupg;
      keys = import shell/gnupg/keys.nix;
    };
    openssh = {
      enable = true;
      sshConf = ''
        HashKnownHosts no
        StrictHostKeyChecking yes
        UserKnownHostsFile ${builtins.toString .ssh/known_hosts}
      '';
    };
  };

  # Using modules enables to separate specific configurations
  # from reusable code in shell/modules.nix and shell/modules/
  # which may find its way in another git repository one day.
  modules =
    (import shell/modules.nix {
      inherit pkgs;
      inherit (pkgs) lib;
      modules = [ configuration ];
    }).config;
in
pkgs.stdenv.mkDerivation {
  name = "sourcephile-nix";
  src = null;
  #preferLocalBuild = true;
  #allowSubstitutes = false;
  buildInputs = modules.nix-shell.buildInputs ++ [
    nixpkgs
    nixos.nixos-generate-config
    nixos.nixos-install
    nixos.nixos-enter
    #pkgs.binutils
    pkgs.coreutils
    pkgs.cryptsetup
    pkgs.curl
    #pkgs.direnv
    #pkgs.dnsutils
    #pkgs.dropbear
    pkgs.e2fsprogs
    pkgs.git
    pkgs.glibcLocales
    pkgs.gnumake
    pkgs.gnupg
    pkgs.htop
    #pkgs.inetutils
    pkgs.less
    pkgs.libfaketime
    #pkgs.mailutils
    pkgs.man
    pkgs.mdadm
    pkgs.gptfdisk
    pkgs.ncdu
    pkgs.ncurses
    pkgs.nixops
    #pkgs.openssl
    pkgs.pass
    pkgs.procps
    #pkgs.rxvt_unicode.terminfo
    #pkgs.sqlite
    pkgs.sqlite
    pkgs.sudo
    pkgs.tig
    pkgs.time
    #pkgs.tmux
    pkgs.tree
    pkgs.utillinux
    pkgs.vim
    #pkgs.virtualbox
    pkgs.which
    pkgs.xdg_utils
    pkgs.zfs
    pkgs.fio
    pkgs.strace
    #pkgs.zfstools
  ];
  #enableParallelBuilding = true;
  shellHook = ''
    echo >&2 "nix: running shellHook"

    ${modules.nix-shell.shellHook}

    # nix
    export NIX_PATH="nixpkgs=${nixpkgs}"
    NIX_PATH+=":nixpkgs-overlays="$PWD"/overlays"
    #NIX_PATH+=""

    # executables
    PATH_NIX=$(dirname $(readlink -e ~/.nix-profile/bin/nix))
    PATH_NIXOS=/run/wrappers/bin
    PATH_FHS="$PWD"/.lib/nix/fhs-bin
    PATH_FHS_VBOX="$PWD"/.lib/fhs-vbox-bin
    export PATH="$PATH_NIXOS:$PATH_FHS_VBOX:$PATH_FHS:$PATH:$PATH_NIX"

    # NOTE: sudo needs to be own by root with the setuid bit,
    # but this won't be the case for the sudo provided by Nix outside NixOS,
    # hence the addition of $PATH_FHS in shellHook
    # to provide the host system's sudo.
    # WARNING: beware that sudo may reset the environment,
    # and especially PATH, to some system's default.

    # locales
    export LANG=fr_FR.UTF-8
    export LC_CTYPE=fr_FR.UTF-8

    # password-store
    export PASSWORD_STORE_DIR="$PWD"/../sec/pass

    # git
    gitdir="$PWD"/.git
    test ! -f "$gitdir" || while IFS=" :" read -r hdr gitdir; do [ "$hdr" != gitdir ] || break; done <"$gitdir"
    ln -fnsr \
     "$PWD"/.lib/git/hooks/prepare-commit-msg--longuest-common-prefix \
     "$gitdir"/hooks/prepare-commit-msg

    # nixops
    #export NIXOPS_DEPLOYMENT="staging"
    export NIXOPS_STATE="$PWD"/.sec/nixops/state.nixops
    NIXOPS_OPTS+=" --show-trace"
    export NIXOPS_OPTS

    # disnix
    #export DISNIXOS_USE_NIXOPS=1
    #export DISNIX_CLIENT_INTERFACE=disnix-nixops-client
    #export DISNIX_PROFILE=default
    #export DISNIX_TARGET_PROPERTY=hostname
    #export DYSNOMIA_STATEDIR="$PWD"/.sec/dysnomia
  '';
}