3 # Configuration of shell/modules/
4 # to expand shellHook and buildInputs of this shell.nix
5 shellConfig = {config, ...}: {
11 auto-optimise-store = true
12 experimental-features nix-command flake
17 gnupgHome = "../sec/gnupg";
20 trusted-key 0xB2450D97085B7B8C
22 gpgAgentExtraConf = ''
23 #pretend-request-origin remote
24 #extra-socket ${toString ./.}/S.gpg-agent.extra
25 #log-file ${toString ./.}/gpg-agent.log
28 #allow-loopback-pinentry
34 opensslHome = "../sec/openssl";
35 certificates = import shell/x509.nix;
41 Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr
45 ControlPath .ssh-%h-%p-%r.socket
47 #SSAPIAuthentication no
49 StrictHostKeyChecking yes
50 UserKnownHostsFile ${inputs.secrets + "/ssh/known_hosts"}
58 # Using modules enables to separate specific configurations
59 # from reusable code in shell/modules.nix and shell/modules/
60 # which may find its way in another git repository one day.
61 shell = (pkgs.lib.evalModules {
62 modules = [ shellConfig ] ++ map import (pkgs.lib.findFiles ".*\\.nix" (inputs.shell + "/modules"));
63 args = { inherit inputs pkgs; };
66 pwd = toString (./. + "");
67 sourcephile-shred-tmp = pkgs.writeShellScriptBin "sourcephile-shred-tmp" ''
68 # This is done when entering the nix-shell
69 # because direnv already hooks trap EXIT.
71 test ! -e sec/tmp || {
72 find sec/tmp -type f -exec shred -fu {} +
78 name = "sourcephile-nix";
80 #preferLocalBuild = true;
81 #allowSubstitutes = false;
82 buildInputs = shell.nix-shell.buildInputs ++ [
84 (pkgs.nixos []).nixos-generate-config
85 (pkgs.nixos []).nixos-install
86 (pkgs.nixos []).nixos-enter
118 #pkgs.rxvt_unicode.terminfo
135 pkgs.linuxPackages.perf
142 #enableParallelBuilding = true;
144 PASSWORD_STORE_DIR = "pass";
145 NIX_PATH = pkgs.lib.concatStringsSep ":" [
146 "nixpkgs=${pkgs.path}"
147 ("nixpkgs-overlays=" + pkgs.writeText "overlays.nix" ''
148 import ${inputs.self + "/nixpkgs/overlays.nix"} ++
149 import ${inputs.julm-nix + "/nixpkgs/overlays.nix"}
154 echo >&2 "nix: running shellHook"
156 # Since the .envrc calls this shellHook
157 # the EXIT trap cannot be freely used
158 # because it's already used by direnv,
159 # hence shred at startup, which is not ideal.
160 sourcephile-shred-tmp
162 ${shell.nix-shell.shellHook}
165 export GPG_TTY=$(tty)
166 gpg-connect-agent updatestartuptty /bye >/dev/null