{ inputs, pkgs, shellHook ? "", ... }: let # Configuration of shell/modules/ # to expand shellHook and buildInputs of this shell.nix shellConfig = { ... }: { imports = [ shell/gnupg.nix ]; gnupg = { enable = true; gnupgHome = "../sec/gnupg"; gpgExtraConf = '' # julm@sourcephile.fr trusted-key 0xB2450D97085B7B8C default-key 0x4FE467034C11017B429BAC53A58CD81C3863926F ''; gpgAgentExtraConf = '' #pretend-request-origin remote #extra-socket ${toString ./.}/S.gpg-agent.extra #log-file ${toString ./.}/gpg-agent.log #no-grab #debug-level expert #allow-loopback-pinentry ''; }; /* openssl = { enable = true; opensslHome = "../sec/openssl"; certificates = import shell/x509.nix; }; */ openssh = { enable = true; sshConf = '' Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr Compression no #CompressionLevel 4 ControlMaster auto ControlPath .ssh-%h-%p-%r.socket HashKnownHosts no #SSAPIAuthentication no SendEnv LANG LC_* StrictHostKeyChecking yes #UserKnownHostsFile ''${inputs.secrets + "/ssh/known_hosts"} ''; }; virtualbox = { enable = false; }; }; # Using modules enables to separate specific configurations # from reusable code in shell/modules.nix and shell/modules/ # which may find its way in another git repository one day. shell = (pkgs.lib.evalModules { modules = [ shellConfig { config._module.args = { inherit inputs pkgs; }; } ] ++ map import (pkgs.lib.findFiles ".*\\.nix" shell/modules); }).config; in pkgs.mkShell { name = "sourcephile-nix"; src = null; #preferLocalBuild = true; #allowSubstitutes = false; buildInputs = shell.nix-shell.buildInputs ++ [ (pkgs.nixos [ ]).nixos-generate-config (pkgs.nixos [ ]).nixos-install (pkgs.nixos [ ]).nixos-enter #pkgs.binutils pkgs.coreutils pkgs.cryptsetup pkgs.curl #pkgs.direnv pkgs.dnsutils #pkgs.dropbear pkgs.e2fsprogs pkgs.git pkgs.glibcLocales pkgs.gnumake pkgs.gnupg pkgs.htop #pkgs.inetutils pkgs.ipcalc #pkgs.iputils pkgs.less pkgs.libfaketime pkgs.ldns #pkgs.ldns.examples #pkgs.mailutils pkgs.man pkgs.mdadm pkgs.gptfdisk pkgs.ncdu pkgs.ncurses #pkgs.nixops #pkgs.openssl pkgs.pass pkgs.procps pkgs.rsync #pkgs.rxvt_unicode.terminfo #pkgs.sqlite pkgs.sqlite #pkgs.sudo pkgs.tig pkgs.time #pkgs.tmux pkgs.tree pkgs.utillinux #pkgs.vim #pkgs.virtualbox pkgs.which pkgs.xdg-utils pkgs.fio pkgs.strace pkgs.utillinux #pkgs.zfstools pkgs.linuxPackages.perf #pkgs.go2nix pkgs.wireguard-tools pkgs.stun pkgs.mkpasswd #pkgs.ubootTools #pkgs.hydra-unstable ]; #enableParallelBuilding = true; NIX_PATH = pkgs.lib.concatStringsSep ":" [ "nixpkgs=${pkgs.path}" ("nixpkgs-overlays=" + pkgs.writeText "overlays.nix" '' import ${inputs.self + "/nixpkgs/overlays.nix"} ++ import ${inputs.julm-nix + "/nixpkgs/overlays.nix"} '') ]; shellHook = '' echo >&2 "nix: running shellHook" ${shell.nix-shell.shellHook} # gpg export GNUPGHOME=$(realpath -e ${shell.gnupg.gnupgHome}); export GPG_TTY=$(tty) gpg-connect-agent updatestartuptty /bye >/dev/null # pass export PASSWORD_STORE_DIR="$PWD" '' + shellHook; }