nix: update input julm-nix

[sourcephile-nix.git] / shell.nix

diff --git a/shell.nix b/shell.nix
index 9206ede86f966b56f29110de3d08912ce0c2c660..477117f8924f1610b7f5e6e952e09fecfe4d71af 100644 (file)
--- a/shell.nix
+++ b/shell.nix
@@ -1,17 +1,11 @@
-{ inputs, pkgs, ... }:
+{ inputs, pkgs, shellHook ? "", ... }:
 let
   # Configuration of shell/modules/
   # to expand shellHook and buildInputs of this shell.nix
-  shellConfig = {config, ...}: {
+  shellConfig = { ... }: {
     imports = [
       shell/gnupg.nix
     ];
-    nix = {
-      nixConf = ''
-        auto-optimise-store = true
-        experimental-features nix-command flake
-      '';
-    };
     gnupg = {
       enable = true;
       gnupgHome = "../sec/gnupg";
@@ -30,11 +24,11 @@ let
       '';
     };
     /*
-    openssl = {
+      openssl = {
       enable = true;
       opensslHome = "../sec/openssl";
       certificates = import shell/x509.nix;
-    };
+      };
     */
     openssh = {
       enable = true;
@@ -48,7 +42,7 @@ let
         #SSAPIAuthentication no
         SendEnv LANG LC_*
         StrictHostKeyChecking yes
-        UserKnownHostsFile ${inputs.secrets + "/ssh/known_hosts"}
+        #UserKnownHostsFile ''${inputs.secrets + "/ssh/known_hosts"}
       '';
     };
     virtualbox = {
@@ -63,19 +57,8 @@ let
     modules = [
       shellConfig
       { config._module.args = { inherit inputs pkgs; }; }
-    ] ++ map import (pkgs.lib.findFiles ".*\\.nix" (inputs.shell + "/modules"));
+    ] ++ map import (pkgs.lib.findFiles ".*\\.nix" shell/modules);
   }).config;
-
-  pwd = toString (./. + "");
-  sourcephile-shred-tmp = pkgs.writeShellScriptBin "sourcephile-shred-tmp" ''
-    # This is done when entering the nix-shell
-    # because direnv already hooks trap EXIT.
-    cd "${pwd}"
-    test ! -e sec/tmp || {
-    find sec/tmp -type f -exec shred -fu {} +
-    rm -rf sec/tmp
-    }
-  '';
 in
 pkgs.mkShell {
   name = "sourcephile-nix";
@@ -83,10 +66,9 @@ pkgs.mkShell {
   #preferLocalBuild = true;
   #allowSubstitutes = false;
   buildInputs = shell.nix-shell.buildInputs ++ [
-    sourcephile-shred-tmp
-    (pkgs.nixos []).nixos-generate-config
-    (pkgs.nixos []).nixos-install
-    (pkgs.nixos []).nixos-enter
+    (pkgs.nixos [ ]).nixos-generate-config
+    (pkgs.nixos [ ]).nixos-install
+    (pkgs.nixos [ ]).nixos-enter
     #pkgs.binutils
     pkgs.coreutils
     pkgs.cryptsetup
@@ -130,7 +112,7 @@ pkgs.mkShell {
     #pkgs.vim
     #pkgs.virtualbox
     pkgs.which
-    pkgs.xdg_utils
+    pkgs.xdg-utils
     pkgs.fio
     pkgs.strace
     pkgs.utillinux
@@ -145,7 +127,6 @@ pkgs.mkShell {
   ];
   #enableParallelBuilding = true;
 
-  GNUPGHOME = shell.gnupg.gnupgHome;
   NIX_PATH = pkgs.lib.concatStringsSep ":" [
     "nixpkgs=${pkgs.path}"
     ("nixpkgs-overlays=" + pkgs.writeText "overlays.nix" ''
@@ -157,19 +138,14 @@ pkgs.mkShell {
   shellHook = ''
     echo >&2 "nix: running shellHook"
 
-    # Since the .envrc calls this shellHook
-    # the EXIT trap cannot be freely used
-    # because it's already used by direnv,
-    # hence shred at startup, which is not ideal.
-    sourcephile-shred-tmp
-
     ${shell.nix-shell.shellHook}
 
     # gpg
+    export GNUPGHOME=$(realpath -e ${shell.gnupg.gnupgHome});
     export GPG_TTY=$(tty)
     gpg-connect-agent updatestartuptty /bye >/dev/null
 
     # pass
-    export PASSWORD_STORE_DIR="$PWD"/pass
-  '';
+    export PASSWORD_STORE_DIR="$PWD"
+  '' + shellHook;
 }