-{ inputs, pkgs, ... }:
+{ inputs, pkgs, shellHook ? "", ... }:
let
# Configuration of shell/modules/
# to expand shellHook and buildInputs of this shell.nix
- shellConfig = {config, ...}: {
+ shellConfig = { ... }: {
imports = [
shell/gnupg.nix
];
- nix = {
- nixConf = ''
- auto-optimise-store = true
- experimental-features nix-command flake
- '';
- };
gnupg = {
enable = true;
gnupgHome = "../sec/gnupg";
gpgExtraConf = ''
# julm@sourcephile.fr
trusted-key 0xB2450D97085B7B8C
+ default-key 0x4FE467034C11017B429BAC53A58CD81C3863926F
'';
gpgAgentExtraConf = ''
#pretend-request-origin remote
'';
};
/*
- openssl = {
+ openssl = {
enable = true;
opensslHome = "../sec/openssl";
certificates = import shell/x509.nix;
- };
+ };
*/
openssh = {
enable = true;
#SSAPIAuthentication no
SendEnv LANG LC_*
StrictHostKeyChecking yes
- UserKnownHostsFile ${inputs.secrets + "/ssh/known_hosts"}
+ #UserKnownHostsFile ''${inputs.secrets + "/ssh/known_hosts"}
'';
};
virtualbox = {
modules = [
shellConfig
{ config._module.args = { inherit inputs pkgs; }; }
- ] ++ map import (pkgs.lib.findFiles ".*\\.nix" (inputs.shell + "/modules"));
+ ] ++ map import (pkgs.lib.findFiles ".*\\.nix" shell/modules);
}).config;
-
- pwd = toString (./. + "");
- sourcephile-shred-tmp = pkgs.writeShellScriptBin "sourcephile-shred-tmp" ''
- # This is done when entering the nix-shell
- # because direnv already hooks trap EXIT.
- cd "${pwd}"
- test ! -e sec/tmp || {
- find sec/tmp -type f -exec shred -fu {} +
- rm -rf sec/tmp
- }
- '';
in
pkgs.mkShell {
name = "sourcephile-nix";
#preferLocalBuild = true;
#allowSubstitutes = false;
buildInputs = shell.nix-shell.buildInputs ++ [
- sourcephile-shred-tmp
- (pkgs.nixos []).nixos-generate-config
- (pkgs.nixos []).nixos-install
- (pkgs.nixos []).nixos-enter
+ (pkgs.nixos [ ]).nixos-generate-config
+ (pkgs.nixos [ ]).nixos-install
+ (pkgs.nixos [ ]).nixos-enter
#pkgs.binutils
pkgs.coreutils
pkgs.cryptsetup
#pkgs.vim
#pkgs.virtualbox
pkgs.which
- pkgs.xdg_utils
+ pkgs.xdg-utils
pkgs.fio
pkgs.strace
pkgs.utillinux
#pkgs.zfstools
pkgs.linuxPackages.perf
#pkgs.go2nix
- pkgs.wireguard
+ pkgs.wireguard-tools
pkgs.stun
pkgs.mkpasswd
#pkgs.ubootTools
];
#enableParallelBuilding = true;
- PASSWORD_STORE_DIR = "pass";
NIX_PATH = pkgs.lib.concatStringsSep ":" [
"nixpkgs=${pkgs.path}"
("nixpkgs-overlays=" + pkgs.writeText "overlays.nix" ''
shellHook = ''
echo >&2 "nix: running shellHook"
- # Since the .envrc calls this shellHook
- # the EXIT trap cannot be freely used
- # because it's already used by direnv,
- # hence shred at startup, which is not ideal.
- sourcephile-shred-tmp
-
${shell.nix-shell.shellHook}
# gpg
+ export GNUPGHOME=$(realpath -e ${shell.gnupg.gnupgHome});
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
- '';
+
+ # pass
+ export PASSWORD_STORE_DIR="$PWD"
+ '' + shellHook;
}
sourcephile / git / sourcephile-nix.git / blobdiff