-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdev-shells.nix
74 lines (71 loc) · 2.18 KB
/
dev-shells.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
inputs:
inputs.nixpkgs.lib.mapAttrs (
system: pkgs:
let
inherit (pkgs) lib;
gpgFingerprint = "D4A0692874AA71B7F1281491BB8667EA7EB08143";
sopsSupportsAgePlugins = false; # TODO(jared): soon! See https://github.com/getsops/sops/pull/1465
yubikey5cNfc = "age1yubikey1q20xxhpyk00m3ezajg3769jpmgwkvasq4dzutg75jq96fytnlcmxs9ltmga";
yubikey5Nfc = "age1yubikey1q0tf5gp52t3smx6zduwyjnurw4cgjlqdm58a9dj6430e8mtrfexfg586p8p";
sopsConfig = (pkgs.formats.yaml { }).generate "sops.yaml" {
creation_rules =
map
(host: {
path_regex = "nixos-configurations/${host}/*";
pgp = lib.concatStringsSep "," [ gpgFingerprint ];
age = lib.concatStringsSep "," (
lib.optionals sopsSupportsAgePlugins [
yubikey5cNfc
yubikey5Nfc
]
++ (
let
machinePubkey = lib.fileContents ./nixos-configurations/${host}/age.pubkey;
in
lib.optionals (machinePubkey != "") [ machinePubkey ]
)
);
})
(
lib.filter (host: builtins.pathExists ./nixos-configurations/${host}/age.pubkey) (
builtins.attrNames (
lib.filterAttrs (_: entryType: entryType == "directory") (builtins.readDir ./nixos-configurations)
)
)
);
};
in
{
default = pkgs.mkShell {
inputsFrom = [
pkgs.homelab-backup-recv
pkgs.homelab-git-shell-commands
pkgs.local-overlay-fixup-db
pkgs.nix-key
pkgs.wg-dns
];
packages = [
pkgs.bashInteractive
pkgs.just
pkgs.semver-tool
pkgs.sops
];
shellHook =
(inputs.git-hooks.lib.${system}.run {
src = ./.;
hooks = {
deadnix.enable = true;
nixfmt-rfc-style.enable = true;
shellcheck.enable = true;
shfmt.enable = true;
stylua.enable = true;
};
}).shellHook
+
# bash
''
ln -sf ${sopsConfig} $PWD/.sops.yaml
'';
};
}
) inputs.self.legacyPackages