-
Notifications
You must be signed in to change notification settings - Fork 1
/
dev-shells.nix
69 lines (66 loc) · 2.04 KB
/
dev-shells.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
inputs:
inputs.nixpkgs.lib.mapAttrs (
system: pkgs:
let
inherit (pkgs) lib;
gpgFingerprint = "D4A0692874AA71B7F1281491BB8667EA7EB08143";
sopsSupportsAgePlugins = false; # TODO(jared): soon! See https://github.com/getsops/sops/pull/1465
yubikey5cNfc = "age1yubikey1q20xxhpyk00m3ezajg3769jpmgwkvasq4dzutg75jq96fytnlcmxs9ltmga";
yubikey5Nfc = "age1yubikey1q0tf5gp52t3smx6zduwyjnurw4cgjlqdm58a9dj6430e8mtrfexfg586p8p";
sopsConfig = (pkgs.formats.yaml { }).generate "sops.yaml" {
creation_rules =
map
(host: {
path_regex = "nixos-configurations/${host}/*";
pgp = lib.concatStringsSep "," [ gpgFingerprint ];
age = lib.concatStringsSep "," (
lib.optionals sopsSupportsAgePlugins [
yubikey5cNfc
yubikey5Nfc
]
++ (
let
machinePubkey = lib.replaceStrings [ "\n" ] [ "" ] (
builtins.readFile ./nixos-configurations/${host}/age.pubkey
);
in
lib.optionals (machinePubkey != "") [ machinePubkey ]
)
);
})
(
lib.filter (host: builtins.pathExists ./nixos-configurations/${host}/age.pubkey) (
builtins.attrNames (
lib.filterAttrs (_: entryType: entryType == "directory") (builtins.readDir ./nixos-configurations)
)
)
);
};
in
{
default = pkgs.mkShell {
packages = (
with pkgs;
[
bashInteractive
just
semver-tool
sops
]
);
shellHook =
(inputs.git-hooks.lib.${system}.run {
src = ./.;
hooks = {
deadnix.enable = true;
nixfmt-rfc-style.enable = true;
shellcheck.enable = true;
shfmt.enable = true;
};
}).shellHook
+ ''
ln -sf ${sopsConfig} $PWD/.sops.yaml
'';
};
}
) inputs.self.legacyPackages