From 64d547aa16f52f757a7e1cdc459ba69f6a87eea7 Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Mon, 11 Nov 2024 18:38:44 -0600
Subject: [PATCH] switched to using dev shells for local development
 environment

---
 .envrc                           |  1 +
 .gitignore                       |  3 ++-
 .hooks/post-commit               |  3 ++-
 .hooks/pre-commit                |  5 +++--
 README.md                        | 14 ++++++--------
 const/sops_age_key_directory.nix |  1 +
 enviroments/common/default.nix   |  2 +-
 flake.lock                       | 17 ++++++++++++++++-
 flake.nix                        | 18 +++++++++++++++++-
 install.sh                       |  2 +-
 lint.sh                          |  3 ---
 shell.nix                        | 14 ++++++++++++++
 12 files changed, 64 insertions(+), 19 deletions(-)
 create mode 100644 .envrc
 create mode 100644 const/sops_age_key_directory.nix
 delete mode 100755 lint.sh
 create mode 100644 shell.nix

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..8392d15
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use flake
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index e2f5dd2..d1da3a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-result
\ No newline at end of file
+result
+.direnv
\ No newline at end of file
diff --git a/.hooks/post-commit b/.hooks/post-commit
index 93d7f15..56c439d 100755
--- a/.hooks/post-commit
+++ b/.hooks/post-commit
@@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash ../shell.nix
 
 echo "restoring stashed changes"
 
diff --git a/.hooks/pre-commit b/.hooks/pre-commit
index 6687ec0..f98c64f 100755
--- a/.hooks/pre-commit
+++ b/.hooks/pre-commit
@@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash ../shell.nix
 
 echo "stashing all uncommitted changes"
 git stash -q --keep-index
@@ -11,7 +12,7 @@ if [ ! $? -eq 0 ]; then
 fi
 
 echo "running linter"
-./lint.sh
+alejandra -q .
 
 RESULT=$?
 
diff --git a/README.md b/README.md
index e94d8b3..afd4f90 100644
--- a/README.md
+++ b/README.md
@@ -6,8 +6,8 @@
 |  `twilight` |      Desktop Computer      |      Leyla       |  Desktop  |
 |  `horizon`  |  13 inch Framework Laptop  |      Leyla       |  Laptop   |
 |  `defiant`  |         NAS Server         |      Leyla       |  Service  |
-|  `emergent` |      Desktop Computer      |       Eve        |  Laptop   |
-| `threshold` |           Laptop           |       Eve        |  Desktop  |
+|  `emergent` |      Desktop Computer      |       Eve        |  Desktop  |
+| `threshold` |           Laptop           |       Eve        |  Laptop   |
 
 # Tooling
 ## Lint
@@ -22,10 +22,13 @@
 ## New host setup
 `./install.sh --target 192.168.1.130 --flake hostname`
 
+## Updating Secrets
+`sops -c sops secrets/secrets_file_here.yaml`
+
 # Notes:
 
 ## Research topics
-- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
+- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
 - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh
 - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init
 - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/
@@ -33,11 +36,6 @@
 - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/
 - https://nixos-and-flakes.thiscute.world/
 
-## Configuration
-set up git configuration for local development: `git config core.hooksPath .hooks`
-
-to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set)
-
 # Tasks:
 
 ## Tech Debt
diff --git a/const/sops_age_key_directory.nix b/const/sops_age_key_directory.nix
new file mode 100644
index 0000000..cf948df
--- /dev/null
+++ b/const/sops_age_key_directory.nix
@@ -0,0 +1 @@
+"/var/lib/sops-nix"
diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix
index 8df4c0e..36b86ac 100644
--- a/enviroments/common/default.nix
+++ b/enviroments/common/default.nix
@@ -196,7 +196,7 @@
     ];
 
     sessionVariables = rec {
-      SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix";
+      SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix;
       SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt";
     };
   };
diff --git a/flake.lock b/flake.lock
index ed31d1e..f77c46a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,20 @@
       }
     },
     "flake-compat": {
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "revCount": 57,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+      }
+    },
+    "flake-compat_2": {
       "flake": false,
       "locked": {
         "lastModified": 1696426674,
@@ -91,7 +105,7 @@
     },
     "nix-vscode-extensions": {
       "inputs": {
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
         "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
@@ -160,6 +174,7 @@
     "root": {
       "inputs": {
         "disko": "disko",
+        "flake-compat": "flake-compat",
         "home-manager": "home-manager",
         "impermanence": "impermanence",
         "nix-vscode-extensions": "nix-vscode-extensions",
diff --git a/flake.nix b/flake.nix
index 7e716ec..1d10485 100644
--- a/flake.nix
+++ b/flake.nix
@@ -48,6 +48,10 @@
     nixos-hardware = {
       url = "github:NixOS/nixos-hardware/master";
     };
+
+    flake-compat = {
+      url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
+    };
   };
 
   outputs = {
@@ -78,7 +82,19 @@
   in {
     packages = forEachPkgs (import ./pkgs);
 
-    formatter = forEachPkgs (system: system.alejandra);
+    formatter = forEachPkgs (pkgs: pkgs.alejandra);
+
+    devShells = forEachPkgs (pkgs: {
+      default = pkgs.mkShell {
+        packages = with pkgs; [git sops alejandra nixos-anywhere];
+
+        SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix;
+
+        shellHook = ''
+          git config core.hooksPath .hooks
+        '';
+      };
+    });
 
     nixosConfigurations = {
       # Leyla Laptop
diff --git a/install.sh b/install.sh
index bed56a9..0ed7cb8 100755
--- a/install.sh
+++ b/install.sh
@@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY
 cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY
 
 # commit number in this is because the main branch of nixos-anywhere is broken right now
-nix run github:nix-community/nixos-anywhere -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target
+nixos-anywhere --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target
diff --git a/lint.sh b/lint.sh
deleted file mode 100755
index 3fc29e9..0000000
--- a/lint.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/bin/env bash
-
-nix run git+https://github.com/kamadorueda/alejandra -- -q .
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..d7c46b9
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,14 @@
+(
+  import
+  (
+    let
+      lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+    in
+      fetchTarball {
+        url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+        sha256 = lock.nodes.flake-compat.locked.narHash;
+      }
+  )
+  {src = ./.;}
+)
+.shellNix