switched to using dev shells for local development environment

.envrc

@@ -0,0 +1 @@
+use flake

.gitignore

@@ -1 +1,2 @@
 result
+.direnv

.hooks/post-commit

@@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash ../shell.nix
 
 echo "restoring stashed changes"
 

.hooks/pre-commit

@@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash ../shell.nix
 
 echo "stashing all uncommitted changes"
 git stash -q --keep-index
@@ -11,7 +12,7 @@ if [ ! $? -eq 0 ]; then
 fi
 
 echo "running linter"
-./lint.sh
+alejandra -q .
 
 RESULT=$?
 

README.md

@@ -6,8 +6,8 @@
 |  `twilight` |      Desktop Computer      |      Leyla       |  Desktop  |
 |  `horizon`  |  13 inch Framework Laptop  |      Leyla       |  Laptop   |
 |  `defiant`  |         NAS Server         |      Leyla       |  Service  |
-|  `emergent` |      Desktop Computer      |       Eve        |  Laptop   |
-| `threshold` |           Laptop           |       Eve        |  Desktop  |
+|  `emergent` |      Desktop Computer      |       Eve        |  Desktop  |
+| `threshold` |           Laptop           |       Eve        |  Laptop   |
 
 # Tooling
 ## Lint
@@ -22,10 +22,13 @@
 ## New host setup
 `./install.sh --target 192.168.1.130 --flake hostname`
 
+## Updating Secrets
+`sops -c sops secrets/secrets_file_here.yaml`
+
 # Notes:
 
 ## Research topics
-- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
+- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/`
 - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh
 - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init
 - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/
@@ -33,11 +36,6 @@
 - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/
 - https://nixos-and-flakes.thiscute.world/
 
-## Configuration
-set up git configuration for local development: `git config core.hooksPath .hooks`
-
-to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set)
-
 # Tasks:
 
 ## Tech Debt

const/sops_age_key_directory.nix

@@ -0,0 +1 @@
+"/var/lib/sops-nix"

enviroments/common/default.nix

@@ -196,7 +196,7 @@
     ];
 
     sessionVariables = rec {
-      SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix";
+      SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix;
       SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt";
     };
   };

flake.lock

@@ -21,6 +21,20 @@
       }
     },
     "flake-compat": {
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "revCount": 57,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
+      }
+    },
+    "flake-compat_2": {
       "flake": false,
       "locked": {
         "lastModified": 1696426674,
@@ -91,7 +105,7 @@
     },
     "nix-vscode-extensions": {
       "inputs": {
-        "flake-compat": "flake-compat",
+        "flake-compat": "flake-compat_2",
         "flake-utils": "flake-utils",
         "nixpkgs": [
           "nixpkgs"
@@ -160,6 +174,7 @@
     "root": {
       "inputs": {
         "disko": "disko",
+        "flake-compat": "flake-compat",
         "home-manager": "home-manager",
         "impermanence": "impermanence",
         "nix-vscode-extensions": "nix-vscode-extensions",

flake.nix

@@ -48,6 +48,10 @@
     nixos-hardware = {
       url = "github:NixOS/nixos-hardware/master";
     };
+
+    flake-compat = {
+      url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
+    };
   };
 
   outputs = {
@@ -78,7 +82,19 @@
   in {
     packages = forEachPkgs (import ./pkgs);
 
-    formatter = forEachPkgs (system: system.alejandra);
+    formatter = forEachPkgs (pkgs: pkgs.alejandra);
+
+    devShells = forEachPkgs (pkgs: {
+      default = pkgs.mkShell {
+        packages = with pkgs; [git sops alejandra nixos-anywhere];
+
+        SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix;
+
+        shellHook = ''
+          git config core.hooksPath .hooks
+        '';
+      };
+    });
 
     nixosConfigurations = {
       # Leyla Laptop

install.sh

@@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY
 cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY
 
 # commit number in this is because the main branch of nixos-anywhere is broken right now
-nix run github:nix-community/nixos-anywhere -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target
+nixos-anywhere --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target

lint.sh

@@ -1,3 +0,0 @@
-#!/usr/bin/env bash
-
-nix run git+https://github.com/kamadorueda/alejandra -- -q .

shell.nix

@@ -0,0 +1,14 @@
+(
+  import
+  (
+    let
+      lock = builtins.fromJSON (builtins.readFile ./flake.lock);
+    in
+      fetchTarball {
+        url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+        sha256 = lock.nodes.flake-compat.locked.narHash;
+      }
+  )
+  {src = ./.;}
+)
+.shellNix