feat: nh command wrapper

hosts/battleship/configuration.nix

@@ -12,8 +12,11 @@
     ./hardware-configuration.nix
   ];
 
+  programs.nh.enable = true;
+  programs.nh.flake = "/home/guz/nix";
+
   programs.nih.enable = true;
-  programs.nih.flakeDir = "/home/guz/.nix";
+  programs.nih.flakeDir = "/home/guz/nix";
   programs.nih.host = "battleship";
 
   profiles.locale.enable = true;

modules/nixos/programs/default.nix

@@ -1,5 +1,6 @@
 {...}: {
   imports = [
+    ./nh
     ./nih
     ./hyprland.nix
     ./steam.nix

modules/nixos/programs/nh/default.nix

@@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.programs.nh;
+  wrapper = pkgs.writeShellScriptBin "nh" ''
+    function alejandra() { ${pkgs.alejandra}/bin/alejandra "$@"; }
+    function git() { ${pkgs.git}/bin/git "$@"; }
+    function nh() { ${pkgs.nh}/bin/nh "$@"; }
+    function shellharden() { ${pkgs.shellharden}/bin/shellharden "$@"; }
+
+    FLAKE_DIR=${toString cfg.flake}
+
+    ${builtins.readFile ./wrapper.sh}
+  '';
+in {
+  options.programs.nh = with lib; with lib.types; {};
+  config = with lib;
+    mkIf cfg.enable {
+      programs.nh.package = wrapper;
+      programs.nh.clean.enable = mkDefault true;
+    };
+}

modules/nixos/programs/nh/wrapper.sh

@@ -0,0 +1,124 @@
+function set_colors() {
+	COLOR_CYAN='\033[0;35m'
+	COLOR_RED='\033[0;31m'
+	COLOR_YELLOW='\033[1;33m'
+	COLOR_NC='\033[0m'
+}
+function set_labels() {
+	set_colors
+	function echo_info() {
+		if [ -t 1 ]; then
+			echo -e "${COLOR_CYAN}INFO:${COLOR_NC} $@";
+		else
+			echo -e "INFO: $@";
+		fi
+	}
+	function echo_warn() {
+		if [ -t 1 ]; then
+			echo -e "${COLOR_YELLOW}WARN:${COLOR_NC} $@";
+		else
+			echo -e "WARN: $@";
+		fi
+	}
+	function echo_error() {
+		if [ -t 1 ]; then
+			echo -e "${COLOR_RED}ERRO:${COLOR_NC} $@";
+		else
+			echo -e "ERRO: $@";
+		fi
+	}
+}
+set_labels
+
+function decrypt_lesser_secrets() {
+	set -e
+	pushd "$FLAKE_DIR" > /dev/null
+
+	for f in ./secrets/*.lesser.*; do
+		local filename="$(basename -- "$f")"
+		local extension="${filename##*.}"
+		local filename="${filename%.*}"
+		local subextenstion="${filename##*.}"
+
+		if [[ "$subextenstion" == "decrypted" ]]; then
+			echo_warn "$PREFIX - File already decrypted! file=$f"
+		else
+			echo_info "$PREFIX - Decrypting lesser secret file. file=$f"
+			sops --output "./secrets/$filename.decrypted.$extension" -d "$f"
+		fi
+	done
+
+	echo_info "$PREFIX - Adding decrypted secret files"
+	git add ./secrets/*.decrypted.*
+
+	popd > /dev/null
+}
+
+function remove_decrypted_secrets() {
+	set -e
+	pushd "$FLAKE_DIR" > /dev/null
+
+	echo_info "$PREFIX - Removing descrypted files" \
+	git reset ./secrets/*.decrypted.*
+	for f in ./secrets/*.decrypted.*; do
+		echo_info "$PREFIX - Removing descrypted files. file=$f"
+		rm "$f"
+	done
+
+	popd > /dev/null
+}
+
+function format_files() {
+	set -e
+	pushd "$FLAKE_DIR" > /dev/null
+
+	echo_info "$PREFIX - Formatting *.nix files"
+	alejandra . &>/dev/null \
+	|| (alejandra . ; \
+		echo_error - "$PREFIX - Failed to format files" \
+		&& exit 1)
+
+	echo_info "$PREFIX - Formatting *.sh files"
+	find "$FLAKE_DIR" -type f -name "*.sh" -execdir shellharden --replace {} \;
+
+	popd > /dev/null
+}
+
+function build_os() {
+	set -e
+	pushd "$FLAKE_DIR" > /dev/null
+
+	echo_info "$PREFIX - Building NixOS"
+	nh os switch "$@" "$FLAKE_DIR" \
+		|| (echo_error "$PREFIX - Failed to build NixOS" \
+		&& remove_decrypted_secrets \
+		&& exit 1)
+
+	popd > /dev/null
+}
+
+case "$1" in
+	"os")
+		case "$2" in
+			"switch")
+				PREFIX="nh os switch"
+
+				decrypt_lesser_secrets
+				format_files
+
+				shift 2
+				build_os "$@"
+
+				remove_decrypted_secrets
+			;;
+			*) echo_error "\"$2\" subcommand does not exist"
+			;;
+		esac
+	;;
+	"--")
+		shift 1
+		nh "$@"
+	;;
+	*) echo_error "\"$1\" command does not exist"
+	;;
+esac