diff --git a/hosts/battleship/configuration.nix b/hosts/battleship/configuration.nix index 35265c5..ffbd00e 100644 --- a/hosts/battleship/configuration.nix +++ b/hosts/battleship/configuration.nix @@ -12,8 +12,11 @@ ./hardware-configuration.nix ]; + programs.nh.enable = true; + programs.nh.flake = "/home/guz/nix"; + programs.nih.enable = true; - programs.nih.flakeDir = "/home/guz/.nix"; + programs.nih.flakeDir = "/home/guz/nix"; programs.nih.host = "battleship"; profiles.locale.enable = true; diff --git a/modules/nixos/programs/default.nix b/modules/nixos/programs/default.nix index 2144a79..b40021a 100644 --- a/modules/nixos/programs/default.nix +++ b/modules/nixos/programs/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./nh ./nih ./hyprland.nix ./steam.nix diff --git a/modules/nixos/programs/nh/default.nix b/modules/nixos/programs/nh/default.nix new file mode 100644 index 0000000..f0edca2 --- /dev/null +++ b/modules/nixos/programs/nh/default.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.programs.nh; + wrapper = pkgs.writeShellScriptBin "nh" '' + function alejandra() { ${pkgs.alejandra}/bin/alejandra "$@"; } + function git() { ${pkgs.git}/bin/git "$@"; } + function nh() { ${pkgs.nh}/bin/nh "$@"; } + function shellharden() { ${pkgs.shellharden}/bin/shellharden "$@"; } + + FLAKE_DIR=${toString cfg.flake} + + ${builtins.readFile ./wrapper.sh} + ''; +in { + options.programs.nh = with lib; with lib.types; {}; + config = with lib; + mkIf cfg.enable { + programs.nh.package = wrapper; + programs.nh.clean.enable = mkDefault true; + }; +} diff --git a/modules/nixos/programs/nh/wrapper.sh b/modules/nixos/programs/nh/wrapper.sh new file mode 100644 index 0000000..5225518 --- /dev/null +++ b/modules/nixos/programs/nh/wrapper.sh @@ -0,0 +1,124 @@ +function set_colors() { + COLOR_CYAN='\033[0;35m' + COLOR_RED='\033[0;31m' + COLOR_YELLOW='\033[1;33m' + COLOR_NC='\033[0m' +} +function set_labels() { + set_colors + function echo_info() { + if [ -t 1 ]; then + echo -e "${COLOR_CYAN}INFO:${COLOR_NC} $@"; + else + echo -e "INFO: $@"; + fi + } + function echo_warn() { + if [ -t 1 ]; then + echo -e "${COLOR_YELLOW}WARN:${COLOR_NC} $@"; + else + echo -e "WARN: $@"; + fi + } + function echo_error() { + if [ -t 1 ]; then + echo -e "${COLOR_RED}ERRO:${COLOR_NC} $@"; + else + echo -e "ERRO: $@"; + fi + } +} +set_labels + +function decrypt_lesser_secrets() { + set -e + pushd "$FLAKE_DIR" > /dev/null + + for f in ./secrets/*.lesser.*; do + local filename="$(basename -- "$f")" + local extension="${filename##*.}" + local filename="${filename%.*}" + local subextenstion="${filename##*.}" + + if [[ "$subextenstion" == "decrypted" ]]; then + echo_warn "$PREFIX - File already decrypted! file=$f" + else + echo_info "$PREFIX - Decrypting lesser secret file. file=$f" + sops --output "./secrets/$filename.decrypted.$extension" -d "$f" + fi + done + + echo_info "$PREFIX - Adding decrypted secret files" + git add ./secrets/*.decrypted.* + + popd > /dev/null +} + +function remove_decrypted_secrets() { + set -e + pushd "$FLAKE_DIR" > /dev/null + + echo_info "$PREFIX - Removing descrypted files" \ + git reset ./secrets/*.decrypted.* + for f in ./secrets/*.decrypted.*; do + echo_info "$PREFIX - Removing descrypted files. file=$f" + rm "$f" + done + + popd > /dev/null +} + +function format_files() { + set -e + pushd "$FLAKE_DIR" > /dev/null + + echo_info "$PREFIX - Formatting *.nix files" + alejandra . &>/dev/null \ + || (alejandra . ; \ + echo_error - "$PREFIX - Failed to format files" \ + && exit 1) + + echo_info "$PREFIX - Formatting *.sh files" + find "$FLAKE_DIR" -type f -name "*.sh" -execdir shellharden --replace {} \; + + popd > /dev/null +} + +function build_os() { + set -e + pushd "$FLAKE_DIR" > /dev/null + + echo_info "$PREFIX - Building NixOS" + nh os switch "$@" "$FLAKE_DIR" \ + || (echo_error "$PREFIX - Failed to build NixOS" \ + && remove_decrypted_secrets \ + && exit 1) + + popd > /dev/null +} + +case "$1" in + "os") + case "$2" in + "switch") + PREFIX="nh os switch" + + decrypt_lesser_secrets + format_files + + shift 2 + build_os "$@" + + remove_decrypted_secrets + ;; + *) echo_error "\"$2\" subcommand does not exist" + ;; + esac + ;; + "--") + shift 1 + nh "$@" + ;; + *) echo_error "\"$1\" command does not exist" + ;; +esac