third_party/nix: make nix-env reusable
Change-Id: I19ffb94d0822044ad19b8454f91d2186209d3510
Reviewed-on: https://review.monogon.dev/c/monogon/+/2184
Tested-by: Jenkins CI
Reviewed-by: Serge Bazanski <serge@monogon.tech>
diff --git a/shell.nix b/shell.nix
index 2ae043c..3963630 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,94 +1,6 @@
-{ command ? "bash --noprofile --norc" }:
# If you're on NixOS, use me! `nix-shell --pure`.
-with import (fetchTarball {
- # nixpkgs 23.05 as of 2023/07/19
- url = "https://github.com/NixOS/nixpkgs/archive/2fadc2426928c844054cd28fabe231ff26a70715.tar.gz";
- sha256 = "sha256:06hpcqhaaqvd5gjcz2ps9lz6q2sf5fwgl5rwllpyl9x4g5g95ahv";
-}) {};
+{ sources ? import third_party/nix/sources.nix }:
let
- wrapper = pkgs.writeScript "wrapper.sh"
- ''
- # Fancy colorful PS1 to make people notice easily they're in the Monogon Nix shell.
- PS1='\[\033]0;\u/monogon:\w\007\]'
- if type -P dircolors >/dev/null ; then
- PS1+='\[\033[01;35m\]\u/monogon\[\033[01;36m\] \w \$\[\033[00m\] '
- fi
- export PS1
-
- # Use Nix-provided cert store.
- export NIX_SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
- export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
-
- # Let some downstream machinery know we're on NixOS. This is used mostly to
- # work around Bazel/NixOS interactions.
- export MONOGON_NIXOS=yep
-
- # Convince rules_go to use /bin/bash and not a NixOS store bash which has
- # no idea how to resolve other things in the nix store once PATH is
- # stripped by (host_)action_env.
- export BAZEL_SH=/bin/bash
-
- # Allow passing a custom command via env since nix-shell doesn't support
- # this yet: https://github.com/NixOS/nix/issues/534
- if [ ! -n "$COMMAND" ]; then
- COMMAND="bash --noprofile --norc"
- fi
- exec $COMMAND
- '';
+ pkgs = import sources.nixpkgs {};
in
-(pkgs.buildFHSUserEnv {
- name = "monogon-nix";
- targetPkgs = pkgs: with pkgs; [
- git
- buildifier
- (stdenv.mkDerivation {
- name = "bazel";
- src = builtins.fetchurl {
- url = https://github.com/bazelbuild/bazel/releases/download/5.4.0/bazel-5.4.0-linux-x86_64;
- sha256 = "1w58m1brwjfwsv48fmd66inry67m4vgb3bwvwmamhdv099v183jg";
- };
- unpackPhase = ''
- true
- '';
- buildPhase = ''
- mkdir -p $out/bin
- cp $src $out/bin/.bazel-inner
- chmod +x $out/bin/.bazel-inner
-
- cat > $out/bin/bazel <<EOF
- #!/usr/bin/bash
- export BAZEL_REAL=$out/bin/.bazel-inner
- function get_workspace_root() {
- workspace_dir="\''${PWD}"
- while [[ "\''${workspace_dir}" != / ]]; do
- if [[ -e "\''${workspace_dir}/WORKSPACE" || -e "\''${workspace_dir}/WORKSPACE.bazel" ]]; then
- readonly workspace_dir
- return
- fi
- workspace_dir="$(dirname "\''${workspace_dir}")"
- done
- readonly workspace_dir=""
- }
-
- get_workspace_root
- readonly wrapper="\''${workspace_dir}/tools/bazel"
- if [ -f "\''${wrapper}" ]; then
- exec -a "\$0" "\''${wrapper}" "\$@"
- fi
- exec -a "\$0" "\''${BAZEL_REAL}" "\$@"
- EOF
- chmod +x $out/bin/bazel
- '';
- dontStrip = true;
- })
- zlib
- curl
- gcc
- binutils
- openjdk11
- patch
- python3
- ];
- runScript = wrapper;
-}).env
-
+(import third_party/nix/env.nix { inherit pkgs; }).env