third_party/nix: make nix-env reusable
Change-Id: I19ffb94d0822044ad19b8454f91d2186209d3510
Reviewed-on: https://review.monogon.dev/c/monogon/+/2184
Tested-by: Jenkins CI
Reviewed-by: Serge Bazanski <serge@monogon.tech>
diff --git a/third_party/nix/env.nix b/third_party/nix/env.nix
new file mode 100644
index 0000000..473e0fd
--- /dev/null
+++ b/third_party/nix/env.nix
@@ -0,0 +1,92 @@
+{ pkgs, extraConf ? "" }: with pkgs;
+let
+ wrapper = pkgs.writeScript "wrapper.sh"
+ ''
+ # Fancy colorful PS1 to make people notice easily they're in the Monogon Nix shell.
+ PS1='\[\033]0;\u/monogon:\w\007\]'
+ if type -P dircolors >/dev/null ; then
+ PS1+='\[\033[01;35m\]\u/monogon\[\033[01;36m\] \w \$\[\033[00m\] '
+ fi
+ export PS1
+
+ # Use Nix-provided cert store.
+ export NIX_SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
+ export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
+
+ # Let some downstream machinery know we're on NixOS. This is used mostly to
+ # work around Bazel/NixOS interactions.
+ export MONOGON_NIXOS=yep
+
+ # Convince rules_go to use /bin/bash and not a NixOS store bash which has
+ # no idea how to resolve other things in the nix store once PATH is
+ # stripped by (host_)action_env.
+ export BAZEL_SH=/bin/bash
+
+ ${extraConf}
+
+ # Allow passing a custom command via env since nix-shell doesn't support
+ # this yet: https://github.com/NixOS/nix/issues/534
+ if [ ! -n "$COMMAND" ]; then
+ COMMAND="bash --noprofile --norc"
+ fi
+ exec $COMMAND
+ '';
+in
+(pkgs.buildFHSUserEnv {
+ name = "monogon-nix";
+ targetPkgs = pkgs: with pkgs; [
+ git
+ buildifier
+ (stdenv.mkDerivation {
+ name = "bazel";
+ src = builtins.fetchurl {
+ url = https://github.com/bazelbuild/bazel/releases/download/5.4.0/bazel-5.4.0-linux-x86_64;
+ sha256 = "1w58m1brwjfwsv48fmd66inry67m4vgb3bwvwmamhdv099v183jg";
+ };
+ unpackPhase = ''
+ true
+ '';
+ buildPhase = ''
+ mkdir -p $out/bin
+ cp $src $out/bin/.bazel-inner
+ chmod +x $out/bin/.bazel-inner
+
+ cat > $out/bin/bazel <<EOF
+ #!/usr/bin/bash
+ export BAZEL_REAL=$out/bin/.bazel-inner
+ function get_workspace_root() {
+ workspace_dir="\''${PWD}"
+ while [[ "\''${workspace_dir}" != / ]]; do
+ if [[ -e "\''${workspace_dir}/WORKSPACE" || -e "\''${workspace_dir}/WORKSPACE.bazel" ]]; then
+ readonly workspace_dir
+ return
+ fi
+ workspace_dir="$(dirname "\''${workspace_dir}")"
+ done
+ readonly workspace_dir=""
+ }
+
+ get_workspace_root
+ readonly wrapper="\''${workspace_dir}/tools/bazel"
+ if [ -f "\''${wrapper}" ]; then
+ exec -a "\$0" "\''${wrapper}" "\$@"
+ fi
+ exec -a "\$0" "\''${BAZEL_REAL}" "\$@"
+ EOF
+ chmod +x $out/bin/bazel
+ '';
+ dontStrip = true;
+ })
+ zlib
+ curl
+ gcc
+ binutils
+ openjdk11
+ patch
+ python3
+ busybox
+ niv
+ google-cloud-sdk
+ ];
+ runScript = wrapper;
+})