Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 98000a51baafc40f861bd17d8a333b65035df21c^! / . / shell.nix
commit98000a51baafc40f861bd17d8a333b65035df21c[log] [tgz]
authorTim Windelschmidt <tim@monogon.tech>Thu Mar 06 14:22:15 2025 +0100
committerTim Windelschmidt <tim@monogon.tech>Tue Jul 01 10:52:10 2025 +0000
treeb6f7c11992b9c61d522c60a86b342a377ee160f2
parenta5a817009be47049d7302dd0c1ec08f13c1fe4a7 [diff] [blame]
third_party/nix: introduce toolchain bundle

This introduces a nix derivation that builds a musl amd64/aarch64
toolchain sysroot.

Change-Id: Iba082edb8fd1f2ab580020bb1c7339a76487f3c8
Reviewed-on: https://review.monogon.dev/c/monogon/+/4006
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI

diff --git a/shell.nix b/shell.nix
index 3963630..5d4fa01 100644
--- a/shell.nix
+++ b/shell.nix

@@ -1,6 +1,64 @@
 # If you're on NixOS, use me! `nix-shell --pure`.
-{ sources ? import third_party/nix/sources.nix }:
+{ pkgs ? (import ./third_party/nix { }), extraConf ? "" }:
 let
-    pkgs = import sources.nixpkgs {};
+  wrapper = pkgs.writeScript "wrapper.sh"
+    ''
+      # Fancy colorful PS1 to make people notice easily they're in the Monogon Nix shell.
+      PS1='\[\033]0;\u/monogon:\w\007\]'
+      if type -P dircolors >/dev/null ; then
+        PS1+='\[\033[01;35m\]\u/monogon\[\033[01;36m\] \w \$\[\033[00m\] '
+      fi
+      export PS1
+
+      # Use Nix-provided cert store.
+      export NIX_SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+      export SSL_CERT_FILE="${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+
+      # Let some downstream machinery know we're on NixOS. This is used mostly to
+      # work around Bazel/NixOS interactions.
+      export MONOGON_NIXOS=yep
+
+      # Convince rules_go to use /bin/bash and not a NixOS store bash which has
+      # no idea how to resolve other things in the nix store once PATH is
+      # stripped by (host_)action_env.
+      export BAZEL_SH=/bin/bash
+
+      # buildFHSEnv makes /etc a tmpfs and symlinks some files from host /etc.
+      # Create some additional symlinks for files we want from host /etc.
+      for i in bazel.bazelrc gitconfig; do
+          if [[ -e "/.host-etc/$i" ]] && [[ ! -e "/etc/$i" ]]; then
+              ln -s "/.host-etc/$i" "/etc/$i"
+          fi
+      done
+
+      ${extraConf}
+
+      # Allow passing a custom command via env since nix-shell doesn't support
+      # this yet: https://github.com/NixOS/nix/issues/534
+      if [ ! -n "$COMMAND" ]; then
+          COMMAND="bash --noprofile --norc"
+      fi
+      exec $COMMAND
+    '';
 in
-(import third_party/nix/env.nix { inherit pkgs; }).env
+(pkgs.buildFHSEnv {
+  name = "monogon-nix";
+  targetPkgs = targetPkgs: with targetPkgs; [
+    bazel-unwrapped # Our custom bazel package based on upstream
+    git
+    buildifier
+    zlib
+    curl
+    gcc
+    binutils
+    openjdk21
+    patch
+    python3
+    busybox
+    niv
+    google-cloud-sdk
+    swtpm
+    nix
+  ];
+  runScript = wrapper;
+}).env