feat: patch agenix to support functions

Signed-off-by: Reputable2722 <[email protected]>
Reputable2772 · Jul 28, 2024 · 01b3039 · 01b3039
1 parent 0e13dff
commit 01b3039
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 15 deletions.
diff --git a/Config/config.nix b/Config/config.nix
@@ -6,6 +6,7 @@
 
   All the keys are added to ssh-agent using KeePassXC.
 */
+{ _home ? { } }:
 rec {
   flake = {
     dir = rec {
@@ -41,7 +42,7 @@ rec {
 
   users = {
     wickedwizard = rec {
-      home = "/home/wickedwizard";
+      home = _home.wickedwizard or "";
       /**
         There needs to be a corresponding age file, with the name
         `user-backup.age`, use system encryption keys only.

diff --git a/Shells/agenix.patch b/Shells/agenix.patch
@@ -0,0 +1,20 @@
+--- a/pkgs/agenix.sh
++++ b/pkgs/agenix.sh
+@@ -115,7 +115,7 @@ function cleanup {
+ trap "cleanup" 0 2 3 15
+
+ function keys {
+-    (@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
++    (@nixInstantiate@ --json --eval --strict -E "(let _rules = import $RULES; rules = if (builtins.isFunction _rules) then _rules {} else _rules; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
+ }
+
+ function decrypt {
+@@ -189,7 +189,7 @@ function edit {
+ }
+
+ function rekey {
+-    FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)"  | @jqBin@ -r .[]) || exit 1)
++    FILES=$( (@nixInstantiate@ --json --eval -E "(let _rules = import $RULES; rules = if (builtins.isFunction _rules) then _rules {} else _rules; in builtins.attrNames rules)"  | @jqBin@ -r .[]) || exit 1)
+
+     for FILE in $FILES
+     do
diff --git a/Shells/default.nix b/Shells/default.nix
@@ -1,18 +1,31 @@
 { config, pkgs, inputs, ... }: {
-  devshell = {
-    name = "Development Shell for System Flake";
-    packages = with pkgs; [
-      coreutils
-      curl
-      jq
-      hydra-check
-      nixpkgs-fmt
-      nix-diff
-      inputs.agenix.packages.${pkgs.system}.default
-    ];
+  devshell =
+    let
+      _agenix = pkgs.applyPatches {
+        name = "agenix-patched";
+        src = inputs.agenix.outPath;
+        patches = [ ./agenix.patch ];
+      };
+      agenix_args = inputs.agenix.inputs // { self = inputs.agenix.outputs; };
+    in
+    {
+      name = "Development Shell for System Flake";
+      packages = with pkgs; [
+        coreutils
+        curl
+        jq
+        hydra-check
+        nixpkgs-fmt
+        nix-diff
+        # A weird, but working hack. We import outputs of the patched flake, and then pass it the
+        # args of the unpatched flake.
+
+        # This hack is needed since agenix's src is a single file, and that cannot be patched.
+        ((import "${_agenix}/flake.nix").outputs agenix_args).packages.${pkgs.system}.agenix
+      ];
 
-    startup.pre-commit.text = config.pre-commit.installationScript;
-  };
+      startup.pre-commit.text = config.pre-commit.installationScript;
+    };
 
   commands = [
     {

diff --git a/flake.nix b/flake.nix
@@ -61,14 +61,21 @@
             inherit system;
             specialArgs = {
               inherit inputs;
-              config' = import ./Config/config.nix;
               polyfill = false;
               lib' = import ./lib { inherit pkgs; };
               sources = import ./_sources/generated.nix { inherit (pkgs) fetchurl fetchgit fetchFromGitHub dockerTools; };
             };
             modules = [
               ./System/Common
               ./System/HP-Laptop
+
+              ({ config, ... }: {
+                _module.args = {
+                  config' = import ./Config/config.nix {
+                    _home = pkgs.lib.attrsets.mapAttrs (n: v: v.home.homeDirectory) config.home-manager.users;
+                  };
+                };
+              })
             ];
           };