From 0e9f1e85cd8c6f9d546ef88e971043b909017170 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 7 Nov 2022 20:51:39 +0100
Subject: ...

---
 shell.nix | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

(limited to 'shell.nix')

diff --git a/shell.nix b/shell.nix
index 6ada761e..14125d02 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,8 +1,29 @@
-{ pkgs ? import <nixpkgs> {}, deploy-rs, nvfetcher }:
+{ system, self, deploy-rs, nvfetcher, mach-nix, leapseconds, ... }:
 let
-  tai64dec = pkgs.writeShellScriptBin "tai64dec" ''
-    echo $((16#$(${pkgs.daemontools}/bin/tai64n <<<"" | ${pkgs.coreutils}/bin/tail -c +2 | ${pkgs.coreutils}/bin/head -c 16)))
-  '';
+  pkgs = self.legacyPackages.${system};
+
+  ca = mach-nix.lib.${system}.buildPythonPackage {
+    pname = "ca";
+    src = ./tools/ca;
+    version = "0.0.0";
+    ignoreDataOutdated = true;
+
+    requirements = ''
+      cryptography >=38.0.0
+      fqdn
+      atomicwrites
+      leapseconddata
+      xkcdpass
+    '';
+
+    _.cryptography.buildInputs = with pkgs; [ openssl ];
+
+    postInstall = ''
+      wrapProgram $out/bin/ca \
+        --set-default LEAPSECONDS_FILE ${leapseconds} \
+        --prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])}
+    '';
+  };
 in pkgs.mkShell {
   name = "nixos";
   nativeBuildInputs = with pkgs; [
@@ -10,10 +31,10 @@ in pkgs.mkShell {
     wireguard-tools
     gup
     nftables
-    deploy-rs
-    tai64dec
+    deploy-rs.packages.${system}.deploy-rs
     knot-dns
     yq
-    nvfetcher
+    nvfetcher.defaultPackage.${system}
+    ca
   ];
 }
-- 
cgit v1.2.3