# shell.nix with import {}; let sops-nix = builtins.fetchTarball { url = "https://github.com/Mic92/sops-nix/archive/master.tar.gz"; }; lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked; in # A nixpkgs instance that is grabbed from the pinned nixpkgs commit in the lock file # Useful to avoid using channels when using legacy nix commands { pkgs ? import (fetchTarball {url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; sha256 = lock.narHash;}); }: { mkShell { NIX_CONFIG = "experimental-features = nix-command flakes"; # imports all files ending in .asc/.gpg sopsPGPKeyDirs = [ "${toString ./.}/keys/hosts" "${toString ./.}/keys/users" ]; nativeBuildInputs = [ pkgs.nix pkgs.home-manager pkgs.git (pkgs.callPackage sops-nix {}).sops-import-keys-hook ]; } }