shell: improve hermeticity
* Add some missing tools and ssl cert bundles to fix builds when using
nix-shell --pure
* Replaced broken //tools:install with direct bazel build in shell.nix
initialization to prevent cache thrashing
* Added fontconfig file with roboto font for use in wkhtmltopdf
Change-Id: I062380df5f1d83a0fb2df8ca172f362fff9ecf8e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1301
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: pl <pl@hackerspace.pl>
diff --git a/shell.nix b/shell.nix
index e295a36..c55ee00 100644
--- a/shell.nix
+++ b/shell.nix
@@ -6,11 +6,28 @@
in with hscloud.pkgs; let
+ fontconfig = pkgs.writeText "fc-00-nixos-cache.conf" ''
+ <?xml version="1.0" encoding="UTF-8"?>
+ <!DOCTYPE fontconfig SYSTEM "urn:fontconfig:fonts.dtd">
+ <fontconfig>
+ <include>/etc/fonts/fonts.conf</include>
+ <dir>${pkgs.roboto}</dir>
+ </fontconfig>
+ '';
+
wrapper = pkgs.writeScript "wrapper.sh"
''
- source /etc/profile
+ export NIX_SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
+ export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
+ export FONTCONFIG_FILE="${fontconfig}"
+
source ${toString ./.}/env.sh
- bazel run //tools:install
+
+ # FIXME: //tools:install runs in a different PATH which thrashes our cache
+ # and causes massive rebuilds on every launch... This next line is the only
+ # important part off tools/install.sh
+ # bazel run //tools:install
+ bazel build //tools/... //cluster/tools/...
# Fancy colorful PS1 to make people notice easily they're in hscloud.
PS1='\[\033]0;\u/hscloud:\w\007\]'
@@ -19,7 +36,7 @@
fi
export PS1
- exec bash "$@"
+ exec bash --noprofile --norc "$@"
'';
in (pkgs.buildFHSUserEnv {
@@ -38,6 +55,10 @@
which
gnupg
nettools
+ file
+ curl
+ netcat
+ nix
];
multiPkgs = pkgs: [
(pkgs.runCommand "protocols" {}