prefix nixpkgs# explicitly in nix_shell

This makes the function usage less confusing (you can now tell from the call side what are flags and what is passed to nix-shell) and allows to use different flakes to download packages.
2023-12-08 15:00:11 +01:00 · 2023-12-08 15:00:11 +01:00 · 1496f45fe2
commit 1496f45fe2
parent f6d4c721c4
12 changed files with 45 additions and 39 deletions
--- a/pkgs/clan-cli/clan_cli/flakes/create.py
+++ b/pkgs/clan-cli/clan_cli/flakes/create.py
@ -26,28 +26,30 @@ async def create_flake(directory: Path, url: str) -> dict[str, CmdOut]:
    out = await run(command, cwd=directory)
    response["flake init"] = out

-    command = nix_shell(["git"], ["git", "init"])
+    command = nix_shell(["nixpkgs#git"], ["git", "init"])
    out = await run(command, cwd=directory)
    response["git init"] = out

-    command = nix_shell(["git"], ["git", "add", "."])
+    command = nix_shell(["nixpkgs#git"], ["git", "add", "."])
    out = await run(command, cwd=directory)
    response["git add"] = out

-    # command = nix_shell(["git"], ["git", "config", "init.defaultBranch", "main"])
+    # command = nix_shell(["nixpkgs#git"], ["git", "config", "init.defaultBranch", "main"])
    # out = await run(command, cwd=directory)
    # response["git config"] = out

-    command = nix_shell(["git"], ["git", "config", "user.name", "clan-tool"])
+    command = nix_shell(["nixpkgs#git"], ["git", "config", "user.name", "clan-tool"])
    out = await run(command, cwd=directory)
    response["git config"] = out

-    command = nix_shell(["git"], ["git", "config", "user.email", "clan@example.com"])
+    command = nix_shell(
+        ["nixpkgs#git"], ["git", "config", "user.email", "clan@example.com"]
+    )
    out = await run(command, cwd=directory)
    response["git config"] = out

    # TODO: Find out why this fails on Johannes machine
-    # command = nix_shell(["git"], ["git", "commit", "-a", "-m", "Initial commit"])
+    # command = nix_shell(["nixpkgs#git"], ["git", "commit", "-a", "-m", "Initial commit"])
    # out = await run(command, cwd=directory)
    # response["git commit"] = out

--- a/pkgs/clan-cli/clan_cli/git.py
+++ b/pkgs/clan-cli/clan_cli/git.py
@ -38,7 +38,7 @@ def _commit_file_to_git(repo_dir: Path, file_path: Path, commit_message: str) ->
    :raises ClanError: If the file is not in the git repository.
    """
    cmd = nix_shell(
-        ["git"],
+        ["nixpkgs#git"],
        ["git", "-C", str(repo_dir), "add", str(file_path)],
    )
    # add the file to the git index
@ -51,7 +51,7 @@ def _commit_file_to_git(repo_dir: Path, file_path: Path, commit_message: str) ->

    # check if there is a diff
    cmd = nix_shell(
-        ["git"],
+        ["nixpkgs#git"],
        ["git", "-C", str(repo_dir), "diff", "--cached", "--exit-code", str(file_path)],
    )
    result = subprocess.run(cmd, cwd=repo_dir)
@ -61,7 +61,7 @@ def _commit_file_to_git(repo_dir: Path, file_path: Path, commit_message: str) ->

    # commit only that file
    cmd = nix_shell(
-        ["git"],
+        ["nixpkgs#git"],
        [
            "git",
            "-C",
--- a/pkgs/clan-cli/clan_cli/machines/install.py
+++ b/pkgs/clan-cli/clan_cli/machines/install.py
@ -28,7 +28,7 @@ def install_nixos(machine: Machine) -> None:

        subprocess.run(
            nix_shell(
-                ["nixos-anywhere"],
+                ["nixpkgs#nixos-anywhere"],
                [
                    "nixos-anywhere",
                    "-f",
--- a/pkgs/clan-cli/clan_cli/nix.py
+++ b/pkgs/clan-cli/clan_cli/nix.py
@ -88,16 +88,15 @@ def nix_shell(packages: list[str], cmd: list[str]) -> list[str]:
    # in our tests we just make sure we have all the packages
    if os.environ.get("IN_NIX_SANDBOX"):
        return cmd
-    wrapped_packages = [f"nixpkgs#{p}" for p in packages]
-    return (
-        nix_command(
+    return [
+        *nix_command(
            [
                "shell",
                "--inputs-from",
                f"{nixpkgs_flake()!s}",
            ]
-        )
-        + wrapped_packages
-        + ["-c"]
-        + cmd
-    )
+        ),
+        *packages,
+        "-c",
+        *cmd,
+    ]
--- a/pkgs/clan-cli/clan_cli/secrets/import_sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/import_sops.py
@ -22,7 +22,7 @@ def import_sops(args: argparse.Namespace) -> None:
        if args.input_type:
            cmd += ["--input-type", args.input_type]
        cmd += ["--output-type", "json", "--decrypt", args.sops_file]
-        cmd = nix_shell(["sops"], cmd)
+        cmd = nix_shell(["nixpkgs#sops"], cmd)
        try:
            res = subprocess.run(cmd, check=True, text=True, stdout=subprocess.PIPE)
        except subprocess.CalledProcessError as e:
--- a/pkgs/clan-cli/clan_cli/secrets/sops.py
+++ b/pkgs/clan-cli/clan_cli/secrets/sops.py
@ -21,7 +21,7 @@ class SopsKey:


 def get_public_key(privkey: str) -> str:
-    cmd = nix_shell(["age"], ["age-keygen", "-y"])
+    cmd = nix_shell(["nixpkgs#age"], ["age-keygen", "-y"])
    try:
        res = subprocess.run(
            cmd, input=privkey, stdout=subprocess.PIPE, text=True, check=True
@ -34,7 +34,7 @@ def get_public_key(privkey: str) -> str:


 def generate_private_key() -> tuple[str, str]:
-    cmd = nix_shell(["age"], ["age-keygen"])
+    cmd = nix_shell(["nixpkgs#age"], ["age-keygen"])
    try:
        proc = subprocess.run(cmd, check=True, stdout=subprocess.PIPE, text=True)
        res = proc.stdout.strip()
@ -119,7 +119,7 @@ def sops_manifest(keys: list[str]) -> Iterator[Path]:
 def update_keys(secret_path: Path, keys: list[str]) -> None:
    with sops_manifest(keys) as manifest:
        cmd = nix_shell(
-            ["sops"],
+            ["nixpkgs#sops"],
            [
                "sops",
                "--config",
@ -146,7 +146,7 @@ def encrypt_file(
        if not content:
            args = ["sops", "--config", str(manifest)]
            args.extend([str(secret_path)])
-            cmd = nix_shell(["sops"], args)
+            cmd = nix_shell(["nixpkgs#sops"], args)
            p = subprocess.run(cmd)
            # returns 200 if the file is changed
            if p.returncode != 0 and p.returncode != 200:
@ -166,7 +166,7 @@ def encrypt_file(
                # we pass an empty manifest to pick up existing configuration of the user
                args = ["sops", "--config", str(manifest)]
                args.extend(["-i", "--encrypt", str(f.name)])
-                cmd = nix_shell(["sops"], args)
+                cmd = nix_shell(["nixpkgs#sops"], args)
                subprocess.run(cmd, check=True)
                # atomic copy of the encrypted file
                with NamedTemporaryFile(dir=folder, delete=False) as f2:
@ -182,7 +182,8 @@ def encrypt_file(
 def decrypt_file(secret_path: Path) -> str:
    with sops_manifest([]) as manifest:
        cmd = nix_shell(
-            ["sops"], ["sops", "--config", str(manifest), "--decrypt", str(secret_path)]
+            ["nixpkgs#sops"],
+            ["sops", "--config", str(manifest), "--decrypt", str(secret_path)],
        )
    res = subprocess.run(cmd, stdout=subprocess.PIPE, text=True)
    if res.returncode != 0:
--- a/pkgs/clan-cli/clan_cli/secrets/sops_generate.py
+++ b/pkgs/clan-cli/clan_cli/secrets/sops_generate.py
@ -61,7 +61,7 @@ export secrets={shlex.quote(str(secrets_dir))}
 {generator}
        """
        try:
-            cmd = nix_shell(["bash"], ["bash", "-c", text])
+            cmd = nix_shell(["nixpkgs#bash"], ["bash", "-c", text])
            subprocess.run(cmd, check=True)
        except subprocess.CalledProcessError:
            msg = "failed to the following command:\n"
--- a/pkgs/clan-cli/clan_cli/secrets/upload.py
+++ b/pkgs/clan-cli/clan_cli/secrets/upload.py
@ -21,7 +21,7 @@ def upload_secrets(machine: Machine) -> None:
            ssh_cmd = host.ssh_cmd()
            subprocess.run(
                nix_shell(
-                    ["rsync"],
+                    ["nixpkgs#rsync"],
                    [
                        "rsync",
                        "-e",
--- a/pkgs/clan-cli/clan_cli/ssh/cli.py
+++ b/pkgs/clan-cli/clan_cli/ssh/cli.py
@ -11,10 +11,10 @@ def ssh(
    password: str | None = None,
    ssh_args: list[str] = [],
 ) -> None:
-    packages = ["tor", "openssh"]
+    packages = ["nixpkgs#tor", "nixpkgs#openssh"]
    password_args = []
    if password:
-        packages.append("sshpass")
+        packages.append("nixpkgs#sshpass")
        password_args = [
            "sshpass",
            "-p",
@ -37,7 +37,7 @@ def qrcode_scan(picture_file: str) -> str:
    return (
        subprocess.run(
            nix_shell(
-                ["zbar"],
+                ["nixpkgs#zbar"],
                [
                    "zbarimg",
                    "--quiet",
--- a/pkgs/clan-cli/clan_cli/vms/run.py
+++ b/pkgs/clan-cli/clan_cli/vms/run.py
@ -189,7 +189,7 @@ def generate_secrets(
 def prepare_disk(tmpdir: Path, log_fd: IO[str] | None) -> Path:
    disk_img = tmpdir / "disk.img"
    cmd = nix_shell(
-        ["qemu"],
+        ["nixpkgs#qemu"],
        [
            "qemu-img",
            "create",
@ -211,7 +211,7 @@ def prepare_disk(tmpdir: Path, log_fd: IO[str] | None) -> Path:
        )

    cmd = nix_shell(
-        ["e2fsprogs"],
+        ["nixpkgs#e2fsprogs"],
        [
            "mkfs.ext4",
            "-L",
@ -269,11 +269,11 @@ def run_vm(
        if vm.wayland:
            packages = ["git+https://git.clan.lol/clan/clan-core.git#qemu-wayland"]
        else:
-            packages = ["qemu"]
+            packages = ["nixpkgs#qemu"]

        env = os.environ.copy()
        if vm.graphics and not vm.wayland:
-            packages.append("virt-viewer")
+            packages.append("nixpkgs#virt-viewer")
            remote_viewer_mimetypes = module_root() / "vms" / "mimetypes"
            env[
                "XDG_DATA_DIRS"
--- a/pkgs/clan-cli/tests/conftest.py
+++ b/pkgs/clan-cli/tests/conftest.py
@ -26,12 +26,12 @@ pytest_plugins = [
@pytest.fixture
 def git_repo(tmp_path: Path) -> Path:
    # initialize a git repository
-    cmd = nix_shell(["git"], ["git", "init"])
+    cmd = nix_shell(["nixpkgs#git"], ["git", "init"])
    subprocess.run(cmd, cwd=tmp_path, check=True)
    # set user.name and user.email
-    cmd = nix_shell(["git"], ["git", "config", "user.name", "test"])
+    cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.name", "test"])
    subprocess.run(cmd, cwd=tmp_path, check=True)
-    cmd = nix_shell(["git"], ["git", "config", "user.email", "test@test.test"])
+    cmd = nix_shell(["nixpkgs#git"], ["git", "config", "user.email", "test@test.test"])
    subprocess.run(cmd, cwd=tmp_path, check=True)
    # return the path to the git repository
    return tmp_path
--- a/pkgs/clan-cli/tests/test_secrets_password_store.py
+++ b/pkgs/clan-cli/tests/test_secrets_password_store.py
@ -35,10 +35,14 @@ def test_upload_secret(
    )
    cli = Cli()
    subprocess.run(
-        nix_shell(["gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)]),
+        nix_shell(
+            ["nixpkgs#gnupg"], ["gpg", "--batch", "--gen-key", str(gpg_key_spec)]
+        ),
        check=True,
    )
-    subprocess.run(nix_shell(["pass"], ["pass", "init", "test@local"]), check=True)
+    subprocess.run(
+        nix_shell(["nixpkgs#pass"], ["pass", "init", "test@local"]), check=True
+    )
    cli.run(["secrets", "generate", "vm1"])
    network_id = machine_get_fact(
        test_flake_with_core_and_pass.path, "vm1", "zerotier-network-id"