From c6235fe00cc27edf27cbdef3c39f1a106b6eead3 Mon Sep 17 00:00:00 2001
From: Youwen Wu <youwenw@gmail.com>
Date: Sun, 2 Feb 2025 23:18:19 -0800
Subject: [PATCH] feat: use forked nh with support for doas instead of fish
 wrapper

---
 flake.lock                     | 21 +++++++++++++++++++++
 flake.nix                      |  5 +++++
 hm/modules/linux/default.nix   | 17 -----------------
 modules/linux/core/default.nix |  5 +++++
 4 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/flake.lock b/flake.lock
index 94f73d8..89868fd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -646,6 +646,26 @@
         "type": "github"
       }
     },
+    "nh-doas": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1738564910,
+        "narHash": "sha256-rd1pnAiRYolXH1R1Zbs6UQFjW1b5DdEJeyq2udUnjCo=",
+        "owner": "youwen5",
+        "repo": "nh",
+        "rev": "f4d93dfda62f034bbc08dc3bfea78213ec99b3be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "youwen5",
+        "repo": "nh",
+        "type": "github"
+      }
+    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -909,6 +929,7 @@
         "homebrew-core": "homebrew-core",
         "lanzaboote": "lanzaboote",
         "musnix": "musnix",
+        "nh-doas": "nh-doas",
         "nix-darwin": "nix-darwin",
         "nix-flatpak": "nix-flatpak",
         "nix-homebrew": "nix-homebrew",
diff --git a/flake.nix b/flake.nix
index 16a7814..0aa5e7f 100755
--- a/flake.nix
+++ b/flake.nix
@@ -107,6 +107,11 @@
       url = "github:musnix/musnix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    nh-doas = {
+      url = "github:youwen5/nh";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
diff --git a/hm/modules/linux/default.nix b/hm/modules/linux/default.nix
index d5ce946..770c01e 100755
--- a/hm/modules/linux/default.nix
+++ b/hm/modules/linux/default.nix
@@ -22,23 +22,6 @@
     #   nix flake update --commit-lock-file
     #   doas nixos-rebuild --flake ~/.config/liminalOS\#${osConfig.networking.hostName} switch &| nom
     # '';
-    nh = {
-      # wrapper for nh as it doesn't work with `doas`
-      body = ''
-        if count $argv > /dev/null
-            set subcommand (string join " " $argv)
-            if contains -- $subcommand "os switch" "os test" "os boot"
-                doas ${pkgs.nh}/bin/nh $argv -R
-            else if contains -- $subcommand "clean all"
-                doas ${pkgs.nh}/bin/nh $argv
-            else
-                ${pkgs.nh}/bin/nh $argv
-            end
-        else
-            ${pkgs.nh}/bin/nh
-        end
-      '';
-    };
     spt = "${pkgs.spotify-player}/bin/spotify_player";
   };
 
diff --git a/modules/linux/core/default.nix b/modules/linux/core/default.nix
index 9f5a6b5..484c852 100644
--- a/modules/linux/core/default.nix
+++ b/modules/linux/core/default.nix
@@ -129,6 +129,11 @@ in
         extraArgs = "--keep-since 4d --keep 3";
       };
       flake = config.liminalOS.flakeLocation;
+      package = lib.mkIf config.security.doas.enable inputs.nh-doas.packages.${pkgs.system}.default;
+    };
+
+    environment.variables = lib.mkIf (cfg.useNh && config.security.doas.enable) {
+      NH_FLAKE = config.programs.nh.flake;
     };
 
     programs.nix-ld = {