feat: use forked nh with support for doas instead of fish wrapper

2025-02-07 13:11:10 -08:00 · 2025-02-02 23:18:19 -08:00 · 2025-02-02 23:18:19 -08:00 · c6235fe00c
commit c6235fe00c
parent 4930320599
4 changed files with 31 additions and 17 deletions
--- a/flake.lock
+++ b/flake.lock
@ -646,6 +646,26 @@
        "type": "github"
      }
    },
+    "nh-doas": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1738564910,
+        "narHash": "sha256-rd1pnAiRYolXH1R1Zbs6UQFjW1b5DdEJeyq2udUnjCo=",
+        "owner": "youwen5",
+        "repo": "nh",
+        "rev": "f4d93dfda62f034bbc08dc3bfea78213ec99b3be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "youwen5",
+        "repo": "nh",
+        "type": "github"
+      }
+    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@ -909,6 +929,7 @@
        "homebrew-core": "homebrew-core",
        "lanzaboote": "lanzaboote",
        "musnix": "musnix",
+        "nh-doas": "nh-doas",
        "nix-darwin": "nix-darwin",
        "nix-flatpak": "nix-flatpak",
        "nix-homebrew": "nix-homebrew",
--- a/flake.nix
+++ b/flake.nix
@ -107,6 +107,11 @@
      url = "github:musnix/musnix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    nh-doas = {
+      url = "github:youwen5/nh";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs =
--- a/hm/modules/linux/default.nix
+++ b/hm/modules/linux/default.nix
@ -22,23 +22,6 @@
    #   nix flake update --commit-lock-file
    #   doas nixos-rebuild --flake ~/.config/liminalOS\#${osConfig.networking.hostName} switch &| nom
    # '';
-    nh = {
-      # wrapper for nh as it doesn't work with `doas`
-      body = ''
-        if count $argv > /dev/null
-            set subcommand (string join " " $argv)
-            if contains -- $subcommand "os switch" "os test" "os boot"
-                doas ${pkgs.nh}/bin/nh $argv -R
-            else if contains -- $subcommand "clean all"
-                doas ${pkgs.nh}/bin/nh $argv
-            else
-                ${pkgs.nh}/bin/nh $argv
-            end
-        else
-            ${pkgs.nh}/bin/nh
-        end
-      '';
-    };
    spt = "${pkgs.spotify-player}/bin/spotify_player";
  };

--- a/modules/linux/core/default.nix
+++ b/modules/linux/core/default.nix
@ -129,6 +129,11 @@ in
        extraArgs = "--keep-since 4d --keep 3";
      };
      flake = config.liminalOS.flakeLocation;
+      package = lib.mkIf config.security.doas.enable inputs.nh-doas.packages.${pkgs.system}.default;
+    };
+
+    environment.variables = lib.mkIf (cfg.useNh && config.security.doas.enable) {
+      NH_FLAKE = config.programs.nh.flake;
    };

    programs.nix-ld = {