Merge branch 'staging' into 'master'

Staging See merge request steveeJ/infra!7
2018-11-11 00:08:06 +00:00 · 2018-11-11 00:08:06 +00:00 · 812da9780a
commit 812da9780a
parent 097d8dfd35 33e015bb92
17 changed files with 550 additions and 98 deletions
--- a/37
+++ b/37
@ -6,9 +6,14 @@ _device action dir +moreargs="":
 	set -ex
 	sudo $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A {{action}} --argstr dir {{dir}} {{moreargs}})
-_rebuild-device dir rebuildarg="dry-activate" +moreargs="":
+_render_templates:
 	#!/usr/bin/env bash
 	set -ex
 	nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix
 _rebuild-device dir rebuildarg="dry-activate" +moreargs="": _render_templates
 	#!/usr/bin/env bash
 	set -ex
 	just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}}
 # Rebulid this device's NixOS
@ -73,29 +78,9 @@ hm-iterate-qtile:
 	wait $!
 	kill ${XEPHYR_PID}
-# Sorry, this is a manual step for now. Please see nix/os/modules/encryptedDisk.nix for the layout
+# !!! DANGERIOUS !!! This wipes the disk which is configured for the given device.
-disk-prepare:
+disk-prepare dir:
-	echo NOT IMPLEMENTED
+	just -v _device diskPrepare {{dir}} --argstr rebuildarg "dummy"
 	# GPT partition table
 	# part1: size: 1MiB 	type: 4 BIOS BOOT
 	# part2: size: 512MiB label: 2-DISKID		(36 char limit?)
 	# part3: size: * 			label: 3-DISKID		(36 char limit?)
 	# cryptsetup format part3
 	# vgcreate DISKID part3
 	# lvcreate DISKID -L 8G -n swap
 	# lvcreate DISKID -l 100%FREE -n root
 	# sudo mkfs.vfat -F32 part2
 	# sudo mkfs.btrfs /dev/DISKID/root
 	# sudo mkswap /dev/DISKID/swap
 	# sudo mount /dev/DISKID/root /mnt
 	# sudo btrfs subvolume create nixos
 	# sudo btrfs subvolume create home
 	# sudo mount /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root
 	# pushd /dev/disk/by-partlabel/3-DISKID /mnt/DISKID-root
 	# sudo btrfs subvolume create nixos
 	# sudo mkdir nixos/{boot,home}
 	# sudo btrfs subvolume create home
 	# 
 # Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6'
 disk-mount dir:
@ -105,6 +90,6 @@ disk-mount dir:
 disk-umount dir:
 	just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy"
-# Perform an offline installation on the mounted the target disk, specified by device configuration directory
+# Perform an offline installation on the mounted target disk, specified by device configuration directory
-disk-install dir:
+disk-install dir: _render_templates
 	just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy"
--- a/README.md
+++ b/README.md
@ -9,34 +9,32 @@ In the unlikely case that you actually read this and have any questions please d
 - All graphical systems (incl. install media) must have
  - [x] Full-disk encryption by default
  - [x] Yubikey support with SSH auth
- [ ] Migrate all devices to new structure
+- [x] Migrate all devices to new structure
  - [x] Encrypted Install media
  - [x] steveej-laptop
-  - [ ] steveej-laptop-work
+  - [x] steveej-laptop-work
 - [ ] Migrate home environment to new structure
  - [x] home-manager
  - [x] pkgs-configuration
  - [ ] development environments
 - [ ] (Semi-) automatic synchronization of important repositories
-  - [ ] Modification strategy
+  - [x] Modification strategy
-  - [ ] dotfiles
+  - [x] dotfiles
  - [ ] password-store
  - [ ] this repo
- [ ] Toplevel Justfile for simple actions
+- [x] Toplevel Justfile for simple actions
  - [x] mount/umount disks
  - [x] install to mounted disk
  - [x] rebuild running system
  - [x] update running system
  - [x] annotate recipes with some documentation
  - [x] declare shell.nix with runtime deps
-  - [ ] partition/encrypt/format disks
+  - [x] partition/encrypt/format disks
 - [ ] Document bootstrap process
  - [ ] a new machine
  - [ ] an install media
 - [ ] Design disaster recovery
- [ ] Automatic backups
+- [ ] Automatic synchronization of other state files - see https://gitlab.com/steveeJ/nix-expressions/issues/2
  - [ ] tracked dotfiles
  - [ ] detect new and untracked dotfiles?
 - [ ] Recycle *\_archived*
 - [ ] Maybe make this a nix-overlay
--- a/nix/home-manager/configuration/graphical-fullblown.nix
+++ b/nix/home-manager/configuration/graphical-fullblown.nix
@ -196,6 +196,7 @@ in {
      wireshark
      # Code Editors
      unstablepkgs.atom
      xclip
      xsel
      unstablepkgs.vscode
@ -214,8 +215,6 @@ in {
      #   ];
      # })
      unstablepkgs.atom
      # Image/Graphic/Design Tools
      gnome3.eog
      gimp
--- a/nix/home-manager/configuration/graphical-removable.nix
+++ b/nix/home-manager/configuration/graphical-removable.nix
@ -124,7 +124,7 @@ in {
      cdrtools
      # Document Processing and Management
-      unstablepkgs.zathura
+      zathura
      # File Synchronzation
      rsync
--- a/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
+++ b/nix/home-manager/profiles/dotfiles/vcsh.tmpl.nix
@ -27,7 +27,7 @@ in pkgs.writeScript "activation-script" ''
    if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
      echo Cloning dotfiles for $HOST...
-      ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} 
+      ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles
      set_remotes ${repoHttps} ${repoSsh}
    else
      set_remotes ${repoBareLocal} ${repoSsh}
--- a/nix/os/devices/default.nix
+++ b/nix/os/devices/default.nix
@ -1,21 +1,22 @@
 { pkgs ? import <nixpkgs> {}
 , ownLib ? import ../lib/default.nix { }
 , dir
 , rebuildarg
 , moreargs ? ""
 , diskId ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId
 , gitRoot ? "$(git rev-parse --show-toplevel)"
 }:
 let
-  diskId = (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.encryptedDisk.diskId;
+  mntRootVol="/mnt/${diskId}-root";
  GIT_ROOT=''''$(git rev-parse --show-toplevel)'';
-in {
+in rec {
  rebuild = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
-    pushd ${GIT_ROOT}/${dir}
+    pushd ${gitRoot}/${dir}
    export NIXOS_CONFIG="$PWD"/configuration.nix
    export INSTALL_ROOT="/mnt/$ID-root"
    [[ -e "''${NIXOS_CONFIG}" ]]
@ -28,39 +29,106 @@ in {
  diskMount = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
-    ID=${diskId}
+    echo Mounting ${diskId}
-    echo Mounting $ID
+    cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
-    set -xe
+    vgchange -ay ${ownLib.disk.volumeGroup diskId}
-    cryptsetup luksOpen /dev/disk/by-id/$ID-part3 $ID-part3
+    mkdir -p /mnt
-    vgchange -ay $ID
+    mkdir ${mntRootVol}
-    mkdir -p /mnt/$ID-root
+    mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
-    mount /dev/$ID/root /mnt/$ID-root -o subvol=nixos
+    mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home
-    mount /dev/$ID/root /mnt/$ID-root/home -o subvol=home
+    mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot
    mount /dev/disk/by-id/$ID-part2 /mnt/$ID-root/boot
  '';
  diskUmount = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
-      ID=${diskId}
+    umount -R ${mntRootVol}
-    umount -R /mnt/$ID-root
+    rmdir ${mntRootVol}
-    rmdir /mnt/$ID-root
+    vgchange -an ${ownLib.disk.volumeGroup diskId}
-    vgchange -an $ID
+    cryptsetup luksClose ${ownLib.disk.luksName diskId}
    cryptsetup luksClose $ID-part3
    sync
  '';
  diskInstall = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
-    ID=${diskId}
+    pushd ${gitRoot}/${dir}
    pushd ${GIT_ROOT}/${dir}
    export NIXOS_CONFIG="$PWD"/configuration.nix
    export INSTALL_ROOT="/mnt/$ID-root"
    [[ -e "''${NIXOS_CONFIG}" ]]
-    [[ -e "''${INSTALL_ROOT}" ]]
+    [[ -e "${mntRootVol}/nixos" ]]
-    nixos-install --max-jobs 5 --cores 4  --no-channel-copy --no-root-passwd --root "''${INSTALL_ROOT}"
+    nixos-install --max-jobs 5 --cores 4  --no-root-passwd --root ${mntRootVol}/nixos
  '';
  diskPrepare = pkgs.writeScript "script" ''
    #!/usr/bin/env bash
    set -xe
    read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice
    case "$choice" in
      YES ) echo "Continuing in 3 seconds..."; sleep 3;;
      n|N ) echo "Exiting..."; exit 0;;
      * ) echo "Exiting..."; exit 1;;
    esac
    # Partition
    sync
    {
    fdisk -w always -W always ${ownLib.disk.bootGrubDevice diskId} <<EOF
    g
    n
    1
    +1M
    n
    2
    +512M
    n
    3
    t
    1
    4
    x
    n
    2
    2-${diskId}
    n
    3
    3-${diskId}
    r
    w
    EOF
    } || {
      sync
      partprobe  ${ownLib.disk.bootGrubDevice diskId}
    }
    # Encrypt
    cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
    cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
    # LVM
    vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.luksPhysicalVolume diskId}
    lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
    lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root
    # Filesystem
    mkfs.vfat -F32 ${ownLib.disk.bootFsDevice diskId}
    mkfs.btrfs ${ownLib.disk.rootFsDevice diskId}
    mkswap ${ownLib.disk.swapFsDevice diskId}
    # Subvolume and FS hierharchy
    mkdir -p /mnt
    mkdir ${mntRootVol}
    mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
    btrfs subvolume create ${mntRootVol}/nixos
    btrfs subvolume create ${mntRootVol}/home
    mkdir ${mntRootVol}/nixos/{boot,home}
    ${diskUmount}
  '';
 }
--- a/nix/os/devices/steveej-rmvbl-sduusb3128g/configuration.nix
+++ b/nix/os/devices/steveej-rmvbl-sduusb3128g/configuration.nix
@ -0,0 +1,12 @@
 { ... }:
 {
  imports = [
    ../../profiles/common/configuration.nix
    ../../profiles/graphical/configuration.nix
    ../../profiles/removable-medium/configuration.nix
    ./system.nix
    ./hw.nix
  ];
 }
--- a/nix/os/devices/steveej-rmvbl-sduusb3128g/hw.nix
+++ b/nix/os/devices/steveej-rmvbl-sduusb3128g/hw.nix
@ -0,0 +1,9 @@
 { ... }:
 {
  # TASK: new device
  hardware.encryptedDisk = {
    enable = true;
    diskId = "usb-SanDisk_Ultra_USB_3.0_4C530001280509108321-0:0";
  };
 }
--- a/nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix
+++ b/nix/os/devices/steveej-rmvbl-sduusb3128g/system.nix
@ -0,0 +1,5 @@
 { ... }:
 {
  networking.hostName = "steveej-rmvbl-sduusb3128g"; # Define your hostname.
 }
--- a/nix/os/lib/default.nix
+++ b/nix/os/lib/default.nix
@ -25,4 +25,27 @@
    ];
    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
  } // args;
  disk = rec {
    # TODO: verify the GPT PARTLABEL cap at 36 chars
    shortenGptPartlabel = partlabel: (builtins.substring 0 36 partlabel);
    # LVM doesn't allow most characters in VG names
    # TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+]
    volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId;
    # This is important at install-time
    bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId;
    # These are guaranteed by LVM
    rootFsDevice = diskId: "/dev/" + (volumeGroup diskId) + "/root";
    swapFsDevice = diskId: "/dev/" + (volumeGroup diskId) + "/swap";
    # Cannot use the disk ID here because might be different at install vs. runtime.
    # Example: MMC card which is used in the internal reader vs. USB reader
    bootFsDevice = diskId: "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("2-"+diskId));
    bootLuksDevice = diskId: "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("3-"+diskId));
    luksName = diskId: (volumeGroup diskId)+"pv";
    luksPhysicalVolume = diskId: "/dev/mapper/" + (luksName diskId);
  };
 }
--- a/nix/os/modules/encryptedDisk.nix
+++ b/nix/os/modules/encryptedDisk.nix
@ -5,24 +5,7 @@ with lib;
 let
  cfg = config.hardware.encryptedDisk;
-
+  ownLib = import ../lib/default.nix { };
  volumeGroup = cfg.diskId;
  # This is important at install-time
  bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
  # These are guaranteed by LVM
  rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
  swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];
  # TODO: verify the GPT PARTLABEL cap at 36 chars
  shortenPartlabel = name: (builtins.substring 0 36 name);
  # Cannot use the disk ID here because might be different at install vs. runtime.
  # Example: MMC card which is used in the internal reader vs. USB reader
  bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("2-"+cfg.diskId))];
  bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" (shortenPartlabel ("3-"+cfg.diskId))];
 in {
  options.hardware.encryptedDisk = {
    enable = mkEnableOption "Enable encrypted filesystem layout";
@ -33,26 +16,26 @@ in {
  config = lib.mkIf cfg.enable {
    fileSystems."/boot" = {
-      device = bootFsDevice;
+      device = (ownLib.disk.bootFsDevice cfg.diskId);
      fsType = "vfat";
    };
    fileSystems."/" = {
-      device = rootFsDevice;
+      device = (ownLib.disk.rootFsDevice cfg.diskId);
      fsType = "btrfs";
      options = [ "subvol=nixos" ];
    };
    fileSystems."/home" = {
-      device = rootFsDevice;
+      device = (ownLib.disk.rootFsDevice cfg.diskId);
      fsType = "btrfs";
      options = [ "subvol=home" ];
    };
-    swapDevices = [ { device = swapFsDevice; } ];
+    swapDevices = [ { device = (ownLib.disk.swapFsDevice cfg.diskId); } ];
    boot.loader.grub = {
-      device = bootGrubDevice;
+      device = (ownLib.disk.bootGrubDevice cfg.diskId);
      enableCryptodisk = true;
    };
@ -60,11 +43,11 @@ in {
      {
        name =
          let
-            splitstring = builtins.split "/" bootLuksDevice;
+            splitstring = builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId);
            lastelem = (builtins.length splitstring)-1;
          in
            builtins.elemAt splitstring lastelem;
-        device = bootLuksDevice;
+        device = (ownLib.disk.bootLuksDevice cfg.diskId);
        preLVM = true;
        allowDiscards = true;
      }
--- a/nix/os/profiles/common/user.nix
+++ b/nix/os/profiles/common/user.nix
@ -4,7 +4,6 @@
 let
  passwords = import ../../../variables/passwords.crypt.nix;
  libinfraos = import ../../lib/default.nix { };
  inherit (import ../../lib/default.nix { }) mkUser mkRoot;
 in {
  users.mutableUsers = false;
--- a/nix/os/profiles/removable-medium/system.nix
+++ b/nix/os/profiles/removable-medium/system.nix
@ -8,6 +8,9 @@ in {
    enable = false;
  };
  services.spice-vdagentd.enable = true;
  services.qemuGuest.enable = true;
  virtualisation = {
    libvirtd.enable = false;
    virtualbox.host.enable = false;
--- a/nix/pkgs/duplicacy/.envrc
+++ b/nix/pkgs/duplicacy/.envrc
@ -0,0 +1 @@
 use nix
--- a/nix/pkgs/duplicacy/default.nix
+++ b/nix/pkgs/duplicacy/default.nix
@ -0,0 +1,19 @@
 { buildGoPackage
 , fetchFromGitHub
 }:
 buildGoPackage rec {
  name = "duplicay-${version}";
  version = "2.1.2";
  goPackagePath = "github.com/gilbertchen/duplicacy";
  src = fetchFromGitHub {
    "owner" = "gilbertchen";
    "repo" = "duplicacy";
    "rev" = "v2.1.2";
    "sha256" = "0v3rk4da4b6dhqq8zsr4z27wd8p7crxapkn265kwpsaa99xszzbv";
  };
  goDeps = ./deps.nix;
 }
--- a/nix/pkgs/duplicacy/deps.nix
+++ b/nix/pkgs/duplicacy/deps.nix
@ -0,0 +1,336 @@
 # file generated from Gopkg.lock using dep2nix (https://github.com/nixcloud/dep2nix)
 [
  {
    goPackagePath  = "cloud.google.com/go";
    fetch = {
      type = "git";
      url = "https://code.googlesource.com/gocloud";
      rev =  "2d3a6656c17a60b0815b7e06ab0be04eacb6e613";
      sha256 = "0fi3qj9fvc4bxbrwa1m5sxsb8yhvawiwigaddvmmizjykxbq5csq";
    };
  }
  {
    goPackagePath  = "github.com/Azure/azure-sdk-for-go";
    fetch = {
      type = "git";
      url = "https://github.com/Azure/azure-sdk-for-go";
      rev =  "b7fadebe0e7f5c5720986080a01495bd8d27be37";
      sha256 = "11zcmd17206byxhgz2a75qascilydlzjbz73l2mrqng3yyr20yk1";
    };
  }
  {
    goPackagePath  = "github.com/Azure/go-autorest";
    fetch = {
      type = "git";
      url = "https://github.com/Azure/go-autorest";
      rev =  "0ae36a9e544696de46fdadb7b0d5fb38af48c063";
      sha256 = "0f2qcv24l9bx3jys2m9ycyy77vqlx7dbfa3frxlk19wnrwiv3p6g";
    };
  }
  {
    goPackagePath  = "github.com/aryann/difflib";
    fetch = {
      type = "git";
      url = "https://github.com/aryann/difflib";
      rev =  "e206f873d14a916d3d26c40ab667bca123f365a3";
      sha256 = "00zb9sx6l6b2zq614x45zlyshl20zjhwfj8r5krw4f9y0mx3n2dm";
    };
  }
  {
    goPackagePath  = "github.com/aws/aws-sdk-go";
    fetch = {
      type = "git";
      url = "https://github.com/aws/aws-sdk-go";
      rev =  "a32b1dcd091264b5dee7b386149b6cc3823395c9";
      sha256 = "1yicb7l6m4hs3mi724hz74wn8305qvx6g73mjqafaaqvh6dyn86m";
    };
  }
  {
    goPackagePath  = "github.com/bkaradzic/go-lz4";
    fetch = {
      type = "git";
      url = "https://github.com/bkaradzic/go-lz4";
      rev =  "74ddf82598bc4745b965729e9c6a463bedd33049";
      sha256 = "1vdid8v0c2v2qhrg9rzn3l7ya1h34jirrxfnir7gv7w6s4ivdvc1";
    };
  }
  {
    goPackagePath  = "github.com/dgrijalva/jwt-go";
    fetch = {
      type = "git";
      url = "https://github.com/dgrijalva/jwt-go";
      rev =  "dbeaa9332f19a944acb5736b4456cfcc02140e29";
      sha256 = "0zk6l6kzsjdijfn7c4h0aywdjx5j2hjwi67vy1k6wr46hc8ks2hs";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/azure-sdk-for-go";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/azure-sdk-for-go";
      rev =  "bbf89bd4d716c184f158d1e1428c2dbef4a18307";
      sha256 = "14563izc2y05k8s20fmhanvjydbcq8k5adp4cgw91d9bs52qivx7";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/cli";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/cli";
      rev =  "1de0a1836ce9c3ae1bf737a0869c4f04f28a7f98";
      sha256 = "00vbyjsn009cqg24sxcizq10rgicnmrv0f8jg3fa1fw6yp5gqdl5";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/go-dropbox";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/go-dropbox";
      rev =  "90711b603312b1f973f3a5da3793ac4f1e5c2f2a";
      sha256 = "0y2ydl3mjbkfbqyygrwq7vqig9hjh7cxvzsn2gxc1851haqp4h19";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/go-ole";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/go-ole";
      rev =  "0e87ea779d9deb219633b828a023b32e1244dd57";
      sha256 = "1d937b4i9mrwfgs1s17qhbd78dcd97wwm8zsajkarky8d55rz1bw";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/go.dbus";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/go.dbus";
      rev =  "9e442e6378618c083fd3b85b703ffd202721fb17";
      sha256 = "0q8ld38gnr4adzw5287lw5f5l14yp8slxsz1za5ryrkprh04bhkv";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/goamz";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/goamz";
      rev =  "eada9f4e8cc2a45db775dee08a2c37597ce4760a";
      sha256 = "0v6i4jdly06wixmm58ygxh284hnlbfxczvcwxvywiyy9bp5qyaid";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/gopass";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/gopass";
      rev =  "bf9dde6d0d2c004a008c27aaee91170c786f6db8";
      sha256 = "1jxzyfnqi0h1fzlsvlkn10bncic803bfhslyijcxk55mgh297g45";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/keyring";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/keyring";
      rev =  "8855f5632086e51468cd7ce91056f8da69687ef6";
      sha256 = "1ja623dqnhkr1cvynrcai10s8kn2aiq53cvd8yxr47bb8i2a2q1m";
    };
  }
  {
    goPackagePath  = "github.com/gilbertchen/xattr";
    fetch = {
      type = "git";
      url = "https://github.com/gilbertchen/xattr";
      rev =  "68e7a6806b0137a396d7d05601d7403ae1abac58";
      sha256 = "120lq8vasc5yh0ajczsdpi8cfzgi4ymrnphgqdfcar3b9rsvx80b";
    };
  }
  {
    goPackagePath  = "github.com/go-ini/ini";
    fetch = {
      type = "git";
      url = "https://github.com/go-ini/ini";
      rev =  "32e4c1e6bc4e7d0d8451aa6b75200d19e37a536a";
      sha256 = "0mhgxw5q6b0pryhikx3k4wby7g32rwjjljzihi47lwn34kw5y1qn";
    };
  }
  {
    goPackagePath  = "github.com/golang/protobuf";
    fetch = {
      type = "git";
      url = "https://github.com/golang/protobuf";
      rev =  "1e59b77b52bf8e4b449a57e6f79f21226d571845";
      sha256 = "19bkh81wnp6njg3931wky6hsnnl2d1ig20vfjxpv450sd3k6yys8";
    };
  }
  {
    goPackagePath  = "github.com/googleapis/gax-go";
    fetch = {
      type = "git";
      url = "https://github.com/googleapis/gax-go";
      rev =  "317e0006254c44a0ac427cc52a0e083ff0b9622f";
      sha256 = "0h92x579vbrv2fka8q2ddy1kq6a63qbqa8zc09ygl6skzn9gw1dh";
    };
  }
  {
    goPackagePath  = "github.com/jmespath/go-jmespath";
    fetch = {
      type = "git";
      url = "https://github.com/jmespath/go-jmespath";
      rev =  "0b12d6b5";
      sha256 = "1vv6hph8j6xgv7gwl9vvhlsaaqsm22sxxqmgmldi4v11783pc1ld";
    };
  }
  {
    goPackagePath  = "github.com/kr/fs";
    fetch = {
      type = "git";
      url = "https://github.com/kr/fs";
      rev =  "2788f0dbd16903de03cb8186e5c7d97b69ad387b";
      sha256 = "1c0fipl4rsh0v5liq1ska1dl83v3llab4k6lm8mvrx9c4dyp71ly";
    };
  }
  {
    goPackagePath  = "github.com/marstr/guid";
    fetch = {
      type = "git";
      url = "https://github.com/marstr/guid";
      rev =  "8bd9a64bf37eb297b492a4101fb28e80ac0b290f";
      sha256 = "081qrar6wwpmb2pq3swv4byh73r9riyhl2dwv0902d8jg3kwricm";
    };
  }
  {
    goPackagePath  = "github.com/minio/blake2b-simd";
    fetch = {
      type = "git";
      url = "https://github.com/minio/blake2b-simd";
      rev =  "3f5f724cb5b182a5c278d6d3d55b40e7f8c2efb4";
      sha256 = "0b6jbnj62c0gmmfd4zdmh8xbg01p80f13yygir9xprqkzk6fikmd";
    };
  }
  {
    goPackagePath  = "github.com/ncw/swift";
    fetch = {
      type = "git";
      url = "https://github.com/ncw/swift";
      rev =  "ae9f0ea1605b9aa6434ed5c731ca35d83ba67c55";
      sha256 = "0a0iwynhgxsl3czabl7ajnxpyw6x0dzbiqz6il8aw7kn10ld1rvl";
    };
  }
  {
    goPackagePath  = "github.com/pkg/errors";
    fetch = {
      type = "git";
      url = "https://github.com/pkg/errors";
      rev =  "645ef00459ed84a119197bfb8d8205042c6df63d";
      sha256 = "001i6n71ghp2l6kdl3qq1v2vmghcz3kicv9a5wgcihrzigm75pp5";
    };
  }
  {
    goPackagePath  = "github.com/pkg/sftp";
    fetch = {
      type = "git";
      url = "https://github.com/pkg/sftp";
      rev =  "98203f5a8333288eb3163b7c667d4260fe1333e9";
      sha256 = "09wxyrhwwh20rzpzb06vsj8k2bmw52cjlx7j4115zhky27528sx9";
    };
  }
  {
    goPackagePath  = "github.com/satori/go.uuid";
    fetch = {
      type = "git";
      url = "https://github.com/satori/go.uuid";
      rev =  "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3";
      sha256 = "1j4s5pfg2ldm35y8ls8jah4dya2grfnx2drb4jcbjsyrp4cm5yfb";
    };
  }
  {
    goPackagePath  = "github.com/vaughan0/go-ini";
    fetch = {
      type = "git";
      url = "https://github.com/vaughan0/go-ini";
      rev =  "a98ad7ee00ec53921f08832bc06ecf7fd600e6a1";
      sha256 = "1l1isi3czis009d9k5awsj4xdxgbxn4n9yqjc1ac7f724x6jacfa";
    };
  }
  {
    goPackagePath  = "golang.org/x/crypto";
    fetch = {
      type = "git";
      url = "https://go.googlesource.com/crypto";
      rev =  "9f005a07e0d31d45e6656d241bb5c0f2efd4bc94";
      sha256 = "1mhmr6ljzl3iafsz4qy8vval7rmr828wh59dlqqqjqx6sqmcs1dv";
    };
  }
  {
    goPackagePath  = "golang.org/x/net";
    fetch = {
      type = "git";
      url = "https://go.googlesource.com/net";
      rev =  "9dfe39835686865bff950a07b394c12a98ddc811";
      sha256 = "0z8mnl4mi88syafrgqys2ak2gg3yrbna25hpz88y3anl8x4jhg1a";
    };
  }
  {
    goPackagePath  = "golang.org/x/oauth2";
    fetch = {
      type = "git";
      url = "https://go.googlesource.com/oauth2";
      rev =  "f95fa95eaa936d9d87489b15d1d18b97c1ba9c28";
      sha256 = "0p9kis69wvhv8a2qbcjxvn9ggpdh81cbfjpq5pjga7n8k6d065fh";
    };
  }
  {
    goPackagePath  = "golang.org/x/sys";
    fetch = {
      type = "git";
      url = "https://go.googlesource.com/sys";
      rev =  "82aafbf43bf885069dc71b7e7c2f9d7a614d47da";
      sha256 = "1jvngpvy0q40f7krkgmwf5bbjzhv449297awcr0y78kzn0cyawi2";
    };
  }
  {
    goPackagePath  = "golang.org/x/text";
    fetch = {
      type = "git";
      url = "https://go.googlesource.com/text";
      rev =  "88f656faf3f37f690df1a32515b479415e1a6769";
      sha256 = "0zakmgg6dlwnkhignwjajn0dckzqq18zxvnmmg0fq6455x7fs673";
    };
  }
  {
    goPackagePath  = "google.golang.org/api";
    fetch = {
      type = "git";
      url = "https://code.googlesource.com/google-api-go-client";
      rev =  "17b5f22a248d6d3913171c1a557552ace0d9c806";
      sha256 = "0gs78qsxfg89kpiiray1x9jiv6bh328jmjkwd3ghnygf3l98kc8c";
    };
  }
  {
    goPackagePath  = "google.golang.org/appengine";
    fetch = {
      type = "git";
      url = "https://github.com/golang/appengine";
      rev =  "150dc57a1b433e64154302bdc40b6bb8aefa313a";
      sha256 = "0w3knznv39k8bm85ri62f83czcrxknql7dv6p9hk1a5jx3xljgxq";
    };
  }
  {
    goPackagePath  = "google.golang.org/genproto";
    fetch = {
      type = "git";
      url = "https://github.com/google/go-genproto";
      rev =  "891aceb7c239e72692819142dfca057bdcbfcb96";
      sha256 = "1axim84fqzsp6iialk6zl4fsbfpx658vssc6ccakn4yy1xc9h854";
    };
  }
  {
    goPackagePath  = "google.golang.org/grpc";
    fetch = {
      type = "git";
      url = "https://github.com/grpc/grpc-go";
      rev =  "5a9f7b402fe85096d2e1d0383435ee1876e863d0";
      sha256 = "1hlirgvmzb929jpb1dvh930646ih5ffg3b6pmlilqr7ffdkl5z3j";
    };
  }
 ]
--- a/nix/pkgs/duplicacy/shell.nix
+++ b/nix/pkgs/duplicacy/shell.nix
@ -0,0 +1,12 @@
 with import <nixpkgs> {};
 stdenv.mkDerivation {
  name = "env";
  buildInputs = [
    zsh
    go
    go2nix
    dep2nix
    nix-prefetch-github
    (callPackage ./default.nix {})
  ];
 }