nice to have: ssh-to-gpg available in shell.nix

[colemickens]

It would be nice to have ssh-to-gpg exposed easily from shell.nix.

But then again, maybe the goal is to delete it once age is merged into sops and you or someone else adds sshpubkey support to sops?

[Mic92]

Do you mean here? https://github.com/Mic92/sops-nix/blob/master/shell.nix

[colemickens]

Yeah, that would make it convenient for users to do nix shell github:mic92/sops-nix#ssh-to-gpg -p ssh-to-gpg -i ... or whatever the exact flake syntax is without having cloned the repo and know to do go run ..., etc.

[Mic92]

In that case I need to add it to packages in flake.nix.

[Mic92]

It is also exposed here https://github.com/Mic92/sops-nix/blob/master/default.nix#L8. I think nix-shell also allows to download it from there.

[colemickens]

Sorry, I'm not explaining myself well.

Scenario: I'm writing a tutorial. Or I'm following the tutorial on this repo's README. I don't necessarily want to develop sops-nix and clone the repo. How do I run ssh-to-gpg without cloning this repo, or writing my own shell.nix?

In that case I need to add it to packages in flake.nix.

Maybe that's what I should've asked for. I have my shell.nix load my devShell which I think then loads all of my packages into it for this sort of scenario.

[Mic92]

I think I understood your intention, how about this line?

$ nix-shell -E 'with import <nixpkgs> {}; pkgs.mkShell { buildInputs = [ (pkgs.callPackage (fetchTarball https://github.com/Mic92/sops-nix/archive/master.tar.gz) {}).ssh-to-pgp]; }'

I only want to add development dependencies to shell.nix, users won't need those.

[Mic92]

With flakes you can already do:

nix run 'github:Mic92/sops-nix#ssh-to-pgp'

[colemickens]

Oh. I'm still bad at getting flake outputs right. Sorry for the distraction. That's what I wanted. nix run 'github:Mic92/sops-nix#ssh-to-pgp'

[Mic92]

It still complains about lock files not beeing up-to-date. I am fixing this here: #31