From ebad39adab212ab4e26f9a98befa0048c7eea710 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@sommerfeld.dev>
Date: Wed, 13 May 2026 13:43:24 +0100
Subject: feat(nix): hybrid setup with flakes + direnv for per-project dev
 shells
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Install Nix (multi-user daemon) on Arch and wire up direnv so any project
can declare its toolchain in a flake.nix and get a hermetic dev shell on
cd. No NixOS, no home-manager, no migration off paru/chezmoi — just one
new package manager scoped to project dev shells.

- meta/nix.txt: nix from extra repo
- meta/dev.txt: direnv (general-purpose, not nix-specific)
- systemd-units/system/nix.txt: nix-daemon.socket (socket-activated)
- etc/nix/nix.conf: enable flakes + nix-command, trusted-users=@wheel,
  auto-optimise-store, keep-outputs/derivations so direnv envs survive GC
- dot_config/direnv/direnvrc: load nix-direnv 3.1.1 via source_url with
  pinned sha256 (not packaged for Arch; refusing -git AUR)
- dot_config/nix/templates/{flake.nix,dev/}: flake template usable via
  'nix flake init -t ~/.config/nix/templates'
- dot_config/zsh/dot_zshrc: 'eval "$(direnv hook zsh)"'
---
 dot_config/direnv/direnvrc             | 14 ++++++++++++++
 dot_config/nix/templates/dev/dot_envrc |  1 +
 dot_config/nix/templates/dev/flake.nix | 29 +++++++++++++++++++++++++++++
 dot_config/nix/templates/flake.nix     | 13 +++++++++++++
 dot_config/zsh/dot_zshrc               |  3 +++
 5 files changed, 60 insertions(+)
 create mode 100644 dot_config/direnv/direnvrc
 create mode 100644 dot_config/nix/templates/dev/dot_envrc
 create mode 100644 dot_config/nix/templates/dev/flake.nix
 create mode 100644 dot_config/nix/templates/flake.nix

(limited to 'dot_config')

diff --git a/dot_config/direnv/direnvrc b/dot_config/direnv/direnvrc
new file mode 100644
index 0000000..40bfc86
--- /dev/null
+++ b/dot_config/direnv/direnvrc
@@ -0,0 +1,14 @@
+# Global direnv runtime config.
+#
+# Loads nix-direnv on demand. nix-direnv is NOT packaged for Arch and we
+# refuse to depend on -git AUR packages, so we fetch the loader from
+# upstream pinned by version + content hash. direnv caches it under
+# $XDG_CACHE_HOME/direnv/, so the network fetch happens exactly once
+# per pin bump.
+#
+# To upgrade: bump the version in the URL and replace the sha256 with
+# the new one. direnv prints the expected hash on mismatch.
+if ! has nix_direnv_version || ! nix_direnv_version 3.1.1; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.1.1/direnvrc" \
+    "sha256-p+fzQdrms/hDa7g+soShAybJNo4bN4SIAeSfqNKgD5I="
+fi
diff --git a/dot_config/nix/templates/dev/dot_envrc b/dot_config/nix/templates/dev/dot_envrc
new file mode 100644
index 0000000..3550a30
--- /dev/null
+++ b/dot_config/nix/templates/dev/dot_envrc
@@ -0,0 +1 @@
+use flake
diff --git a/dot_config/nix/templates/dev/flake.nix b/dot_config/nix/templates/dev/flake.nix
new file mode 100644
index 0000000..84b3179
--- /dev/null
+++ b/dot_config/nix/templates/dev/flake.nix
@@ -0,0 +1,29 @@
+{
+  description = "Project dev shell";
+
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+  outputs = { self, nixpkgs }:
+    let
+      systems = [ "x86_64-linux" "aarch64-linux" ];
+      forAllSystems = nixpkgs.lib.genAttrs systems;
+    in
+    {
+      devShells = forAllSystems (system:
+        let
+          pkgs = nixpkgs.legacyPackages.${system};
+        in
+        {
+          default = pkgs.mkShell {
+            packages = with pkgs; [
+              # Add per-project tools here.
+              # Example: nodejs_22 python313 cargo gcc
+            ];
+
+            shellHook = ''
+              # Per-project env setup (printed once on shell entry).
+            '';
+          };
+        });
+    };
+}
diff --git a/dot_config/nix/templates/flake.nix b/dot_config/nix/templates/flake.nix
new file mode 100644
index 0000000..dc4cf2d
--- /dev/null
+++ b/dot_config/nix/templates/flake.nix
@@ -0,0 +1,13 @@
+{
+  description = "Personal flake templates. Use: nix flake init -t ~/.config/nix/templates#<name>";
+
+  outputs = { self }: {
+    templates = {
+      dev = {
+        path = ./dev;
+        description = "Generic per-project dev shell with direnv .envrc";
+      };
+      default = self.templates.dev;
+    };
+  };
+}
diff --git a/dot_config/zsh/dot_zshrc b/dot_config/zsh/dot_zshrc
index f516495..e8fca42 100644
--- a/dot_config/zsh/dot_zshrc
+++ b/dot_config/zsh/dot_zshrc
@@ -353,6 +353,9 @@ compdef l=lsd la=lsd lt=lsd
 export GPG_TTY=$TTY
 gpg-connect-agent updatestartuptty /bye &>/dev/null
 
+# ── direnv (per-project env via .envrc; nix-direnv loaded from direnvrc) ─────
+eval "$(direnv hook zsh)"
+
 # ── Zoxide (smart directory jumping) ──────────────────────────────────────────
 # z foo → jump to frecency-ranked dir matching "foo"
 # zi    → interactive picker with fzf
-- 
cgit v1.3.1