move scripts managed by nix out of the flake

In order to keep the flake readable, the various scripts managed by nix
are now moved to their own files under `nix/scripts`.

6 files changed, 90 insertions, 66 deletions

diff --git a/.envrc b/.envrc
index 3550a30..f70c487 100644
--- a/.envrc
+++ b/.envrc
@@ -1 +1,2 @@
 use flake
+watch_file nix/
diff --git a/flake.nix b/flake.nix
index 03b5ca9..5d21c49 100644
--- a/flake.nix
+++ b/flake.nix
@@ -130,7 +130,10 @@
             detect-private-keys.enable = true;
             end-of-file-fixer.enable = true;
             mixed-line-endings.enable = true;
-            shellcheck.enable = true;
+            shellcheck = {
+              enable = true;
+              excludes = [ "\\.envrc$" ];
+            };
             flake-checker.enable = true;
             treefmt = {
               enable = true;
@@ -181,69 +184,9 @@
         let
           pkgs = getPkgs system;
           pre-commit-check = mkPreCommitHooks system ./.;
-
-          # Scripts that are specific to darwin
-          darwinScripts =
-            if nixpkgs.lib.hasSuffix "darwin" system then
-              [
-                (pkgs.writeScriptBin "nbuild" ''
-                  set -e
-                  echo "> Running darwin-rebuild build..."
-                  ${inputs.darwin.packages.${system}.darwin-rebuild}/bin/darwin-rebuild build --flake .
-                  echo "> darwin-rebuild build was successful ✅"
-                  echo "> macOS config was successfully applied 🚀"
-                '')
-                (pkgs.writeScriptBin "nswitch" ''
-                  set -e
-                  echo "> Running darwin-rebuild switch..."
-                  ${inputs.darwin.packages.${system}.darwin-rebuild}/bin/darwin-rebuild switch --flake .
-                  echo "> darwin-rebuild build was successful ✅"
-                  echo "> macOS config was successfully applied 🚀"
-                '')
-                (pkgs.writeScriptBin "switch-vm-synology" ''
-                  set -e
-                  echo "> Running nixos-rebuild switch ..."
-                  ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --keep-going --flake .#vm-synology --target-host vm-synology --build-host vm-synology --fast --use-remote-sudo --use-substitutes
-                  echo "> nixos-rebuild switch was successful ✅"
-                '')
-                (pkgs.writeScriptBin "sync-agenix-key" ''
-                  set -e
-                  echo "> Copying agenix SSH key from 1password ..."
-                  mkdir -p ~/.ssh
-                  ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/private key?ssh-format=openssh" > ~/.ssh/agenix
-                  ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/public key" > ~/.ssh/agenix.pub
-                  echo "> agenix SSH key copied successfully 🔐"
-                '')
-              ]
-            else
-              [ ];
-
-          # Scripts that are specific to linux
-          linuxScripts =
-            if nixpkgs.lib.hasSuffix "linux" system then
-              [
-                (pkgs.writeScriptBin "nbuild" ''
-                  set -e
-                  echo "> Running nixos-rebuild build..."
-                  sudo nixos-rebuild build --flake .
-                  echo "> nixos-rebuild build was successful ✅"
-                '')
-                (pkgs.writeScriptBin "nswitch" ''
-                  set -e
-                  echo "> Running nixos-rebuild switch..."
-                  sudo nixos-rebuild switch --flake .
-                  echo "> nixos-rebuild switch was successful ✅"
-                  echo "> NixOS config was successfully applied 🚀"
-                '')
-              ]
-            else
-              [ ];
-
-          commonScripts = [
-            (pkgs.writeScriptBin "update-deps" "nix flake update --commit-lock-file")
-          ];
-
-          systemSpecificScripts = darwinScripts ++ linuxScripts;
+          scripts = import ./nix/scripts {
+            inherit pkgs system inputs;
+          };
         in
         {
           default = pkgs.mkShellNoCC {
@@ -255,8 +198,7 @@
                 git
                 inputs.agenix.packages."${system}".default
               ]
-              ++ commonScripts
-              ++ systemSpecificScripts;
+              ++ scripts.all;
           };
         }
       );
diff --git a/nix/scripts/common.nix b/nix/scripts/common.nix
new file mode 100644
index 0000000..931480c
--- /dev/null
+++ b/nix/scripts/common.nix
@@ -0,0 +1,4 @@
+{ pkgs }:
+[
+  (pkgs.writeScriptBin "update-deps" "nix flake update --commit-lock-file")
+]
diff --git a/nix/scripts/darwin.nix b/nix/scripts/darwin.nix
new file mode 100644
index 0000000..c1bbbde
--- /dev/null
+++ b/nix/scripts/darwin.nix
@@ -0,0 +1,38 @@
+{
+  pkgs,
+  system,
+  inputs,
+}:
+[
+  (pkgs.writeScriptBin "nbuild" ''
+    set -e
+    echo "> Running darwin-rebuild build..."
+    ${inputs.darwin.packages.${system}.darwin-rebuild}/bin/darwin-rebuild build --flake .
+    echo "> darwin-rebuild build was successful ✅"
+    echo "> macOS config was successfully applied 🚀"
+  '')
+
+  (pkgs.writeScriptBin "nswitch" ''
+    set -e
+    echo "> Running darwin-rebuild switch..."
+    ${inputs.darwin.packages.${system}.darwin-rebuild}/bin/darwin-rebuild switch --flake .
+    echo "> darwin-rebuild build was successful ✅"
+    echo "> macOS config was successfully applied 🚀"
+  '')
+
+  (pkgs.writeScriptBin "switch-vm-synology" ''
+    set -e
+    echo "> Running nixos-rebuild switch ..."
+    ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --keep-going --flake .#vm-synology --target-host vm-synology --build-host vm-synology --fast --use-remote-sudo --use-substitutes
+    echo "> nixos-rebuild switch was successful ✅"
+  '')
+
+  (pkgs.writeScriptBin "sync-agenix-key" ''
+    set -e
+    echo "> Copying agenix SSH key from 1password ..."
+    mkdir -p ~/.ssh
+    ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/private key?ssh-format=openssh" > ~/.ssh/agenix
+    ${pkgs._1password-cli}/bin/op --account my.1password.com read "op://Private/agenix/public key" > ~/.ssh/agenix.pub
+    echo "> agenix SSH key copied successfully 🔐"
+  '')
+]
diff --git a/nix/scripts/default.nix b/nix/scripts/default.nix
new file mode 100644
index 0000000..90851df
--- /dev/null
+++ b/nix/scripts/default.nix
@@ -0,0 +1,20 @@
+{
+  pkgs,
+  system,
+  inputs,
+}:
+let
+  common = import ./common.nix { inherit pkgs; };
+  darwin = import ./darwin.nix { inherit pkgs system inputs; };
+  linux = import ./linux.nix { inherit pkgs system inputs; };
+in
+{
+  common = common;
+  darwin = if pkgs.lib.hasSuffix "darwin" system then darwin else [ ];
+  linux = if pkgs.lib.hasSuffix "linux" system then linux else [ ];
+
+  all =
+    common
+    ++ (if pkgs.lib.hasSuffix "darwin" system then darwin else [ ])
+    ++ (if pkgs.lib.hasSuffix "linux" system then linux else [ ]);
+}
diff --git a/nix/scripts/linux.nix b/nix/scripts/linux.nix
new file mode 100644
index 0000000..b44c86f
--- /dev/null
+++ b/nix/scripts/linux.nix
@@ -0,0 +1,19 @@
+{
+  pkgs,
+}:
+[
+  (pkgs.writeScriptBin "nbuild" ''
+    set -e
+    echo "> Running nixos-rebuild build..."
+    sudo nixos-rebuild build --flake .
+    echo "> nixos-rebuild build was successful ✅"
+  '')
+
+  (pkgs.writeScriptBin "nswitch" ''
+    set -e
+    echo "> Running nixos-rebuild switch..."
+    sudo nixos-rebuild switch --flake .
+    echo "> nixos-rebuild switch was successful ✅"
+    echo "> NixOS config was successfully applied 🚀"
+  '')
+]