Generate static mac-portable config

README.md

@@ -10,11 +10,11 @@ git clone git@github.com:dotdoom/dotfiles.git
 cd dotfiles
 ```
 
-Step 2 - stow.
+Step 2 - if Nix is not an option.
 
 ```
-stow migrated
 stow legacy
+stow exported/{machine}
 ```
 
 Step 2 - Nix.
@@ -30,15 +30,12 @@ nix run \
 
 ## Layout
 
-- `migrated`: files which are assets for home-manager, but can still be used to
-  stow
+- `assets`: files which are assets for home-manager
 - `legacy`: files to be placed under `$HOME` which are still under stow
 - `hosts/*/{darwin,nixos,home}.nix`: personal machine nix configs
 - `modules/{darwin,nixos,home}/*.nix`: exported nix configs
-
-TODO: rename `migrated` to `assets` and create `exported` which would be the
-exact mirror of nix-built configuration, but without nix (for machines where nix
-can not be installed). That `exported` will then be used by stow.
+- `exported`: for those poor souls who can not run nix, a pre-built collection
+  of files for `$HOME`, best effort
 
 ## Security
 

bin/export-home-config

@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+CONFIG=$1
+OUT_DIR="exported/$CONFIG"
+STORE_PATH=$(nix build .#homeConfigurations."$CONFIG".activationPackage --extra-experimental-features 'nix-command flakes' --no-link --print-out-paths)
+mkdir -p "$OUT_DIR"
+cp -rL "$STORE_PATH/home-files/." "$OUT_DIR/"

exported/mac-portable/.config/direnv/direnv.toml

@@ -0,0 +1,3 @@
+[global]
+hide_env_diff = true
+warn_timeout = "30s"

exported/mac-portable/.config/direnv/lib/hm-nix-direnv.sh

@@ -0,0 +1,603 @@
+# -*- mode: sh -*-
+# shellcheck shell=bash
+
+
+# begin prologue inserted by resholve
+NIX_DIRENV_FALLBACK_NIX=${NIX_DIRENV_FALLBACK_NIX:-/nix/store/bym3ycma17qshv526xjbdn2iayn6q7kr-nix-2.34.7/bin/nix}
+
+# end prologue inserted by resholve
+NIX_DIRENV_VERSION=3.1.1
+
+# min required versions
+BASH_MIN_VERSION=4.4
+DIRENV_MIN_VERSION=2.21.3
+
+_NIX_DIRENV_LOG_PREFIX="nix-direnv: "
+
+_nix_direnv_info() {
+  log_status "${_NIX_DIRENV_LOG_PREFIX}$*"
+}
+
+_nix_direnv_warning() {
+  local msg=$*
+  local color_normal=""
+  local color_warning=""
+
+  if [[ -t 2 ]]; then
+    color_normal="\e[m"
+    color_warning="\e[33m"
+  fi
+
+  printf "%b" "$color_warning"
+  log_status "${_NIX_DIRENV_LOG_PREFIX}${msg}"
+  printf "%b" "$color_normal"
+}
+
+_nix_direnv_error() { log_error "${_NIX_DIRENV_LOG_PREFIX}$*"; }
+
+_nix_direnv_nix=""
+
+_nix() {
+  ${_nix_direnv_nix} --no-warn-dirty --extra-experimental-features "nix-command flakes" "$@"
+}
+
+_require_version() {
+  local cmd=$1 raw_version=$2 version=${2%%[^0-9.]*} required=$3
+  if ! printf "%s\n" "$required" "$version" | LC_ALL=C /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/sort -c -V 2>/dev/null; then
+    _nix_direnv_error \
+      "minimum required $(/nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/basename "$cmd") version is $required (installed: $raw_version)"
+    return 1
+  fi
+}
+
+_require_cmd_version() {
+  local cmd=$1 required=$2 version
+  if ! has "$cmd"; then
+    _nix_direnv_error "command not found: $cmd"
+    return 1
+  fi
+  version=$($cmd --version)
+  [[ $version =~ ([0-9]+\.[0-9]+(\.[0-9]+)?) ]]
+  _require_version "$cmd" "${BASH_REMATCH[1]}" "$required"
+}
+
+_nix_direnv_preflight() {
+  if [[ -z $direnv ]]; then
+    # shellcheck disable=2016
+    _nix_direnv_error '$direnv environment variable was not defined. Was this script run inside direnv?'
+    return 1
+  fi
+
+  # check command min versions
+  if [[ -z ${NIX_DIRENV_SKIP_VERSION_CHECK:-} ]]; then
+    # bash check uses $BASH_VERSION with _require_version instead of
+    # _require_cmd_version because _require_cmd_version uses =~ operator which would be
+    # a syntax error on bash < 3
+    if ! _require_version bash "$BASH_VERSION" "$BASH_MIN_VERSION" ||
+      # direnv stdlib defines $direnv
+      ! _require_cmd_version "$direnv" "$DIRENV_MIN_VERSION"; then
+      return 1
+    fi
+  fi
+
+  if command -v nix >/dev/null 2>&1; then
+    _nix_direnv_nix=$(command -v nix)
+  elif [[ -n ${NIX_DIRENV_FALLBACK_NIX:-} ]]; then
+    _nix_direnv_nix="${NIX_DIRENV_FALLBACK_NIX}"
+  else
+    _nix_direnv_error "Could not find Nix binary, please add Nix to PATH or set NIX_DIRENV_FALLBACK_NIX"
+    return 1
+  fi
+
+  local layout_dir
+  layout_dir=$(direnv_layout_dir)
+
+  if [[ ! -d "$layout_dir/bin" ]]; then
+    /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/mkdir -p "$layout_dir/bin"
+  fi
+  # N.B. This script relies on variable expansion in *this* shell.
+  # (i.e. The written out file will have the variables expanded)
+  # If the source path changes, the script becomes broken.
+  # Because direnv_layout_dir is user controlled,
+  # we can't assume to be able to reverse it to get the source dir
+  # So there's little to be done about this.
+  # Remove first to handle case where file is owned by a different user
+  /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/rm -f "${layout_dir}/bin/nix-direnv-reload"
+  /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/cat >"${layout_dir}/bin/nix-direnv-reload" <<-EOF
+#!/usr/bin/env bash
+set -e
+if [[ ! -d "$PWD" ]]; then
+  echo "Cannot find source directory; Did you move it?"
+  echo "(Looking for "$PWD")"
+  echo 'Cannot force reload with this script - use "direnv reload" manually and then try again'
+  exit 1
+fi
+
+# rebuild the cache forcefully
+_nix_direnv_force_reload=1 direnv exec "$PWD" true
+
+# Update the mtime for .envrc.
+# This will cause direnv to reload again - but without re-building.
+touch "$PWD/.envrc"
+
+# Also update the timestamp of whatever profile_rc we have.
+# This makes sure that we know we are up to date.
+touch -r "$PWD/.envrc" "${layout_dir}"/*.rc
+EOF
+  /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/chmod +x "${layout_dir}/bin/nix-direnv-reload"
+
+  PATH_add "${layout_dir}/bin"
+}
+
+# Usage: nix_direnv_version <version_at_least>
+#
+# Checks that the nix-direnv version is at least as old as <version_at_least>.
+nix_direnv_version() {
+  _require_version nix-direnv $NIX_DIRENV_VERSION "$1"
+}
+
+_nix_export_or_unset() {
+  local key=$1 value=$2
+  if [[ $value == __UNSET__ ]]; then
+    unset "$key"
+  else
+    export "$key=$value"
+  fi
+}
+
+_nix_import_env() {
+  local profile_rc=$1
+
+  local -A values_to_restore=(
+    ["NIX_BUILD_TOP"]=${NIX_BUILD_TOP:-__UNSET__}
+    ["TMP"]=${TMP:-__UNSET__}
+    ["TMPDIR"]=${TMPDIR:-__UNSET__}
+    ["TEMP"]=${TEMP:-__UNSET__}
+    ["TEMPDIR"]=${TEMPDIR:-__UNSET__}
+    ["terminfo"]=${terminfo:-__UNSET__}
+  )
+  local old_xdg_data_dirs=${XDG_DATA_DIRS:-}
+
+  # On the first run in manual mode, the profile_rc does not exist.
+  if [[ ! -e $profile_rc ]]; then
+    return
+  fi
+
+  eval "$(<"$profile_rc")"
+  # `nix print-dev-env` will create a temporary directory and use it as TMPDIR
+  # We cannot rely on this directory being available at all times,
+  # as it may be garbage collected.
+  # Instead - just remove it immediately.
+  # Use recursive & force as it may not be empty.
+  if [[ -n ${NIX_BUILD_TOP+x} && $NIX_BUILD_TOP == */nix-shell.* && -d $NIX_BUILD_TOP ]]; then
+    /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/rm -rf "$NIX_BUILD_TOP"
+  fi
+
+  for key in "${!values_to_restore[@]}"; do
+    _nix_export_or_unset "$key" "${values_to_restore[${key}]}"
+  done
+
+  local new_xdg_data_dirs=${XDG_DATA_DIRS:-}
+  export XDG_DATA_DIRS=
+  local IFS=:
+  for dir in $new_xdg_data_dirs${old_xdg_data_dirs:+:}$old_xdg_data_dirs; do
+    dir="${dir%/}" # remove trailing slashes
+    if [[ :$XDG_DATA_DIRS: == *:$dir:* ]]; then
+      continue # already present, skip
+    fi
+    XDG_DATA_DIRS="$XDG_DATA_DIRS${XDG_DATA_DIRS:+:}$dir"
+  done
+}
+
+_nix_add_gcroot() {
+  local storepath=$1
+  local symlink=$2
+  _nix build --out-link "$symlink" "$storepath"
+}
+
+_nix_refresh_gcroots() {
+  # Use touch to update all symlinks' timestamps to prevent nh
+  # from garbage collecting the frequently used direnv environment.
+  local layout_dir
+  layout_dir=$(direnv_layout_dir)
+
+  /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/touch -h "${layout_dir}"/flake-profile-* "${layout_dir}"/flake-inputs/* "${layout_dir}"/nix-profile-*
+}
+
+_nix_clean_old_gcroots() {
+  local layout_dir=$1
+
+  /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/rm -rf "$layout_dir/flake-inputs/"
+  /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/rm -f "$layout_dir"/{nix,flake}-profile*
+}
+
+_nix_argsum_suffix() {
+  local out checksum
+  if [ -n "$1" ]; then
+
+    if has sha1sum; then
+      out=$(/nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/sha1sum <<<"$1")
+    elif has shasum; then
+      out=$(shasum <<<"$1")
+    else
+      # degrade gracefully both tools are not present
+      return
+    fi
+    read -r checksum _ <<<"$out"
+    echo "-$checksum"
+  fi
+}
+
+nix_direnv_watch_file() {
+  # shellcheck disable=2016
+  log_error '`nix_direnv_watch_file` is deprecated - use `watch_file`'
+  watch_file "$@"
+}
+
+_nix_direnv_watches() {
+  local -n _watches=$1
+  if [[ -z ${DIRENV_WATCHES-} ]]; then
+    return
+  fi
+  while IFS= read -r line; do
+    local regex='"[Pp]ath": "(.+)"$'
+    if [[ $line =~ $regex ]]; then
+      local path="${BASH_REMATCH[1]}"
+      if [[ $path == "${XDG_DATA_HOME:-${HOME:-/var/empty}/.local/share}/direnv/allow/"* ]]; then
+        continue
+      fi
+      # expand new lines and other json escapes
+      # shellcheck disable=2059
+      path=$(printf "$path")
+      _watches+=("$path")
+    fi
+  done < <($direnv show_dump "${DIRENV_WATCHES}")
+}
+
+: "${_nix_direnv_manual_reload:=0}"
+nix_direnv_manual_reload() {
+  _nix_direnv_manual_reload=1
+}
+
+: "${_nix_direnv_allow_fallback:=1}"
+nix_direnv_disallow_fallback() {
+  _nix_direnv_info "Fallback disallowed"
+  _nix_direnv_allow_fallback=0
+}
+
+_nix_direnv_warn_manual_reload() {
+  if [[ -e $1 ]]; then
+    _nix_direnv_warning 'cache is out of date. use "nix-direnv-reload" to reload'
+  else
+    _nix_direnv_warning 'cache does not exist. use "nix-direnv-reload" to create it'
+  fi
+}
+
+use_flake() {
+  if ! _nix_direnv_preflight; then
+    return 1
+  fi
+
+  flake_expr="${1:-.}"
+  flake_uri="${flake_expr%#*}"
+  flake_dir=${flake_uri#"path:"}
+
+  if [[ $flake_expr == -* ]]; then
+    local message="the first argument must be a flake expression"
+    if [[ -n ${2:-} ]]; then
+      _nix_direnv_error "$message"
+      return 1
+    else
+      _nix_direnv_error "$message. did you mean 'use flake . $1'?"
+      return 1
+    fi
+  fi
+
+  local files_to_watch
+  files_to_watch=("$HOME/.direnvrc" "$HOME/.config/direnv/direnvrc")
+
+  if [[ -d $flake_dir ]]; then
+    files_to_watch+=("$flake_dir/flake.nix" "$flake_dir/flake.lock" "$flake_dir/devshell.toml")
+  fi
+
+  watch_file "${files_to_watch[@]}"
+
+  local layout_dir profile
+  layout_dir=$(direnv_layout_dir)
+  profile="${layout_dir}/flake-profile$(_nix_argsum_suffix "$flake_expr")"
+  local profile_rc="${profile}.rc"
+  local flake_inputs="${layout_dir}/flake-inputs/"
+
+  local watches
+  _nix_direnv_watches watches
+
+  local profile_missing=0
+  if [[ ! -e $profile ]]; then
+    _nix_direnv_info "cache invalidated: profile ($profile) does not exist"
+    profile_missing=1
+  fi
+
+  local profile_rc_missing=0
+  if [[ ! -e $profile_rc ]]; then
+    _nix_direnv_info "cache invalidated: profile_rc ($profile_rc) does not exist"
+    profile_rc_missing=1
+  fi
+
+  local file_nt_profilerc=0
+  local file=
+  local newer_files
+  for file in "${watches[@]}"; do
+    if [[ $file -nt $profile_rc ]]; then
+      newer_files+=("$file")
+      file_nt_profilerc=1
+    fi
+  done
+
+  if [[ $file_nt_profilerc -eq 1 ]]; then
+    _nix_direnv_info "cache invalidated: files newer than cache:"
+    echo -n "$_NIX_DIRENV_LOG_PREFIX" >/dev/stderr
+    printf "%s\n" "${newer_files[@]}" >/dev/stderr
+  fi
+
+  if [[ $profile_missing -eq 1 || $profile_rc_missing -eq 1 || $file_nt_profilerc -eq 1 ]]; then
+    if [[ $_nix_direnv_manual_reload -eq 1 && -z ${_nix_direnv_force_reload-} ]]; then
+      _nix_direnv_warn_manual_reload "$profile_rc"
+
+    else
+      local tmp_profile_rc
+      local tmp_profile="${layout_dir}/flake-tmp-profile.$$"
+      if tmp_profile_rc=$(_nix print-dev-env --profile "$tmp_profile" "$@"); then
+        # If we've gotten here, the user's current devShell is valid and we should cache it
+        _nix_clean_old_gcroots "$layout_dir"
+
+        # We need to update our cache
+        echo "$tmp_profile_rc" >"$profile_rc"
+        _nix_add_gcroot "$tmp_profile" "$profile"
+        /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/rm -f "$tmp_profile" "$tmp_profile"*
+
+        # also add garbage collection root for source
+        local flake_input_paths
+        /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/mkdir -p "$flake_inputs"
+        flake_input_paths=$(_nix flake archive \
+          --json --no-write-lock-file \
+          -- "$flake_uri")
+
+        while [[ $flake_input_paths =~ /nix/store/[^\"]+ ]]; do
+          local store_path="${BASH_REMATCH[0]}"
+          _nix_add_gcroot "${store_path}" "${flake_inputs}/${store_path##*/}"
+          flake_input_paths="${flake_input_paths/${store_path}/}"
+        done
+
+        _nix_direnv_info "Renewed cache"
+      else
+        # The user's current flake failed to evaluate,
+        # but there is already a prior profile_rc,
+        # which is probably more useful than nothing.
+        # Fallback to use that (which means just leaving profile_rc alone!)
+        if [[ $_nix_direnv_allow_fallback -eq 1 ]]; then
+          _nix_direnv_warning "Evaluating current devShell failed. Falling back to previous environment!"
+          export NIX_DIRENV_DID_FALLBACK=1
+        else
+          return 1
+        fi
+      fi
+    fi
+  else
+    if [[ -e ${profile_rc} ]]; then
+      # Our cache is valid, use that
+      _nix_direnv_info "Using cached dev shell"
+      _nix_refresh_gcroots
+    else
+      # We don't have a profile_rc to use!
+      _nix_direnv_error "use_flake failed - Is your flake's devShell working?"
+      return 1
+    fi
+  fi
+
+  _nix_import_env "$profile_rc"
+}
+
+use_nix() {
+  if ! _nix_direnv_preflight; then
+    return 1
+  fi
+
+  local layout_dir path version
+  layout_dir=$(direnv_layout_dir)
+  if path=$(/nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/realpath -e "$(_nix eval --impure --expr "<nixpkgs>" 2>/dev/null)"); then
+    if [[ -f "${path}/.version-suffix" ]]; then
+      version=$(<"${path}/.version-suffix")
+    elif [[ -f "${path}/.git/HEAD" ]]; then
+      local head
+      read -r head <"${path}/.git/HEAD"
+      local regex="ref: (.*)"
+      if [[ $head =~ $regex ]]; then
+        read -r version <"${path}/.git/${BASH_REMATCH[1]}"
+      else
+        version="$head"
+      fi
+    elif [[ -f "${path}/.version" && ${path} == "/nix/store/"* ]]; then
+      # borrow some bits from the store path
+      local version_prefix
+      read -r version_prefix < <(
+        /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/cat "${path}/.version"
+        echo
+      )
+      version="${version_prefix}-${path:11:16}"
+    fi
+  fi
+
+  local profile
+  profile="${layout_dir}/nix-profile-${version:-unknown}$(_nix_argsum_suffix "$*")"
+  local profile_rc="${profile}.rc"
+
+  local in_packages=0
+  local attribute=
+  local packages=""
+  local extra_args=()
+
+  local nixfile=
+  if [[ -e "shell.nix" ]]; then
+    nixfile="./shell.nix"
+  elif [[ -e "default.nix" ]]; then
+    nixfile="./default.nix"
+  fi
+
+  while [[ $# -gt 0 ]]; do
+    i="$1"
+    shift
+
+    case $i in
+    -p | --packages)
+      in_packages=1
+      ;;
+    --command | --run | --exclude)
+      # These commands are unsupported
+      # ignore them
+      shift
+      ;;
+    --pure | -i | --keep)
+      # These commands are unsupported (but take no argument)
+      # ignore them
+      ;;
+    --include | -I)
+      extra_args+=("$i" "${1:-}")
+      shift
+      ;;
+    --attr | -A)
+      attribute="${1:-}"
+      shift
+      ;;
+    --option | -o | --arg | --argstr)
+      extra_args+=("$i" "${1:-}" "${2:-}")
+      shift
+      shift
+      ;;
+    -*)
+      # Other arguments are assumed to be of a single arg form
+      # (--foo=bar or -j4)
+      extra_args+=("$i")
+      ;;
+    *)
+      if [[ $in_packages -eq 1 ]]; then
+        packages+=" $i"
+      else
+        nixfile=$i
+      fi
+      ;;
+    esac
+  done
+
+  watch_file "$HOME/.direnvrc" "$HOME/.config/direnv/direnvrc" "shell.nix" "default.nix"
+
+  local watches
+  _nix_direnv_watches watches
+
+  local profile_missing=0
+  if [[ ! -e $profile ]]; then
+    _nix_direnv_info "cache invalidated: profile ($profile) does not exist"
+    profile_missing=1
+  fi
+
+  local profile_rc_missing=0
+  if [[ ! -e $profile_rc ]]; then
+    _nix_direnv_info "cache invalidated: profile_rc ($profile_rc) does not exist"
+    profile_rc_missing=1
+  fi
+
+  local file_nt_profilerc=0
+  local file=
+  local newer_files
+  for file in "${watches[@]}"; do
+    if [[ $file -nt $profile_rc ]]; then
+      newer_files+=("$file")
+      file_nt_profilerc=1
+    fi
+  done
+
+  if [[ $file_nt_profilerc -eq 1 ]]; then
+    _nix_direnv_info "cache invalidated: files newer than cache:"
+    echo -n "$_NIX_DIRENV_LOG_PREFIX" >/dev/stderr
+    printf "%s\n" "${newer_files[@]}" >/dev/stderr
+  fi
+
+  if [[ $profile_missing -eq 1 || $profile_rc_missing -eq 1 || $file_nt_profilerc -eq 1 ]]; then
+    if [[ $_nix_direnv_manual_reload -eq 1 && -z ${_nix_direnv_force_reload-} ]]; then
+      _nix_direnv_warn_manual_reload "$profile_rc"
+    else
+      local tmp_profile="${layout_dir}/nix-tmp-profile.$$"
+      local tmp_profile_rc
+      if [[ -n $packages ]]; then
+        extra_args+=("--expr" "with import <nixpkgs> {}; mkShell { buildInputs = [ $packages ]; }")
+      else
+        extra_args+=("--file" "$nixfile" --arg inNixShell true)
+        if [[ -n $attribute ]]; then
+          extra_args+=("$attribute")
+        fi
+      fi
+
+      # Some builtin nix tooling depends on this variable being set BEFORE their invocation to change their behavior
+      # (notably haskellPackages.developPackage returns an env if this is set)
+      # This allows us to more closely mimic nix-shell.
+      export IN_NIX_SHELL="impure"
+
+      if tmp_profile_rc=$(_nix \
+        print-dev-env \
+        --profile "$tmp_profile" \
+        --impure \
+        "${extra_args[@]}"); then
+        _nix_clean_old_gcroots "$layout_dir"
+
+        echo "$tmp_profile_rc" >"$profile_rc"
+        _nix_add_gcroot "$tmp_profile" "$profile"
+        /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/rm -f "$tmp_profile" "$tmp_profile"*
+        _nix_direnv_info "Renewed cache"
+      else
+        if [[ $_nix_direnv_allow_fallback -eq 1 ]]; then
+          _nix_direnv_warning "Evaluating current nix shell failed. Falling back to previous environment!"
+          export NIX_DIRENV_DID_FALLBACK=1
+        else
+          unset IN_NIX_SHELL
+          return 1
+        fi
+      fi
+    fi
+  else
+    if [[ -e ${profile_rc} ]]; then
+      _nix_direnv_info "Using cached dev shell"
+      _nix_refresh_gcroots
+    else
+      _nix_direnv_error "use_nix failed - Is your nix shell working?"
+      unset IN_NIX_SHELL
+      return 1
+    fi
+  fi
+
+  _nix_import_env "$profile_rc"
+
+}
+
+### resholve directives (auto-generated) ## format_version: 3
+# resholve: fake builtin:PATH_add
+# resholve: fake builtin:direnv_layout_dir
+# resholve: fake builtin:has
+# resholve: fake builtin:log_error
+# resholve: fake builtin:log_status
+# resholve: fake builtin:watch_file
+# resholve: fake external:nix
+# resholve: fake function:shasum
+# resholve: keep $NIX_DIRENV_FALLBACK_NIX
+# resholve: keep $_nix_direnv_nix
+# resholve: keep $ambient_nix
+# resholve: keep $cmd
+# resholve: keep $direnv
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/basename
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/cat
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/chmod
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/mkdir
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/realpath
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/rm
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/sha1sum
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/sort
+# resholve: keep /nix/store/imxdgy6dqqmhb3mzzxg14zkfxx9vc1w0-coreutils-9.10/bin/touch
+

exported/mac-portable/.config/tmux/tmux.conf

@@ -0,0 +1,83 @@
+
+set  -g default-terminal "screen"
+set  -g base-index      0
+setw -g pane-base-index 0
+
+
+
+
+
+set -g status-keys vi
+set -g mode-keys   vi
+
+bind -N "Select pane to the left of the active pane" h select-pane -L
+bind -N "Select pane below the active pane" j select-pane -D
+bind -N "Select pane above the active pane" k select-pane -U
+bind -N "Select pane to the right of the active pane" l select-pane -R
+
+bind -r -N "Resize the pane left by 5" \
+  H resize-pane -L 5
+bind -r -N "Resize the pane down by 5" \
+  J resize-pane -D 5
+bind -r -N "Resize the pane up by 5" \
+  K resize-pane -U 5
+bind -r -N "Resize the pane right by 5" \
+  L resize-pane -R 5
+
+
+# rebind main key: C-a
+unbind C-b
+set -g prefix C-a
+bind -N "Send the prefix key through to the application" \
+  C-a send-prefix
+
+
+
+
+set  -g mouse             on
+set  -g focus-events      off
+setw -g aggressive-resize off
+setw -g clock-mode-style  12
+set  -s escape-time       0
+set  -g history-limit     10240
+
+set-environment -g SSH_AUTH_SOCK $HOME/.ssh/ssh_auth_sock
+set-option -g update-environment "DISPLAY SSH_ASKPASS SSH_AGENT_PID SSH_CONNECTION"
+
+# Instead of flashing or beeping, blink the window in status.
+set -g visual-bell off
+set -g monitor-activity on
+set -g bell-action none
+set -g window-status-activity-style "fg=yellow,blink"
+
+# Requires support from terminal (e.g. iTerm2).
+set -s set-clipboard on
+
+# For scrolling through logs.
+bind y set-window-option synchronize-panes
+
+# Panel configuration.
+bind | split-window -h -c "#{pane_current_path}"
+bind - split-window -v -c "#{pane_current_path}"
+bind Enter resize-pane -Z
+
+# Navigation.
+bind -n M-Up new-window -c "#{pane_current_path}"
+bind -n M-Down confirm-before -p "kill-window #W? (y/n)" kill-window
+bind -n M-Left previous-window
+bind -n M-Right next-window
+
+# Status bar.
+set -g status-interval 5
+set -g status-position bottom
+set -g status-style "bg=default,fg=white"
+
+set -g status-left-length 20
+set -g status-left "#[fg=green,bold]#H #[fg=white]| "
+
+set -g status-right-length 60
+set -g status-right "#[fg=cyan]%H:%M%Z %d.%m.%Y #[fg=white]| #[fg=yellow]Load: #(cut -d ' ' -f 1-3 /proc/loadavg)"
+
+set -g status-justify left
+set -g window-status-format "#[fg=white,dim]#I:#W#F"
+set -g window-status-current-format "#[fg=white,bold,bg=blue] #I:#W#F "

exported/mac-portable/.zshenv

@@ -0,0 +1,27 @@
+# Environment variables
+. "/nix/store/qvbn8gycz1r5r2n7ffx60258jwhsf9qs-hm-session-vars.sh/etc/profile.d/hm-session-vars.sh"
+
+# Only source this once
+if [[ -z "$__HM_ZSH_SESS_VARS_SOURCED" ]]; then
+  export __HM_ZSH_SESS_VARS_SOURCED=1
+  
+fi
+
+[ -r ~/.zshenv_local ] && source ~/.zshenv_local || true
+
+# Can't use ssh-agent-mux to mux Secretive and yubikey-agent:
+# https://github.com/overhacked/ssh-agent-mux/issues/56
+# export SSH_AUTH_SOCK=~/.ssh/ssh-agent-mux.sock
+
+# Can't use Secretive to SSH using PIV from Yubikey:
+# https://github.com/maxgoedjen/secretive/issues/330
+#
+# If PIV entry was generated by yubikey-agent, Secretive may not see it at
+# all. Running 'ykman piv objects generate chuid' should fix that.
+# https://github.com/maxgoedjen/secretive/issues/333
+
+# See README.md "Security" section to learn how we create keys.
+
+# Setting IdentityAgent in SSH config achieves a similar result, but doesn't
+# work with commit signing.
+export SSH_AUTH_SOCK=~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh

exported/mac-portable/.zshrc

@@ -0,0 +1,41 @@
+typeset -U path cdpath fpath manpath
+for profile in ${(z)NIX_PROFILES}; do
+  fpath+=($profile/share/zsh/site-functions $profile/share/zsh/$ZSH_VERSION/functions $profile/share/zsh/vendor-completions)
+done
+
+HELPDIR="/nix/store/0vkfqzpklvs9nmx6439vqwvlzwryd60j-zsh-5.9/share/zsh/$ZSH_VERSION/help"
+
+autoload -U compinit && compinit
+# History options should be set in .zshrc and after oh-my-zsh sourcing.
+# See https://github.com/nix-community/home-manager/issues/177.
+HISTSIZE="10000"
+SAVEHIST="10000"
+
+HISTFILE="/Users/empty/.zsh_history"
+mkdir -p "$(dirname "$HISTFILE")"
+
+# Set shell options
+set_opts=(
+  HIST_FCNTL_LOCK HIST_IGNORE_DUPS HIST_IGNORE_SPACE SHARE_HISTORY
+  NO_APPEND_HISTORY NO_EXTENDED_HISTORY NO_HIST_EXPIRE_DUPS_FIRST
+  NO_HIST_FIND_NO_DUPS NO_HIST_IGNORE_ALL_DUPS NO_HIST_SAVE_NO_DUPS
+)
+for opt in "${set_opts[@]}"; do
+  setopt "$opt"
+done
+unset opt set_opts
+
+# Outside NixOS, we need to load this manually. Same on MacOS, if
+# /etc/zshrc is reset to its default content (post-upgrade).
+if [ -r /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh ]; then
+  . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+fi
+
+if [ -r ~/dotfiles/assets/.zshrc ]; then
+  # Hack for faster iterations
+  . ~/dotfiles/assets/.zshrc
+else
+  . /nix/store/036d8d9k0wqwsg88azvzb8lb02hd22n2-.zshrc
+fi
+
+eval "$(/nix/store/wjg69ndjcayriaav4rqrfq93rqn8hsq4-direnv-2.37.1/bin/direnv hook zsh)"

exported/mac-portable/Library/Application Support/iTerm2/DynamicProfiles/nix-profile.json

@@ -0,0 +1 @@
+{"Profiles":[{"Columns":160,"Guid":"17DF2CCB-C7CD-4BCC-AC28-666DD6C8AF4A","Mouse Reporting":true,"Name":"Nix-Managed","Normal Font":"Menlo-Regular 13","Rows":45}]}

exported/mac-portable/Library/Fonts/.home-manager-fonts-version

@@ -0,0 +1 @@
+/nix/store/f1p62r5lq4ilsj6kla8mmzfqj4q57x45-home-manager-fonts

flake.nix

@@ -53,6 +53,13 @@
         pre-commit-check = inputs.git-hooks.lib.${system}.run (
           {
             src = ./.;
+            excludes = [ "^exported/" ];
+            hooks.export-mac-portable = {
+              enable = nixpkgs.lib.hasInfix "darwin" system;
+              name = "Build static mac-portable home directory files";
+              entry = "bin/export-home-config mac-portable && git add exported/mac-portable";
+              pass_filenames = false;
+            };
           }
           // inputs.fw_nix.lib.pre-commit
         );
@@ -92,6 +99,12 @@
         ];
       };
 
+      homeConfigurations.mac-portable = home-manager.lib.homeManagerConfiguration {
+        pkgs = nixpkgs.legacyPackages.x86_64-darwin;
+        extraSpecialArgs.primaryUser = "empty";
+        modules = [ self.homeModules.mac-portable ];
+      };
+
       darwinConfigurations.mars = darwin.lib.darwinSystem {
         system = "x86_64-darwin";
         specialArgs.primaryUser = "artem";

hosts/mars/home.nix

@@ -1,7 +1,6 @@
 {
   pkgs,
   lib,
-  config,
   trustedSSHKeys,
   ...
 }:
@@ -20,7 +19,7 @@
   home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
     run install -m 0600 -D \
       ${pkgs.writeText "keys" (builtins.concatStringsSep "\n" trustedSSHKeys)} \
-      ${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys
+      ''${HOME?}/.ssh/ephemeral_sshd/authorized_keys
   '';
 
   # TODO: consider

modules/home/common.nix

@@ -28,11 +28,11 @@
         . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
       fi
 
-      if [ -r ~/dotfiles/migrated/.zshrc ]; then
+      if [ -r ~/dotfiles/assets/.zshrc ]; then
         # Hack for faster iterations
-        . ~/dotfiles/migrated/.zshrc
+        . ~/dotfiles/assets/.zshrc
       else
-        . ${../../migrated/.zshrc}
+        . ${../../assets/.zshrc}
       fi
     '';
 
@@ -61,10 +61,11 @@
       vim-startify
     ];
     extraConfig = ''
-      if filereadable(expand("~/dotfiles/migrated/.vimrc"))
-        source ~/dotfiles/migrated/.vimrc
+      if filereadable(expand("~/dotfiles/assets/.vimrc"))
+        # Hack for faster iterations
+        source ~/dotfiles/assets/.vimrc
       else
-        source ${../../migrated/.vimrc}
+        source ${../../assets/.vimrc}
       endif
     '';
   };