From d2dbad256f8aa7c8870672cf72408deaec584175 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Mon, 19 Oct 2020 11:33:25 +0200
Subject: [PATCH] shell.nix: fix failing generate-secrets

generate-secrets failed due to the `PYTHONPATH` env var that was set
through the nixops19_09 buildInput.

Fixes:
- Don't pull in the build environments of binaries that should be
  available in PATH. Only extend PATH instead.
- Run generate-secrets in an empty environment
---
 examples/shell.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/examples/shell.nix b/examples/shell.nix
index 66d0f3b..a7787e3 100644
--- a/examples/shell.nix
+++ b/examples/shell.nix
@@ -20,10 +20,12 @@ with nixpkgs;
 stdenv.mkDerivation rec {
   name = "nix-bitcoin-environment";
 
-  buildInputs = [ nix-bitcoin.nixops19_09 nix-bitcoin.extra-container figlet ];
+  path = lib.makeBinPath [ nix-bitcoin.nixops19_09 nix-bitcoin.extra-container figlet ];
 
   shellHook = ''
     export NIX_PATH="nixpkgs=${nixpkgs-path}:nix-bitcoin=${toString nix-bitcoin-path}:."
+    export PATH="${path}''${PATH:+:}$PATH"
+
     alias fetch-release="${toString nix-bitcoin-path}/helper/fetch-release"
 
     # ssh-agent and nixops don't play well together (see
@@ -33,7 +35,7 @@ stdenv.mkDerivation rec {
     export SSH_AUTH_SOCK=""
 
     figlet "nix-bitcoin"
-    (mkdir -p secrets; cd secrets; ${nix-bitcoin.generate-secrets})
+    (mkdir -p secrets; cd secrets; env -i ${nix-bitcoin.generate-secrets})
 
     # Don't run this hook when another nix-shell is run inside this shell
     unset shellHook