{ sources ? import ./nix/sources.nix
, pkgs ? import sources.nixpkgs {
    overlays = [
      (self: super: {
        fysiweb-cli = import sources.fysiweb-cli { };
      })
      (self: super: {
        fysiweb.cli = pkgs.writers.writeDashBin "fysiweb" ''
          set -efu
          HETZNER_DNS_API_TOKEN=$(${self.pass}/bin/pass show hetznerdns-api-token); export HETZNER_DNS_API_TOKEN
          exec ${super.fysiweb.cli}/bin/fysiweb "$@"
        '';
      })
    ];
  }
}:
let inherit (pkgs) lib; in
pkgs.mkShell {
  buildInputs = [
    pkgs.authelia
    pkgs.fysiweb-cli
    pkgs.git
    pkgs.niv
    pkgs.pass
  ];
  shellHook = ''
    PASSWORD_STORE_DIR=${lib.escapeShellArg (toString ./.)}/secrets; export PASSWORD_STORE_DIR
  '';
}