shell: improve hermeticity

* Add some missing tools and ssl cert bundles to fix builds when using
nix-shell --pure
* Replaced broken //tools:install with direct bazel build in shell.nix
initialization to prevent cache thrashing
* Added fontconfig file with roboto font for use in wkhtmltopdf

Change-Id: I062380df5f1d83a0fb2df8ca172f362fff9ecf8e
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1301
Reviewed-by: q3k <q3k@hackerspace.pl>
Reviewed-by: pl <pl@hackerspace.pl>

shell.nix

@@ -6,11 +6,28 @@ let
 
 in with hscloud.pkgs; let
 
+  fontconfig = pkgs.writeText "fc-00-nixos-cache.conf" ''
+    <?xml version="1.0" encoding="UTF-8"?>
+    <!DOCTYPE fontconfig SYSTEM "urn:fontconfig:fonts.dtd">
+    <fontconfig>
+      <include>/etc/fonts/fonts.conf</include>
+      <dir>${pkgs.roboto}</dir>
+    </fontconfig>
+  '';
+
   wrapper = pkgs.writeScript "wrapper.sh"
   ''
-    source /etc/profile
+    export NIX_SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
+    export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt"
+    export FONTCONFIG_FILE="${fontconfig}"
+
     source ${toString ./.}/env.sh
-    bazel run //tools:install
+
+    # FIXME: //tools:install runs in a different PATH which thrashes our cache
+    # and causes massive rebuilds on every launch... This next line is the only
+    # important part off tools/install.sh
+    # bazel run //tools:install
+    bazel build //tools/... //cluster/tools/...
 
     # Fancy colorful PS1 to make people notice easily they're in hscloud.
     PS1='\[\033]0;\u/hscloud:\w\007\]'
@@ -19,7 +36,7 @@ in with hscloud.pkgs; let
     fi
     export PS1
 
-    exec bash "$@"
+    exec bash --noprofile --norc "$@"
   '';
 
 in (pkgs.buildFHSUserEnv {
@@ -38,6 +55,10 @@ in (pkgs.buildFHSUserEnv {
     which
     gnupg
     nettools
+    file
+    curl
+    netcat
+    nix
   ];
   multiPkgs = pkgs: [
     (pkgs.runCommand "protocols" {}