From 3416a45b54e092c6b9b24738aa44d3c217982c26 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:32:46 +0200 Subject: [PATCH 1/8] withGetopt: pass "$@" to command --- krebs/5pkgs/simple/withGetopt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index fd59adcaf..21322b783 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -102,5 +102,5 @@ in writeDash wrapper-name '' export ${opt.varname} '') opts)} - ${cmd-script} + ${cmd-script} "$@" '' From 8179f87e5a434ebb21219b657c05a11e6811525f Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:42:27 +0200 Subject: [PATCH 2/8] lib shell.escape: escape the empty string as '' --- lib/shell.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/shell.nix b/lib/shell.nix index f9779028e..5be8d6759 100644 --- a/lib/shell.nix +++ b/lib/shell.nix @@ -7,10 +7,13 @@ rec { let isSafeChar = testString "[-+./0-9:=A-Z_a-z]"; in - stringAsChars (c: - if isSafeChar c then c - else if c == "\n" then "'\n'" - else "\\${c}"); + x: + if x == "" then "''" + else stringAsChars (c: + if isSafeChar c then c + else if c == "\n" then "'\n'" + else "\\${c}" + ) x; # # shell script generators From 9f85824da25311ec096d748798f49d09519e16aa Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:50:00 +0200 Subject: [PATCH 3/8] withGetopt: make long option optional --- krebs/5pkgs/simple/withGetopt.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index 21322b783..b7bd40126 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -45,9 +45,11 @@ in writeDash wrapper-name '' args=$(${utillinux}/bin/getopt \ -n "$wrapper_name" \ -o "" \ - -l ${concatMapStringsSep "," - (opt: opt.long + optionalString (!opt.switch) ":") - (attrValues opts)} \ + -l ${shell.escape + (concatMapStringsSep "," + (opt: opt.long + optionalString (!opt.switch) ":") + (filter (opt: opt.long != null) + (attrValues opts)))} \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi @@ -65,7 +67,9 @@ in writeDash wrapper-name '' shift 2 ''} ;; - '') opts)} + '') (filterAttrs + (_: opt: opt.long != null) + opts))} --) shift break From ab7e0c879cc0657ea7e25eb95ab89473f38c5507 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:51:07 +0200 Subject: [PATCH 4/8] withGetopt: sort getopt arguments --- krebs/5pkgs/simple/withGetopt.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index b7bd40126..7a19ccd29 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -38,18 +38,31 @@ in writeDash wrapper-name '' wrapper_name=${shell.escape wrapper-name} + # TODO + for i in "$@"; do + case $i in + -h|--help) + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' + printf ' %-16s %s\n' \ + --${shell.escape opt.long} \ + ${shell.escape (opt.description or "undocumented flag")} + '') opts)} + exit + esac + done + ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' unset ${opt.varname} '') opts)} args=$(${utillinux}/bin/getopt \ - -n "$wrapper_name" \ - -o "" \ -l ${shell.escape (concatMapStringsSep "," (opt: opt.long + optionalString (!opt.switch) ":") (filter (opt: opt.long != null) (attrValues opts)))} \ + -n "$wrapper_name" \ + -o "" \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi From 16e6046544378bd5cdac73a9099b1d9d22a712cb Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 20:59:08 +0200 Subject: [PATCH 5/8] withGetopt: support short options --- krebs/5pkgs/simple/withGetopt.nix | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/krebs/5pkgs/simple/withGetopt.nix b/krebs/5pkgs/simple/withGetopt.nix index 7a19ccd29..196e6765a 100644 --- a/krebs/5pkgs/simple/withGetopt.nix +++ b/krebs/5pkgs/simple/withGetopt.nix @@ -13,6 +13,7 @@ opt-spec: cmd-spec: let opts = mapAttrs (name: value: value // rec { long = value.long or (replaceStrings ["_"] ["-"] name); ref = value.ref or "\"\$${varname}\""; + short = value.short or null; switch = value.switch or false; varname = value.varname or (replaceStrings ["-"] ["_"] name); }) opt-spec; @@ -38,19 +39,6 @@ in writeDash wrapper-name '' wrapper_name=${shell.escape wrapper-name} - # TODO - for i in "$@"; do - case $i in - -h|--help) - ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' - printf ' %-16s %s\n' \ - --${shell.escape opt.long} \ - ${shell.escape (opt.description or "undocumented flag")} - '') opts)} - exit - esac - done - ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' unset ${opt.varname} '') opts)} @@ -62,7 +50,11 @@ in writeDash wrapper-name '' (filter (opt: opt.long != null) (attrValues opts)))} \ -n "$wrapper_name" \ - -o "" \ + -o ${shell.escape + (concatMapStringsSep "" + (opt: opt.short + optionalString (!opt.switch) ":") + (filter (opt: opt.short != null) + (attrValues opts)))} \ -s sh \ -- "$@") if \test $? != 0; then exit 1; fi @@ -71,7 +63,10 @@ in writeDash wrapper-name '' while :; do case $1 in ${concatStringsSep "\n" (mapAttrsToList (name: opt: /* sh */ '' - --${opt.long}) + (${concatMapStringsSep "|" shell.escape (filter (x: x != "") [ + (optionalString (opt.long != null) "--${opt.long}") + (optionalString (opt.short != null) "-${opt.short}") + ])}) ${if opt.switch then /* sh */ '' ${opt.varname}=true shift @@ -81,7 +76,7 @@ in writeDash wrapper-name '' ''} ;; '') (filterAttrs - (_: opt: opt.long != null) + (_: opt: opt.long != null || opt.short != null) opts))} --) shift From 3005faecd4f1bbd7fc8d001e8f57d5ac8b38d462 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 21:00:32 +0200 Subject: [PATCH 6/8] shell: use withGetopts for parse-target --- shell.nix | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/shell.nix b/shell.nix index 661ac81a8..4b8abed58 100644 --- a/shell.nix +++ b/shell.nix @@ -111,19 +111,13 @@ let # usage: parse-target [--default=TARGET] TARGET # TARGET = [USER@]HOST[:PORT][/PATH] - cmds.parse-target = pkgs.writeDash "cmds.parse-target" '' + cmds.parse-target = pkgs.withGetopt { + default_target = { + long = "default"; + short = "d"; + }; + } (opts: pkgs.writeDash "cmds.parse-target" '' set -efu - args=$(${pkgs.utillinux}/bin/getopt -n "$0" -s sh \ - -o d: \ - -l default: \ - -- "$@") - if \test $? != 0; then exit 1; fi - eval set -- "$args" - default_target= - while :; do case $1 in - -d|--default) default_target=$2; shift 2;; - --) shift; break;; - esac; done target=$1; shift for arg; do echo "$0: bad argument: $arg" >&2; done if \test $# != 0; then exit 2; fi @@ -142,7 +136,7 @@ let ($default_target | parse) + ($target | parse | sanitize) | . + { local: (.user == env.LOGNAME and .host == env.HOSTNAME) } ''} - ''; + ''); # usage: quote [ARGS...] cmds.quote = pkgs.writeDash "cmds.quote" '' From 516603010dfba3d8e3e1d4f7df210ddb99556dfd Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 22:27:16 +0200 Subject: [PATCH 7/8] tv cd: final commit --- tv/1systems/cd/config.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix index 341a62e45..e7e2cdc29 100644 --- a/tv/1systems/cd/config.nix +++ b/tv/1systems/cd/config.nix @@ -10,7 +10,8 @@ in { - + # TODO see XXX below + # ]; @@ -33,3 +34,17 @@ in { tcpdump ]; } + +# XXX this should be unnecessary, but when security.wrappers isn't defined, +# then install fails with: +# +# mktemp: failed to create directory via template '/run/wrappers/wrappers.XXXXXXXXXX': No such file or directory +# chmod: missing operand after 'a+rx' +# Try 'chmod --help' for more information. +# ln: failed to create symbolic link './bin': File exists +# cp: cannot create regular file '/run/wrappers/bin/exim': No such file or directory +# chown: cannot access '/run/wrappers/bin/exim': No such file or directory +# chmod: cannot access '/run/wrappers/bin/exim': No such file or directory +# cp: cannot create regular file '/run/wrappers/bin/sendmail': No such file or directory +# chown: cannot access '/run/wrappers/bin/sendmail': No such file or directory +# chmod: cannot access '/run/wrappers/bin/sendmail': No such file or directory From 94c57badae775cb863b76a6c6cb8c11012cd4f83 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 19 Sep 2017 22:28:36 +0200 Subject: [PATCH 8/8] tv cd: RIP, thanks for alots of no fish --- krebs/3modules/tv/default.nix | 46 -------------------------------- tv/1systems/cd/config.nix | 50 ----------------------------------- tv/1systems/cd/source.nix | 3 --- 3 files changed, 99 deletions(-) delete mode 100644 tv/1systems/cd/config.nix delete mode 100644 tv/1systems/cd/source.nix diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 79fa27bad..e80becfa7 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -32,52 +32,6 @@ with import ; ssh.privkey.path = ; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; - cd = { - ci = true; - cores = 2; - extraZones = { - # TODO generate krebsco.de zone from nets and don't use extraZones at all - "krebsco.de" = '' - cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr} - ''; - }; - nets = { - internet = { - ip4.addr = "45.62.237.203"; - aliases = [ - "cd.i" - "cd.krebsco.de" - ]; - ssh.port = 11423; - }; - retiolum = { - via = config.krebs.hosts.cd.nets.internet; - ip4.addr = "10.243.113.222"; - ip6.addr = "42:4522:25f8:36bb:8ccb:150:231a:2af3"; - aliases = [ - "cd.r" - "cgit.cd.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvmCBVNKT/Su4v9nl/Nm3STPo5QxWPg7xEkzIs3Oh39BS8+r6/7UQ - rebib7mczb+ebZd+Rg2yFoGrWO8cmM0VcLy5bYRMK7in8XroLEjWecNNM4TRfNR4 - e53+LhcPdkxo0A3/D+yiut+A2Mkqe+4VXDm/JhAiAYkZTn7jUtj00Atrc7CWW1gN - sP3jIgv4+CGftdSYOB4dm699B7OD9XDLci2kOaFqFl4cjDYUok03G0AduUlRx10v - CKbKOTIdm8C36A902/3ms+Hyzkruu+VagGIZuPSwqXHJPCu7Ju+jarKQstMmpQi0 - PubweWDL0o/Dfz2qT3DuL4xDecIvGE6kv3m41hHJYiK+2/azTSehyPFbsVbL7w0V - LgKN3usnZNcpTsBWxRGT7nMFSnX2FLDu7d9OfCuaXYxHVFLZaNrpccOq8NF/7Hbk - DDW81W7CvLyJDlp0WLnAawSOGTUTPoYv/2wAapJ89i8QGCueGvEc6o2EcnBVMFEW - ejWTQzyD816f4RsplnrRqLVlIMbr9Q/n5TvlgjjhX7IMEfMy4+7qLGRQkNbFzgwK - jxNG2fFSCjOEQitm0gAtx7QRIyvYr6c7/xiHz4AwxYzBmvQsL/OK57NO4+Krwgj5 - Vk8TQ2jGO7J4bB38zaxK+Lrtfl8i1AK1171JqFMhOc34JSJ7T4LWDMECAwEAAQ== - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = ; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; - }; ju = { external = true; nets = { diff --git a/tv/1systems/cd/config.nix b/tv/1systems/cd/config.nix deleted file mode 100644 index e7e2cdc29..000000000 --- a/tv/1systems/cd/config.nix +++ /dev/null @@ -1,50 +0,0 @@ -with import ; -{ config, pkgs, ... }: let - - bestGuessGateway = addr: elemAt (match "(.*)(\.[^.])" addr) 0 + ".1"; - -in { - krebs.build.host = config.krebs.hosts.cd; - - imports = [ - - - - # TODO see XXX below - # - - ]; - - networking = let - address = config.krebs.build.host.nets.internet.ip4.addr; - in { - defaultGateway = bestGuessGateway address; - interfaces.enp2s1.ip4 = singleton { - inherit address; - prefixLength = 24; - }; - nameservers = ["8.8.8.8"]; - }; - - environment.systemPackages = with pkgs; [ - iftop - iotop - iptables - nethogs - tcpdump - ]; -} - -# XXX this should be unnecessary, but when security.wrappers isn't defined, -# then install fails with: -# -# mktemp: failed to create directory via template '/run/wrappers/wrappers.XXXXXXXXXX': No such file or directory -# chmod: missing operand after 'a+rx' -# Try 'chmod --help' for more information. -# ln: failed to create symbolic link './bin': File exists -# cp: cannot create regular file '/run/wrappers/bin/exim': No such file or directory -# chown: cannot access '/run/wrappers/bin/exim': No such file or directory -# chmod: cannot access '/run/wrappers/bin/exim': No such file or directory -# cp: cannot create regular file '/run/wrappers/bin/sendmail': No such file or directory -# chown: cannot access '/run/wrappers/bin/sendmail': No such file or directory -# chmod: cannot access '/run/wrappers/bin/sendmail': No such file or directory diff --git a/tv/1systems/cd/source.nix b/tv/1systems/cd/source.nix deleted file mode 100644 index 019e8bc22..000000000 --- a/tv/1systems/cd/source.nix +++ /dev/null @@ -1,3 +0,0 @@ -import { - name = "cd"; -}