sprinkle with some write{B,D}ash
This commit is contained in:
parent
fb226f3498
commit
a16f438314
@ -135,8 +135,7 @@ let
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true;
|
||||
ExecStartPre = pkgs.writeScript "acng-init" ''
|
||||
#!/bin/sh
|
||||
ExecStartPre = pkgs.writeDash "acng-init" ''
|
||||
mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
||||
chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
||||
'';
|
||||
|
@ -121,8 +121,7 @@ let
|
||||
"mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
|
||||
"flock -n ${shell.escape plan.dst.path} rsync"
|
||||
];
|
||||
in pkgs.writeScript "backup.${plan.name}" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
in pkgs.writeBash "backup.${plan.name}" ''
|
||||
set -efu
|
||||
start_date=$(date +%s)
|
||||
ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})
|
||||
|
@ -109,8 +109,7 @@ let
|
||||
Type = "simple";
|
||||
PrivateTmp = true;
|
||||
|
||||
ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
|
||||
#!/bin/sh
|
||||
ExecStartPre = assert server.secretKey != ""; pkgs.writeDash "bepasty-server.${name}-init" ''
|
||||
mkdir -p "${server.dataDir}" "${server.workDir}"
|
||||
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
|
||||
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
|
||||
|
@ -345,8 +345,7 @@ let
|
||||
Type = "forking";
|
||||
PIDFile = "${workdir}/twistd.pid";
|
||||
# TODO: maybe also prepare buildbot.tac?
|
||||
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
||||
#!/bin/sh
|
||||
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||
set -efux
|
||||
if [ ! -e ${workdir} ];then
|
||||
mkdir -p ${workdir}
|
||||
|
@ -159,8 +159,7 @@ let
|
||||
Type = "forking";
|
||||
PIDFile = "${workdir}/twistd.pid";
|
||||
# TODO: maybe also prepare buildbot.tac?
|
||||
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
||||
#!/bin/sh
|
||||
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||
set -efux
|
||||
mkdir -p ${workdir}/info
|
||||
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
||||
|
@ -462,7 +462,7 @@ let
|
||||
|
||||
reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
|
||||
|
||||
# TODO makeGitHooks that uses runCommand instead of scriptFarm?
|
||||
# TODO use `writeOut`
|
||||
scriptFarm =
|
||||
farm-name: scripts:
|
||||
let
|
||||
|
@ -37,8 +37,7 @@ let
|
||||
SyslogIdentifier = "github-hosts-sync";
|
||||
User = user.name;
|
||||
Restart = "always";
|
||||
ExecStartPre = pkgs.writeScript "github-hosts-sync-init" ''
|
||||
#! /bin/sh
|
||||
ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
|
||||
set -euf
|
||||
install -m 0711 -o ${user.name} -d ${cfg.dataDir}
|
||||
install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh
|
||||
|
@ -1,7 +1,7 @@
|
||||
arg@{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (pkgs) writeScript writeText;
|
||||
inherit (pkgs) writeText;
|
||||
|
||||
inherit (builtins)
|
||||
elem
|
||||
@ -175,8 +175,7 @@ let
|
||||
${buildTables iptables-version tables}
|
||||
'';
|
||||
|
||||
startScript = writeScript "krebs-iptables_start" ''
|
||||
#! /bin/sh
|
||||
startScript = pkgs.writeDash "krebs-iptables_start" ''
|
||||
set -euf
|
||||
iptables-restore < ${rules4 4}
|
||||
ip6tables-restore < ${rules4 6}
|
||||
|
@ -1,12 +1,12 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with config.krebs.lib;
|
||||
let
|
||||
cfg = config.krebs.repo-sync;
|
||||
|
||||
out = {
|
||||
options.krebs.repo-sync = api;
|
||||
config = mkIf cfg.enable imp;
|
||||
config = lib.mkIf cfg.enable imp;
|
||||
};
|
||||
|
||||
api = {
|
||||
@ -70,7 +70,7 @@ let
|
||||
imp = {
|
||||
users.users.repo-sync = {
|
||||
name = "repo-sync";
|
||||
uid = config.krebs.lib.genid "repo-sync";
|
||||
uid = genid "repo-sync";
|
||||
description = "repo-sync user";
|
||||
home = cfg.stateDir;
|
||||
createHome = true;
|
||||
@ -95,9 +95,8 @@ let
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
PermissionsStartOnly = true;
|
||||
ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
|
||||
#! /bin/sh
|
||||
cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
||||
ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
|
||||
cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
||||
chown repo-sync ${cfg.stateDir}/ssh.priv
|
||||
'';
|
||||
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
||||
|
@ -159,13 +159,13 @@ let
|
||||
PrivateKeyFile = ${cfg.privkey.path}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
"tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" ''
|
||||
"tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" ''
|
||||
${iproute}/sbin/ip link set ${cfg.netname} up
|
||||
${optionalString (net.ip4 != null) ''
|
||||
${optionalString (net.ip4 != null) /* sh */ ''
|
||||
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
|
||||
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
|
||||
''}
|
||||
${optionalString (net.ip6 != null) ''
|
||||
${optionalString (net.ip6 != null) /* sh */ ''
|
||||
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
|
||||
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
|
||||
''}
|
||||
|
@ -94,8 +94,7 @@ let
|
||||
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
|
||||
restart = "always";
|
||||
|
||||
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
||||
#!/bin/sh
|
||||
ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
|
||||
mkdir -p "${internal_dir}" "${external_dir}"
|
||||
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
|
||||
@ -106,8 +105,7 @@ let
|
||||
'';
|
||||
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
||||
|
||||
ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
|
||||
#!/bin/sh
|
||||
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
|
||||
# TODO: this may break if workingDir is set to something stupid
|
||||
# this is needed because homedir is created with 700
|
||||
chmod 755 "${cfg.workingDir}"
|
||||
|
@ -74,8 +74,7 @@ rec {
|
||||
};
|
||||
|
||||
nixos-version = buildSimpleReaktorPlugin "nixos-version" {
|
||||
script = pkgs.writeScript "nixos-version" ''
|
||||
#! /bin/sh
|
||||
script = pkgs.writeDash "nixos-version" ''
|
||||
. /etc/os-release
|
||||
echo "$PRETTY_NAME"
|
||||
'';
|
||||
|
@ -101,8 +101,7 @@ let
|
||||
fi
|
||||
'';
|
||||
|
||||
irc-announce-script = pkgs.writeScript "irc-announce-script" ''
|
||||
#! /bin/sh
|
||||
irc-announce-script = pkgs.writeDash "irc-announce-script" ''
|
||||
set -euf
|
||||
|
||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
|
@ -1,7 +1,6 @@
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
pkgs.writeScriptBin "hashPassword" ''
|
||||
#! /bin/sh
|
||||
pkgs.writeDashBin "hashPassword" ''
|
||||
# usage: hashPassword
|
||||
set -euf
|
||||
|
||||
|
@ -1,7 +1,6 @@
|
||||
{ writeScriptBin, pkgs }:
|
||||
{ writeDashBin, bepasty-client-cli }:
|
||||
|
||||
# TODO: use `wrapProgram --add-flags` instead?
|
||||
writeScriptBin "krebspaste" ''
|
||||
#! /bin/sh
|
||||
exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
|
||||
# TODO use `execve` instead?
|
||||
writeDashBin "krebspaste" ''
|
||||
exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
|
||||
''
|
||||
|
@ -1,7 +1,6 @@
|
||||
{ writeScriptBin }:
|
||||
{ writeDashBin }:
|
||||
|
||||
writeScriptBin "pssh" ''
|
||||
#! /bin/sh
|
||||
writeDashBin "pssh" ''
|
||||
set -efu
|
||||
case ''${1-} in
|
||||
|
||||
|
@ -47,8 +47,7 @@ with config.krebs.lib;
|
||||
boot.tmpOnTmpfs = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
(writeScriptBin "play" ''
|
||||
#! /bin/sh
|
||||
(writeDashBin "play" ''
|
||||
set -euf
|
||||
mpv() { exec ${mpv}/bin/mpv "$@"; }
|
||||
case $1 in
|
||||
|
@ -26,8 +26,7 @@ with config.krebs.lib;
|
||||
hashPassword
|
||||
haskellPackages.lentil
|
||||
parallel
|
||||
(pkgs.writeScriptBin "im" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
(pkgs.writeBashBin "im" ''
|
||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||
tmux
|
||||
gnugrep
|
||||
|
@ -67,8 +67,7 @@ in
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkg}/bin/pulseaudio";
|
||||
ExecStartPre = pkgs.writeScript "pulse-start" ''
|
||||
#! /bin/sh
|
||||
ExecStartPre = pkgs.writeDash "pulse-start" ''
|
||||
install -o pulse -g pulse -m 0750 -d ${runDir}
|
||||
install -o pulse -g pulse -m 0700 -d ${runDir}/home
|
||||
'';
|
||||
|
@ -3,8 +3,7 @@
|
||||
{
|
||||
nixpkgs.config.packageOverrides = {
|
||||
# TODO use XDG_RUNTIME_DIR?
|
||||
cr = pkgs.writeScriptBin "cr" ''
|
||||
#! /bin/sh
|
||||
cr = pkgs.writeDashBin "cr" ''
|
||||
set -efu
|
||||
export LC_TIME=de_DE.utf8
|
||||
exec ${pkgs.chromium}/bin/chromium \
|
||||
|
Loading…
Reference in New Issue
Block a user