sprinkle with some write{B,D}ash

2016-06-13 02:04:22 +02:00 · 2016-06-13 02:04:22 +02:00 · a16f438314
commit a16f438314
parent fb226f3498
20 changed files with 32 additions and 51 deletions
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@ -135,8 +135,7 @@ let
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        PermissionsStartOnly = true;
-        ExecStartPre = pkgs.writeScript "acng-init" ''
-          #!/bin/sh
+        ExecStartPre = pkgs.writeDash "acng-init" ''
          mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
          chown acng:acng  ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
        '';
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@ -121,8 +121,7 @@ let
      "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
      "flock -n ${shell.escape plan.dst.path} rsync"
    ];
-  in pkgs.writeScript "backup.${plan.name}" ''
-    #! ${pkgs.bash}/bin/bash
+  in pkgs.writeBash "backup.${plan.name}" ''
    set -efu
    start_date=$(date +%s)
    ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@ -109,8 +109,7 @@ let
          Type = "simple";
          PrivateTmp = true;

-          ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
-            #!/bin/sh
+          ExecStartPre = assert server.secretKey != ""; pkgs.writeDash "bepasty-server.${name}-init" ''
            mkdir -p "${server.dataDir}" "${server.workDir}"
            chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
            cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@ -345,8 +345,7 @@ let
        Type = "forking";
        PIDFile = "${workdir}/twistd.pid";
        # TODO: maybe also prepare buildbot.tac?
-        ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
-          #!/bin/sh
+        ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
          set -efux
          if [ ! -e ${workdir} ];then
            mkdir -p ${workdir}
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@ -159,8 +159,7 @@ let
        Type = "forking";
        PIDFile = "${workdir}/twistd.pid";
        # TODO: maybe also prepare buildbot.tac?
-        ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
-          #!/bin/sh
+        ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
          set -efux
          mkdir -p ${workdir}/info
          cp ${buildbot-slave-init} ${workdir}/buildbot.tac
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@ -462,7 +462,7 @@ let

  reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));

-  # TODO makeGitHooks that uses runCommand instead of scriptFarm?
+  # TODO use `writeOut`
  scriptFarm =
    farm-name: scripts:
    let
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@ -37,8 +37,7 @@ let
        SyslogIdentifier = "github-hosts-sync";
        User = user.name;
        Restart = "always";
-        ExecStartPre = pkgs.writeScript "github-hosts-sync-init" ''
-          #! /bin/sh
+        ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
          set -euf
          install -m 0711 -o ${user.name} -d ${cfg.dataDir}
          install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@ -1,7 +1,7 @@
 arg@{ config, lib, pkgs, ... }:

 let
-  inherit (pkgs) writeScript writeText;
+  inherit (pkgs) writeText;

  inherit (builtins)
    elem
@ -175,8 +175,7 @@ let
        ${buildTables iptables-version tables}
      '';

-  startScript = writeScript "krebs-iptables_start" ''
-    #! /bin/sh
+  startScript = pkgs.writeDash "krebs-iptables_start" ''
    set -euf
    iptables-restore < ${rules4 4}
    ip6tables-restore < ${rules4 6}
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@ -1,12 +1,12 @@
 { config, lib, pkgs, ... }:

-with lib;
+with config.krebs.lib;
 let
  cfg = config.krebs.repo-sync;

  out = {
    options.krebs.repo-sync = api;
-    config = mkIf cfg.enable imp;
+    config = lib.mkIf cfg.enable imp;
  };

  api = {
@ -70,7 +70,7 @@ let
  imp = {
    users.users.repo-sync = {
      name = "repo-sync";
-      uid = config.krebs.lib.genid "repo-sync";
+      uid = genid "repo-sync";
      description = "repo-sync user";
      home = cfg.stateDir;
      createHome = true;
@ -95,9 +95,8 @@ let
      serviceConfig = {
        Type = "simple";
        PermissionsStartOnly = true;
-        ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
-          #! /bin/sh
-          cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
+        ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
+          cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
          chown repo-sync ${cfg.stateDir}/ssh.priv
        '';
        ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@ -159,13 +159,13 @@ let
      PrivateKeyFile = ${cfg.privkey.path}
      ${cfg.extraConfig}
    '';
-    "tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" ''
+    "tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" ''
      ${iproute}/sbin/ip link set ${cfg.netname} up
-      ${optionalString (net.ip4 != null) ''
+      ${optionalString (net.ip4 != null) /* sh */ ''
        ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
        ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
      ''}
-      ${optionalString (net.ip6 != null) ''
+      ${optionalString (net.ip6 != null) /* sh */ ''
        ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
        ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
      ''}
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@ -94,8 +94,7 @@ let
        TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
        restart = "always";

-        ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
-          #!/bin/sh
+        ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
          mkdir -p "${internal_dir}" "${external_dir}"
          if ! test -e "${cfg.workingDir}/internal/index.html"; then
            cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
@ -106,8 +105,7 @@ let
        '';
        ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";

-        ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
-          #!/bin/sh
+        ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
          # TODO: this may break if workingDir is set to something stupid
          # this is needed because homedir is created with 700
          chmod 755  "${cfg.workingDir}"
--- a/krebs/5pkgs/Reaktor/plugins.nix
+++ b/krebs/5pkgs/Reaktor/plugins.nix
@ -74,8 +74,7 @@ rec {
  };

  nixos-version = buildSimpleReaktorPlugin "nixos-version" {
-    script = pkgs.writeScript "nixos-version" ''
-      #! /bin/sh
+    script = pkgs.writeDash "nixos-version" ''
      . /etc/os-release
      echo "$PRETTY_NAME"
      '';
--- a/krebs/5pkgs/git-hooks/default.nix
+++ b/krebs/5pkgs/git-hooks/default.nix
@ -101,8 +101,7 @@ let
    fi
  '';

-  irc-announce-script = pkgs.writeScript "irc-announce-script" ''
-    #! /bin/sh
+  irc-announce-script = pkgs.writeDash "irc-announce-script" ''
    set -euf

    export PATH=${makeSearchPath "bin" (with pkgs; [
--- a/krebs/5pkgs/hashPassword/default.nix
+++ b/krebs/5pkgs/hashPassword/default.nix
@ -1,7 +1,6 @@
 { lib, pkgs, ... }:

-pkgs.writeScriptBin "hashPassword" ''
-  #! /bin/sh
+pkgs.writeDashBin "hashPassword" ''
  # usage: hashPassword
  set -euf

--- a/krebs/5pkgs/krebspaste/default.nix
+++ b/krebs/5pkgs/krebspaste/default.nix
@ -1,7 +1,6 @@
-{ writeScriptBin, pkgs }:
+{ writeDashBin, bepasty-client-cli }:

-# TODO: use `wrapProgram --add-flags` instead?
-writeScriptBin "krebspaste" ''
-  #! /bin/sh
-  exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
+# TODO use `execve` instead?
+writeDashBin "krebspaste" ''
+  exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
 ''
--- a/krebs/5pkgs/pssh/default.nix
+++ b/krebs/5pkgs/pssh/default.nix
@ -1,7 +1,6 @@
-{ writeScriptBin }:
+{ writeDashBin }:

-writeScriptBin "pssh" ''
-  #! /bin/sh
+writeDashBin "pssh" ''
  set -efu
  case ''${1-} in

--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@ -47,8 +47,7 @@ with config.krebs.lib;
  boot.tmpOnTmpfs = true;

  environment.systemPackages = with pkgs; [
-    (writeScriptBin "play" ''
-      #! /bin/sh
+    (writeDashBin "play" ''
      set -euf
      mpv() { exec ${mpv}/bin/mpv "$@"; }
      case $1 in
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@ -26,8 +26,7 @@ with config.krebs.lib;
        hashPassword
        haskellPackages.lentil
        parallel
-        (pkgs.writeScriptBin "im" ''
-          #! ${pkgs.bash}/bin/bash
+        (pkgs.writeBashBin "im" ''
          export PATH=${makeSearchPath "bin" (with pkgs; [
            tmux
            gnugrep
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@ -67,8 +67,7 @@ in
    };
    serviceConfig = {
      ExecStart = "${pkg}/bin/pulseaudio";
-      ExecStartPre = pkgs.writeScript "pulse-start" ''
-        #! /bin/sh
+      ExecStartPre = pkgs.writeDash "pulse-start" ''
        install -o pulse -g pulse -m 0750 -d ${runDir}
        install -o pulse -g pulse -m 0700 -d ${runDir}/home
      '';
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@ -3,8 +3,7 @@
 {
  nixpkgs.config.packageOverrides = {
    # TODO use XDG_RUNTIME_DIR?
-    cr = pkgs.writeScriptBin "cr" ''
-      #! /bin/sh
+    cr = pkgs.writeDashBin "cr" ''
      set -efu
      export LC_TIME=de_DE.utf8
      exec ${pkgs.chromium}/bin/chromium \