sprinkle with some write{B,D}ash
This commit is contained in:
parent
fb226f3498
commit
a16f438314
@ -135,8 +135,7 @@ let
|
|||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStartPre = pkgs.writeScript "acng-init" ''
|
ExecStartPre = pkgs.writeDash "acng-init" ''
|
||||||
#!/bin/sh
|
|
||||||
mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
||||||
chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
||||||
'';
|
'';
|
||||||
|
@ -121,8 +121,7 @@ let
|
|||||||
"mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
|
"mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
|
||||||
"flock -n ${shell.escape plan.dst.path} rsync"
|
"flock -n ${shell.escape plan.dst.path} rsync"
|
||||||
];
|
];
|
||||||
in pkgs.writeScript "backup.${plan.name}" ''
|
in pkgs.writeBash "backup.${plan.name}" ''
|
||||||
#! ${pkgs.bash}/bin/bash
|
|
||||||
set -efu
|
set -efu
|
||||||
start_date=$(date +%s)
|
start_date=$(date +%s)
|
||||||
ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})
|
ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})
|
||||||
|
@ -109,8 +109,7 @@ let
|
|||||||
Type = "simple";
|
Type = "simple";
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
|
|
||||||
ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
|
ExecStartPre = assert server.secretKey != ""; pkgs.writeDash "bepasty-server.${name}-init" ''
|
||||||
#!/bin/sh
|
|
||||||
mkdir -p "${server.dataDir}" "${server.workDir}"
|
mkdir -p "${server.dataDir}" "${server.workDir}"
|
||||||
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
|
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
|
||||||
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
|
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
|
||||||
|
@ -345,8 +345,7 @@ let
|
|||||||
Type = "forking";
|
Type = "forking";
|
||||||
PIDFile = "${workdir}/twistd.pid";
|
PIDFile = "${workdir}/twistd.pid";
|
||||||
# TODO: maybe also prepare buildbot.tac?
|
# TODO: maybe also prepare buildbot.tac?
|
||||||
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||||
#!/bin/sh
|
|
||||||
set -efux
|
set -efux
|
||||||
if [ ! -e ${workdir} ];then
|
if [ ! -e ${workdir} ];then
|
||||||
mkdir -p ${workdir}
|
mkdir -p ${workdir}
|
||||||
|
@ -159,8 +159,7 @@ let
|
|||||||
Type = "forking";
|
Type = "forking";
|
||||||
PIDFile = "${workdir}/twistd.pid";
|
PIDFile = "${workdir}/twistd.pid";
|
||||||
# TODO: maybe also prepare buildbot.tac?
|
# TODO: maybe also prepare buildbot.tac?
|
||||||
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||||
#!/bin/sh
|
|
||||||
set -efux
|
set -efux
|
||||||
mkdir -p ${workdir}/info
|
mkdir -p ${workdir}/info
|
||||||
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
||||||
|
@ -462,7 +462,7 @@ let
|
|||||||
|
|
||||||
reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
|
reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
|
||||||
|
|
||||||
# TODO makeGitHooks that uses runCommand instead of scriptFarm?
|
# TODO use `writeOut`
|
||||||
scriptFarm =
|
scriptFarm =
|
||||||
farm-name: scripts:
|
farm-name: scripts:
|
||||||
let
|
let
|
||||||
|
@ -37,8 +37,7 @@ let
|
|||||||
SyslogIdentifier = "github-hosts-sync";
|
SyslogIdentifier = "github-hosts-sync";
|
||||||
User = user.name;
|
User = user.name;
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
ExecStartPre = pkgs.writeScript "github-hosts-sync-init" ''
|
ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
|
||||||
#! /bin/sh
|
|
||||||
set -euf
|
set -euf
|
||||||
install -m 0711 -o ${user.name} -d ${cfg.dataDir}
|
install -m 0711 -o ${user.name} -d ${cfg.dataDir}
|
||||||
install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh
|
install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
arg@{ config, lib, pkgs, ... }:
|
arg@{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs) writeScript writeText;
|
inherit (pkgs) writeText;
|
||||||
|
|
||||||
inherit (builtins)
|
inherit (builtins)
|
||||||
elem
|
elem
|
||||||
@ -175,8 +175,7 @@ let
|
|||||||
${buildTables iptables-version tables}
|
${buildTables iptables-version tables}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
startScript = writeScript "krebs-iptables_start" ''
|
startScript = pkgs.writeDash "krebs-iptables_start" ''
|
||||||
#! /bin/sh
|
|
||||||
set -euf
|
set -euf
|
||||||
iptables-restore < ${rules4 4}
|
iptables-restore < ${rules4 4}
|
||||||
ip6tables-restore < ${rules4 6}
|
ip6tables-restore < ${rules4 6}
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
with config.krebs.lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.repo-sync;
|
cfg = config.krebs.repo-sync;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.krebs.repo-sync = api;
|
options.krebs.repo-sync = api;
|
||||||
config = mkIf cfg.enable imp;
|
config = lib.mkIf cfg.enable imp;
|
||||||
};
|
};
|
||||||
|
|
||||||
api = {
|
api = {
|
||||||
@ -70,7 +70,7 @@ let
|
|||||||
imp = {
|
imp = {
|
||||||
users.users.repo-sync = {
|
users.users.repo-sync = {
|
||||||
name = "repo-sync";
|
name = "repo-sync";
|
||||||
uid = config.krebs.lib.genid "repo-sync";
|
uid = genid "repo-sync";
|
||||||
description = "repo-sync user";
|
description = "repo-sync user";
|
||||||
home = cfg.stateDir;
|
home = cfg.stateDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
@ -95,9 +95,8 @@ let
|
|||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
|
ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
|
||||||
#! /bin/sh
|
cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
||||||
cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
|
||||||
chown repo-sync ${cfg.stateDir}/ssh.priv
|
chown repo-sync ${cfg.stateDir}/ssh.priv
|
||||||
'';
|
'';
|
||||||
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
||||||
|
@ -159,13 +159,13 @@ let
|
|||||||
PrivateKeyFile = ${cfg.privkey.path}
|
PrivateKeyFile = ${cfg.privkey.path}
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
"tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" ''
|
"tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" ''
|
||||||
${iproute}/sbin/ip link set ${cfg.netname} up
|
${iproute}/sbin/ip link set ${cfg.netname} up
|
||||||
${optionalString (net.ip4 != null) ''
|
${optionalString (net.ip4 != null) /* sh */ ''
|
||||||
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
|
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
|
||||||
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
|
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
|
||||||
''}
|
''}
|
||||||
${optionalString (net.ip6 != null) ''
|
${optionalString (net.ip6 != null) /* sh */ ''
|
||||||
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
|
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
|
||||||
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
|
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
|
||||||
''}
|
''}
|
||||||
|
@ -94,8 +94,7 @@ let
|
|||||||
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
|
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
|
||||||
restart = "always";
|
restart = "always";
|
||||||
|
|
||||||
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
|
||||||
#!/bin/sh
|
|
||||||
mkdir -p "${internal_dir}" "${external_dir}"
|
mkdir -p "${internal_dir}" "${external_dir}"
|
||||||
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
||||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
|
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
|
||||||
@ -106,8 +105,7 @@ let
|
|||||||
'';
|
'';
|
||||||
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
||||||
|
|
||||||
ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
|
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
|
||||||
#!/bin/sh
|
|
||||||
# TODO: this may break if workingDir is set to something stupid
|
# TODO: this may break if workingDir is set to something stupid
|
||||||
# this is needed because homedir is created with 700
|
# this is needed because homedir is created with 700
|
||||||
chmod 755 "${cfg.workingDir}"
|
chmod 755 "${cfg.workingDir}"
|
||||||
|
@ -74,8 +74,7 @@ rec {
|
|||||||
};
|
};
|
||||||
|
|
||||||
nixos-version = buildSimpleReaktorPlugin "nixos-version" {
|
nixos-version = buildSimpleReaktorPlugin "nixos-version" {
|
||||||
script = pkgs.writeScript "nixos-version" ''
|
script = pkgs.writeDash "nixos-version" ''
|
||||||
#! /bin/sh
|
|
||||||
. /etc/os-release
|
. /etc/os-release
|
||||||
echo "$PRETTY_NAME"
|
echo "$PRETTY_NAME"
|
||||||
'';
|
'';
|
||||||
|
@ -101,8 +101,7 @@ let
|
|||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
irc-announce-script = pkgs.writeScript "irc-announce-script" ''
|
irc-announce-script = pkgs.writeDash "irc-announce-script" ''
|
||||||
#! /bin/sh
|
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
{ lib, pkgs, ... }:
|
{ lib, pkgs, ... }:
|
||||||
|
|
||||||
pkgs.writeScriptBin "hashPassword" ''
|
pkgs.writeDashBin "hashPassword" ''
|
||||||
#! /bin/sh
|
|
||||||
# usage: hashPassword
|
# usage: hashPassword
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
{ writeScriptBin, pkgs }:
|
{ writeDashBin, bepasty-client-cli }:
|
||||||
|
|
||||||
# TODO: use `wrapProgram --add-flags` instead?
|
# TODO use `execve` instead?
|
||||||
writeScriptBin "krebspaste" ''
|
writeDashBin "krebspaste" ''
|
||||||
#! /bin/sh
|
exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
|
||||||
exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
|
|
||||||
''
|
''
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
{ writeScriptBin }:
|
{ writeDashBin }:
|
||||||
|
|
||||||
writeScriptBin "pssh" ''
|
writeDashBin "pssh" ''
|
||||||
#! /bin/sh
|
|
||||||
set -efu
|
set -efu
|
||||||
case ''${1-} in
|
case ''${1-} in
|
||||||
|
|
||||||
|
@ -47,8 +47,7 @@ with config.krebs.lib;
|
|||||||
boot.tmpOnTmpfs = true;
|
boot.tmpOnTmpfs = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
(writeScriptBin "play" ''
|
(writeDashBin "play" ''
|
||||||
#! /bin/sh
|
|
||||||
set -euf
|
set -euf
|
||||||
mpv() { exec ${mpv}/bin/mpv "$@"; }
|
mpv() { exec ${mpv}/bin/mpv "$@"; }
|
||||||
case $1 in
|
case $1 in
|
||||||
|
@ -26,8 +26,7 @@ with config.krebs.lib;
|
|||||||
hashPassword
|
hashPassword
|
||||||
haskellPackages.lentil
|
haskellPackages.lentil
|
||||||
parallel
|
parallel
|
||||||
(pkgs.writeScriptBin "im" ''
|
(pkgs.writeBashBin "im" ''
|
||||||
#! ${pkgs.bash}/bin/bash
|
|
||||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||||
tmux
|
tmux
|
||||||
gnugrep
|
gnugrep
|
||||||
|
@ -67,8 +67,7 @@ in
|
|||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkg}/bin/pulseaudio";
|
ExecStart = "${pkg}/bin/pulseaudio";
|
||||||
ExecStartPre = pkgs.writeScript "pulse-start" ''
|
ExecStartPre = pkgs.writeDash "pulse-start" ''
|
||||||
#! /bin/sh
|
|
||||||
install -o pulse -g pulse -m 0750 -d ${runDir}
|
install -o pulse -g pulse -m 0750 -d ${runDir}
|
||||||
install -o pulse -g pulse -m 0700 -d ${runDir}/home
|
install -o pulse -g pulse -m 0700 -d ${runDir}/home
|
||||||
'';
|
'';
|
||||||
|
@ -3,8 +3,7 @@
|
|||||||
{
|
{
|
||||||
nixpkgs.config.packageOverrides = {
|
nixpkgs.config.packageOverrides = {
|
||||||
# TODO use XDG_RUNTIME_DIR?
|
# TODO use XDG_RUNTIME_DIR?
|
||||||
cr = pkgs.writeScriptBin "cr" ''
|
cr = pkgs.writeDashBin "cr" ''
|
||||||
#! /bin/sh
|
|
||||||
set -efu
|
set -efu
|
||||||
export LC_TIME=de_DE.utf8
|
export LC_TIME=de_DE.utf8
|
||||||
exec ${pkgs.chromium}/bin/chromium \
|
exec ${pkgs.chromium}/bin/chromium \
|
||||||
|
Loading…
Reference in New Issue
Block a user