sprinkle with some write{B,D}ash

This commit is contained in:
tv 2016-06-13 02:04:22 +02:00
parent fb226f3498
commit a16f438314
20 changed files with 32 additions and 51 deletions

View File

@ -135,8 +135,7 @@ let
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
PermissionsStartOnly = true; PermissionsStartOnly = true;
ExecStartPre = pkgs.writeScript "acng-init" '' ExecStartPre = pkgs.writeDash "acng-init" ''
#!/bin/sh
mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir} mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir} chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
''; '';

View File

@ -121,8 +121,7 @@ let
"mkdir -m 0700 -p ${shell.escape plan.dst.path}/current" "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
"flock -n ${shell.escape plan.dst.path} rsync" "flock -n ${shell.escape plan.dst.path} rsync"
]; ];
in pkgs.writeScript "backup.${plan.name}" '' in pkgs.writeBash "backup.${plan.name}" ''
#! ${pkgs.bash}/bin/bash
set -efu set -efu
start_date=$(date +%s) start_date=$(date +%s)
ssh_target=${shell.escape login-name}@$(${fastest-address remote.host}) ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})

View File

@ -109,8 +109,7 @@ let
Type = "simple"; Type = "simple";
PrivateTmp = true; PrivateTmp = true;
ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" '' ExecStartPre = assert server.secretKey != ""; pkgs.writeDash "bepasty-server.${name}-init" ''
#!/bin/sh
mkdir -p "${server.dataDir}" "${server.workDir}" mkdir -p "${server.dataDir}" "${server.workDir}"
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}" chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF cat > "${server.workDir}/bepasty-${name}.conf" <<EOF

View File

@ -345,8 +345,7 @@ let
Type = "forking"; Type = "forking";
PIDFile = "${workdir}/twistd.pid"; PIDFile = "${workdir}/twistd.pid";
# TODO: maybe also prepare buildbot.tac? # TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeScript "buildbot-master-init" '' ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
#!/bin/sh
set -efux set -efux
if [ ! -e ${workdir} ];then if [ ! -e ${workdir} ];then
mkdir -p ${workdir} mkdir -p ${workdir}

View File

@ -159,8 +159,7 @@ let
Type = "forking"; Type = "forking";
PIDFile = "${workdir}/twistd.pid"; PIDFile = "${workdir}/twistd.pid";
# TODO: maybe also prepare buildbot.tac? # TODO: maybe also prepare buildbot.tac?
ExecStartPre = pkgs.writeScript "buildbot-master-init" '' ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
#!/bin/sh
set -efux set -efux
mkdir -p ${workdir}/info mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac cp ${buildbot-slave-init} ${workdir}/buildbot.tac

View File

@ -462,7 +462,7 @@ let
reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules)); reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
# TODO makeGitHooks that uses runCommand instead of scriptFarm? # TODO use `writeOut`
scriptFarm = scriptFarm =
farm-name: scripts: farm-name: scripts:
let let

View File

@ -37,8 +37,7 @@ let
SyslogIdentifier = "github-hosts-sync"; SyslogIdentifier = "github-hosts-sync";
User = user.name; User = user.name;
Restart = "always"; Restart = "always";
ExecStartPre = pkgs.writeScript "github-hosts-sync-init" '' ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
#! /bin/sh
set -euf set -euf
install -m 0711 -o ${user.name} -d ${cfg.dataDir} install -m 0711 -o ${user.name} -d ${cfg.dataDir}
install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh

View File

@ -1,7 +1,7 @@
arg@{ config, lib, pkgs, ... }: arg@{ config, lib, pkgs, ... }:
let let
inherit (pkgs) writeScript writeText; inherit (pkgs) writeText;
inherit (builtins) inherit (builtins)
elem elem
@ -175,8 +175,7 @@ let
${buildTables iptables-version tables} ${buildTables iptables-version tables}
''; '';
startScript = writeScript "krebs-iptables_start" '' startScript = pkgs.writeDash "krebs-iptables_start" ''
#! /bin/sh
set -euf set -euf
iptables-restore < ${rules4 4} iptables-restore < ${rules4 4}
ip6tables-restore < ${rules4 6} ip6tables-restore < ${rules4 6}

View File

@ -1,12 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with config.krebs.lib;
let let
cfg = config.krebs.repo-sync; cfg = config.krebs.repo-sync;
out = { out = {
options.krebs.repo-sync = api; options.krebs.repo-sync = api;
config = mkIf cfg.enable imp; config = lib.mkIf cfg.enable imp;
}; };
api = { api = {
@ -70,7 +70,7 @@ let
imp = { imp = {
users.users.repo-sync = { users.users.repo-sync = {
name = "repo-sync"; name = "repo-sync";
uid = config.krebs.lib.genid "repo-sync"; uid = genid "repo-sync";
description = "repo-sync user"; description = "repo-sync user";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; createHome = true;
@ -95,9 +95,8 @@ let
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
PermissionsStartOnly = true; PermissionsStartOnly = true;
ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" '' ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
#! /bin/sh cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
chown repo-sync ${cfg.stateDir}/ssh.priv chown repo-sync ${cfg.stateDir}/ssh.priv
''; '';
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}"; ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";

View File

@ -159,13 +159,13 @@ let
PrivateKeyFile = ${cfg.privkey.path} PrivateKeyFile = ${cfg.privkey.path}
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
"tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" '' "tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" ''
${iproute}/sbin/ip link set ${cfg.netname} up ${iproute}/sbin/ip link set ${cfg.netname} up
${optionalString (net.ip4 != null) '' ${optionalString (net.ip4 != null) /* sh */ ''
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname} ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname} ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
''} ''}
${optionalString (net.ip6 != null) '' ${optionalString (net.ip6 != null) /* sh */ ''
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname} ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname} ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
''} ''}

View File

@ -94,8 +94,7 @@ let
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
restart = "always"; restart = "always";
ExecStartPre = pkgs.writeScript "tinc_graphs-init" '' ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
#!/bin/sh
mkdir -p "${internal_dir}" "${external_dir}" mkdir -p "${internal_dir}" "${external_dir}"
if ! test -e "${cfg.workingDir}/internal/index.html"; then if ! test -e "${cfg.workingDir}/internal/index.html"; then
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}" cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
@ -106,8 +105,7 @@ let
''; '';
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs"; ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
ExecStartPost = pkgs.writeScript "tinc_graphs-post" '' ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
#!/bin/sh
# TODO: this may break if workingDir is set to something stupid # TODO: this may break if workingDir is set to something stupid
# this is needed because homedir is created with 700 # this is needed because homedir is created with 700
chmod 755 "${cfg.workingDir}" chmod 755 "${cfg.workingDir}"

View File

@ -74,8 +74,7 @@ rec {
}; };
nixos-version = buildSimpleReaktorPlugin "nixos-version" { nixos-version = buildSimpleReaktorPlugin "nixos-version" {
script = pkgs.writeScript "nixos-version" '' script = pkgs.writeDash "nixos-version" ''
#! /bin/sh
. /etc/os-release . /etc/os-release
echo "$PRETTY_NAME" echo "$PRETTY_NAME"
''; '';

View File

@ -101,8 +101,7 @@ let
fi fi
''; '';
irc-announce-script = pkgs.writeScript "irc-announce-script" '' irc-announce-script = pkgs.writeDash "irc-announce-script" ''
#! /bin/sh
set -euf set -euf
export PATH=${makeSearchPath "bin" (with pkgs; [ export PATH=${makeSearchPath "bin" (with pkgs; [

View File

@ -1,7 +1,6 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
pkgs.writeScriptBin "hashPassword" '' pkgs.writeDashBin "hashPassword" ''
#! /bin/sh
# usage: hashPassword # usage: hashPassword
set -euf set -euf

View File

@ -1,7 +1,6 @@
{ writeScriptBin, pkgs }: { writeDashBin, bepasty-client-cli }:
# TODO: use `wrapProgram --add-flags` instead? # TODO use `execve` instead?
writeScriptBin "krebspaste" '' writeDashBin "krebspaste" ''
#! /bin/sh exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
'' ''

View File

@ -1,7 +1,6 @@
{ writeScriptBin }: { writeDashBin }:
writeScriptBin "pssh" '' writeDashBin "pssh" ''
#! /bin/sh
set -efu set -efu
case ''${1-} in case ''${1-} in

View File

@ -47,8 +47,7 @@ with config.krebs.lib;
boot.tmpOnTmpfs = true; boot.tmpOnTmpfs = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(writeScriptBin "play" '' (writeDashBin "play" ''
#! /bin/sh
set -euf set -euf
mpv() { exec ${mpv}/bin/mpv "$@"; } mpv() { exec ${mpv}/bin/mpv "$@"; }
case $1 in case $1 in

View File

@ -26,8 +26,7 @@ with config.krebs.lib;
hashPassword hashPassword
haskellPackages.lentil haskellPackages.lentil
parallel parallel
(pkgs.writeScriptBin "im" '' (pkgs.writeBashBin "im" ''
#! ${pkgs.bash}/bin/bash
export PATH=${makeSearchPath "bin" (with pkgs; [ export PATH=${makeSearchPath "bin" (with pkgs; [
tmux tmux
gnugrep gnugrep

View File

@ -67,8 +67,7 @@ in
}; };
serviceConfig = { serviceConfig = {
ExecStart = "${pkg}/bin/pulseaudio"; ExecStart = "${pkg}/bin/pulseaudio";
ExecStartPre = pkgs.writeScript "pulse-start" '' ExecStartPre = pkgs.writeDash "pulse-start" ''
#! /bin/sh
install -o pulse -g pulse -m 0750 -d ${runDir} install -o pulse -g pulse -m 0750 -d ${runDir}
install -o pulse -g pulse -m 0700 -d ${runDir}/home install -o pulse -g pulse -m 0700 -d ${runDir}/home
''; '';

View File

@ -3,8 +3,7 @@
{ {
nixpkgs.config.packageOverrides = { nixpkgs.config.packageOverrides = {
# TODO use XDG_RUNTIME_DIR? # TODO use XDG_RUNTIME_DIR?
cr = pkgs.writeScriptBin "cr" '' cr = pkgs.writeDashBin "cr" ''
#! /bin/sh
set -efu set -efu
export LC_TIME=de_DE.utf8 export LC_TIME=de_DE.utf8
exec ${pkgs.chromium}/bin/chromium \ exec ${pkgs.chromium}/bin/chromium \