diff options
| -rw-r--r-- | krebs/4lib/default.nix | 7 | ||||
| -rw-r--r-- | krebs/4lib/shell.nix | 22 | ||||
| -rw-r--r-- | krebs/5pkgs/default.nix | 32 | ||||
| -rw-r--r-- | krebs/5pkgs/nq.nix | 16 | ||||
| -rw-r--r-- | tv/1systems/wu.nix | 4 | ||||
| -rw-r--r-- | tv/2configs/charybdis.nix | 1 | ||||
| -rw-r--r-- | tv/2configs/mail-client.nix | 4 | ||||
| -rw-r--r-- | tv/2configs/test.nix | 25 | ||||
| -rw-r--r-- | tv/4lib/default.nix | 9 | ||||
| -rw-r--r-- | tv/5pkgs/default.nix | 4 |
10 files changed, 109 insertions, 15 deletions
diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index b67585335..ca7219c7e 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -14,5 +14,12 @@ builtins // lib // rec { dns = import ./dns.nix { inherit lib; }; listset = import ./listset.nix { inherit lib; }; + shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; + + toC = x: { + list = "{ ${concatStringsSep ", " (map toC x)} }"; + null = "NULL"; + string = toJSON x; # close enough + }.${typeOf x}; } diff --git a/krebs/4lib/shell.nix b/krebs/4lib/shell.nix new file mode 100644 index 000000000..2a6da5c16 --- /dev/null +++ b/krebs/4lib/shell.nix @@ -0,0 +1,22 @@ +{ lib, ... }: + +with builtins; +with lib; + +rec { + escape = + let + isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null; + in + stringAsChars (c: + if isSafeChar c then c + else if c == "\n" then "'\n'" + else "\\${c}"); + + # + # shell script generators + # + + # example: "${cat (toJSON { foo = "bar"; })} | jq -r .foo" + cat = s: "printf '%s' ${escape s}"; +} diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index 062f0a515..3658c43e0 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,17 +1,45 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: + +with import ../4lib { inherit lib; }; let inherit (pkgs) callPackage; in pkgs // -{ +rec { cac = callPackage ./cac.nix {}; dic = callPackage ./dic.nix {}; genid = callPackage ./genid.nix {}; github-hosts-sync = callPackage ./github-hosts-sync.nix {}; github-known_hosts = callPackage ./github-known_hosts.nix {}; hashPassword = callPackage ./hashPassword.nix {}; + nq = callPackage ./nq.nix {}; posix-array = callPackage ./posix-array.nix {}; youtube-tools = callPackage ./youtube-tools.nix {}; + + execve = name: { filename, argv, envp }: + writeC name {} '' + #include <unistd.h> + int main () { + const char *filename = ${toC filename}; + char *const argv[] = ${toC (argv ++ [null])}; + char *const envp[] = ${toC ( + mapAttrsToList (k: v: "${k}=${v}") envp ++ [null] + )}; + execve(filename, argv, envp); + return -1; + } + ''; + + writeC = name: {}: src: pkgs.runCommand name {} '' + PATH=${lib.makeSearchPath "bin" (with pkgs; [ + binutils + coreutils + gcc + ])} + in=${pkgs.writeText "${name}.c" src} + gcc -O -Wall -o $out $in + strip --strip-unneeded $out + ''; } diff --git a/krebs/5pkgs/nq.nix b/krebs/5pkgs/nq.nix new file mode 100644 index 000000000..0f397a43c --- /dev/null +++ b/krebs/5pkgs/nq.nix @@ -0,0 +1,16 @@ +{ fetchgit, stdenv }: + +stdenv.mkDerivation rec { + name = "nq-${rev}"; + rev = "0eae839cb1"; + + src = fetchgit { + url = https://github.com/chneukirchen/nq; + inherit rev; + sha256 = "1150274750cde934932d65bd6053d7a0ba2404a59eadfb87fc6bd8a4fb70febb"; + }; + + configurePhase = '' + sed -i "s:^PREFIX=.*:PREFIX=$out:" Makefile + ''; +} diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 2233b48d1..34ba5651e 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -3,7 +3,7 @@ with lib; let - tvpkgs = import ../5pkgs { inherit pkgs; }; + tvpkgs = import ../5pkgs { inherit lib pkgs; }; in { @@ -33,6 +33,7 @@ in ../2configs/mail-client.nix ../2configs/xserver.nix ../2configs/synaptics.nix # TODO w110er if xserver is enabled + ../2configs/test.nix ../2configs/urlwatch.nix { environment.systemPackages = with pkgs; [ @@ -92,6 +93,7 @@ in tmux tvpkgs.cac tvpkgs.dic + tvpkgs.nq zathura #ack diff --git a/tv/2configs/charybdis.nix b/tv/2configs/charybdis.nix index bf45bf294..a2952219d 100644 --- a/tv/2configs/charybdis.nix +++ b/tv/2configs/charybdis.nix @@ -590,6 +590,7 @@ let throttle_count = 4; max_ratelimit_tokens = 30; away_interval = 30; + disable_auth = yes; }; modules { diff --git a/tv/2configs/mail-client.nix b/tv/2configs/mail-client.nix index a632cf7c4..1daacdb4c 100644 --- a/tv/2configs/mail-client.nix +++ b/tv/2configs/mail-client.nix @@ -1,6 +1,6 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: -with import ../5pkgs { inherit pkgs; }; +with import ../5pkgs { inherit lib pkgs; }; { environment.systemPackages = [ diff --git a/tv/2configs/test.nix b/tv/2configs/test.nix new file mode 100644 index 000000000..f96b9e98e --- /dev/null +++ b/tv/2configs/test.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with import ../4lib { inherit lib pkgs; }; + +let + tvpkgs = import ../5pkgs { inherit lib pkgs; }; + + out = { + security.sudo.extraConfig = '' + tv ALL=(test) NOPASSWD: ALL + ''; + users.extraUsers.test = { + shell = "${test-shell}"; + }; + }; + + test-shell = tvpkgs.execve "test-shell" rec { + filename = "${pkgs.bash}/bin/bash"; + argv = ["sh" "--noprofile" "-l"]; + envp.ENV = pkgs.writeText "test-env" '' + ${shell.cat "Hello, `$(j0w\nd0g!)`!\\o/\n"} >&2 + ''; + }; + +in out diff --git a/tv/4lib/default.nix b/tv/4lib/default.nix index 352689af4..106535ba2 100644 --- a/tv/4lib/default.nix +++ b/tv/4lib/default.nix @@ -16,12 +16,5 @@ krebs // rec { # "7.4.335" -> "74" majmin = with lib; x : concatStrings (take 2 (splitString "." x)); - shell-escape = - let - isSafeChar = c: match "[-./0-9_a-zA-Z]" c != null; - in - stringAsChars (c: - if isSafeChar c then c - else if c == "\n" then "'\n'" - else "\\${c}"); + shell-escape = krebs.shell.escape; } diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix index 7b5d10a60..a0a22df9f 100644 --- a/tv/5pkgs/default.nix +++ b/tv/5pkgs/default.nix @@ -1,8 +1,8 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: let inherit (pkgs) callPackage; - kpkgs = import ../../krebs/5pkgs { inherit pkgs; }; + kpkgs = import ../../krebs/5pkgs { inherit lib pkgs; }; in kpkgs // { |