From 3c61d227cf189967071501fa73b27697fc2d63a5 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 13 Jun 2016 01:12:10 +0200 Subject: [PATCH 1/9] lib.guard: init --- krebs/4lib/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index bfe8c581c..da936fad6 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -15,6 +15,16 @@ let out = rec { addNames = mapAttrs addName; + guard = spec@{ type, value, ... }: + assert isOptionType type; + if type.check value + then value + else throw (toString (filter isString [ + "argument" + (if spec ? name then "‘${spec.name}’" else null) + "is not a ${type.name}" + ])); + types = import ./types.nix { inherit config; lib = lib // { inherit genid optionalTrace; }; From 2adb41310c16c43546a6855a1f6dbcc1c96dc344 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 13 Jun 2016 01:23:44 +0200 Subject: [PATCH 2/9] lib.lpad: init --- krebs/4lib/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index da936fad6..09d416d44 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -37,6 +37,11 @@ let out = rec { shell = import ./shell.nix { inherit lib; }; tree = import ./tree.nix { inherit lib; }; + lpad = n: c: s: + if stringLength s < n + then lpad n c (c + s) + else s; + toC = x: let type = typeOf x; reject = throw "cannot convert ${type}"; From fcfe4b646153e36aa9c8485693a13ae83c83a44d Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 13 Jun 2016 01:37:51 +0200 Subject: [PATCH 3/9] types.file-mode: init --- krebs/4lib/types.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 4742877a7..2f9828bb0 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -163,7 +163,7 @@ types // rec { secret-file = submodule ({ config, ... }: { options = { path = mkOption { type = str; }; - mode = mkOption { type = str; default = "0400"; }; + mode = mkOption { type = file-mode; default = "0400"; }; owner = mkOption { type = user; default = config.krebs.users.root; @@ -293,6 +293,12 @@ types // rec { }; }; + file-mode = mkOptionType { + name = "file mode"; + check = x: isString x && match "[0-7]{4}" x != null; + merge = mergeOneOption; + }; + haskell.conid = mkOptionType { name = "Haskell constructor identifier"; check = x: From e769ff083892d6e4daafee657dae4f2223ce7727 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 13 Jun 2016 01:28:43 +0200 Subject: [PATCH 4/9] lib.write{Files => Out}: admit file mode --- krebs/5pkgs/builders.nix | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 8ba0ab5a7..13f30ac41 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -81,12 +81,23 @@ rec { mv "$textPath" $out ''; - writeFiles = name: specs0: + writeOut = name: specs0: let - specs = mapAttrsToList (path: spec0: { - path = assert types.pathname.check path; path; + specs = mapAttrsToList (path0: spec0: rec { + path = guard { + type = types.pathname; + value = path0; + }; var = "file_${hashString "sha1" path}"; text = spec0.text; + executable = guard { + type = types.bool; + value = spec0.executable or false; + }; + mode = guard { + type = types.file-mode; + value = spec0.mode or (if executable then "0755" else "0644"); + }; }) specs0; filevars = genAttrs' specs (spec: nameValuePair spec.var spec.text); @@ -97,7 +108,7 @@ rec { set -efu PATH=${makeBinPath [pkgs.coreutils]} ${concatMapStrings (spec: /* sh */ '' - install -D ''$${spec.var}Path $out${spec.path} + install -m ${spec.mode} -D ''$${spec.var}Path $out${spec.path} '') specs} ''; From 0cfce6d18d93981db251611e276d4734d4ab0cde Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 13 Jun 2016 01:30:06 +0200 Subject: [PATCH 5/9] makeScriptWriter: init --- krebs/5pkgs/builders.nix | 43 ++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 26 deletions(-) diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 13f30ac41..4aad51c5e 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -28,20 +28,20 @@ rec { execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; }); - writeBash = name: text: pkgs.writeScript name '' - #! ${pkgs.bash}/bin/bash - ${text} - ''; + makeScriptWriter = interpreter: name: text: + assert (with types; either absolute-pathname filename).check name; + pkgs.writeOut (baseNameOf name) { + ${optionalString (types.absolute-pathname.check name) name} = { + executable = true; + text = "#! ${interpreter}\n${text}"; + }; + }; - writeBashBin = name: text: pkgs.writeTextFile { - executable = true; - destination = "/bin/${name}"; - name = name; - text = '' - #! ${pkgs.bash}/bin/bash - ${text} - ''; - }; + writeBash = makeScriptWriter "${pkgs.bash}/bin/bash"; + + writeBashBin = name: + assert types.filename.check name; + pkgs.writeBash "/bin/${name}"; writeC = name: { destination ? "" }: src: pkgs.runCommand name {} '' PATH=${makeBinPath (with pkgs; [ @@ -56,20 +56,11 @@ rec { strip --strip-unneeded "$exe" ''; - writeDash = name: text: pkgs.writeScript name '' - #! ${pkgs.dash}/bin/dash - ${text} - ''; + writeDash = makeScriptWriter "${pkgs.dash}/bin/dash"; - writeDashBin = name: text: pkgs.writeTextFile { - executable = true; - destination = "/bin/${name}"; - name = name; - text = '' - #! ${pkgs.dash}/bin/dash - ${text} - ''; - }; + writeDashBin = name: + assert types.filename.check name; + pkgs.writeDash "/bin/${name}"; writeEximConfig = name: text: pkgs.runCommand name { inherit text; From 3846e08de8187fc3ba531d41f830002847466976 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 13 Jun 2016 01:40:57 +0200 Subject: [PATCH 6/9] types.{addr*,label,{host,file,{absolute-,}path}name}: use isString --- krebs/4lib/types.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index 2f9828bb0..0d5b51f76 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -239,7 +239,7 @@ types // rec { check = let IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in concatMapStringsSep "." (const d) (range 1 4); - in x: match IPv4address x != null; + in x: isString x && match IPv4address x != null; merge = mergeOneOption; }; addr6 = mkOptionType { @@ -247,7 +247,7 @@ types // rec { check = let # TODO check IPv6 address harder IPv6address = "[0-9a-f.:]+"; - in x: match IPv6address x != null; + in x: isString x && match IPv6address x != null; merge = mergeOneOption; }; @@ -315,7 +315,7 @@ types // rec { # RFC952, B. Lexical grammar, hostname = mkOptionType { name = "hostname"; - check = x: all label.check (splitString "." x); + check = x: isString x && all label.check (splitString "." x); merge = mergeOneOption; }; @@ -324,14 +324,15 @@ types // rec { label = mkOptionType { name = "label"; # TODO case-insensitive labels - check = x: match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null; + check = x: isString x + && match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null; merge = mergeOneOption; }; # POSIX.1‐2013, 3.278 Portable Filename Character Set filename = mkOptionType { name = "POSIX filename"; - check = x: match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null; + check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null; merge = mergeOneOption; }; @@ -341,7 +342,7 @@ types // rec { absolute-pathname = mkOptionType { name = "POSIX absolute pathname"; check = x: let xs = splitString "/" x; xa = head xs; in - xa == "/" || (xa == "" && all filename.check (tail xs)); + isString x && (xa == "/" || (xa == "" && all filename.check (tail xs))); merge = mergeOneOption; }; @@ -350,7 +351,7 @@ types // rec { pathname = mkOptionType { name = "POSIX pathname"; check = x: let xs = splitString "/" x; in - all filename.check (if head xs == "" then tail xs else xs); + isString x && all filename.check (if head xs == "" then tail xs else xs); merge = mergeOneOption; }; From fb226f349843c080d6c81b60301a3a93977b99a4 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 13 Jun 2016 01:48:59 +0200 Subject: [PATCH 7/9] lib.genAttrs': init --- krebs/4lib/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/4lib/default.nix b/krebs/4lib/default.nix index 09d416d44..afff17296 100644 --- a/krebs/4lib/default.nix +++ b/krebs/4lib/default.nix @@ -56,6 +56,8 @@ let out = rec { mapAttrs (name: _: path + "/${name}") (filterAttrs (_: eq "directory") (readDir path)); + genAttrs' = names: f: listToAttrs (map f names); + setAttr = name: value: set: set // { ${name} = value; }; optionalTrace = c: msg: x: if c then trace msg x else x; From a16f4383142403eab145a8d147e5c9c93309ba4f Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 13 Jun 2016 02:04:22 +0200 Subject: [PATCH 8/9] sprinkle with some write{B,D}ash --- krebs/3modules/apt-cacher-ng.nix | 3 +-- krebs/3modules/backup.nix | 3 +-- krebs/3modules/bepasty-server.nix | 3 +-- krebs/3modules/buildbot/master.nix | 3 +-- krebs/3modules/buildbot/slave.nix | 3 +-- krebs/3modules/git.nix | 2 +- krebs/3modules/github-hosts-sync.nix | 3 +-- krebs/3modules/iptables.nix | 5 ++--- krebs/3modules/repo-sync.nix | 11 +++++------ krebs/3modules/retiolum.nix | 6 +++--- krebs/3modules/tinc_graphs.nix | 6 ++---- krebs/5pkgs/Reaktor/plugins.nix | 3 +-- krebs/5pkgs/git-hooks/default.nix | 3 +-- krebs/5pkgs/hashPassword/default.nix | 3 +-- krebs/5pkgs/krebspaste/default.nix | 9 ++++----- krebs/5pkgs/pssh/default.nix | 5 ++--- tv/1systems/nomic.nix | 3 +-- tv/1systems/xu.nix | 3 +-- tv/2configs/pulse.nix | 3 +-- tv/5pkgs/default.nix | 3 +-- 20 files changed, 32 insertions(+), 51 deletions(-) diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index 46b405842..e80d383f8 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -135,8 +135,7 @@ let wantedBy = [ "multi-user.target" ]; serviceConfig = { PermissionsStartOnly = true; - ExecStartPre = pkgs.writeScript "acng-init" '' - #!/bin/sh + ExecStartPre = pkgs.writeDash "acng-init" '' mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir} chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir} ''; diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 71b22d8cb..4569d400f 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -121,8 +121,7 @@ let "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current" "flock -n ${shell.escape plan.dst.path} rsync" ]; - in pkgs.writeScript "backup.${plan.name}" '' - #! ${pkgs.bash}/bin/bash + in pkgs.writeBash "backup.${plan.name}" '' set -efu start_date=$(date +%s) ssh_target=${shell.escape login-name}@$(${fastest-address remote.host}) diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index cbf87b2a7..080d2188d 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -109,8 +109,7 @@ let Type = "simple"; PrivateTmp = true; - ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" '' - #!/bin/sh + ExecStartPre = assert server.secretKey != ""; pkgs.writeDash "bepasty-server.${name}-init" '' mkdir -p "${server.dataDir}" "${server.workDir}" chown bepasty:bepasty "${server.workDir}" "${server.dataDir}" cat > "${server.workDir}/bepasty-${name}.conf" < Date: Mon, 13 Jun 2016 02:23:30 +0200 Subject: [PATCH 9/9] scatter some sigils --- krebs/5pkgs/builders.nix | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index 4aad51c5e..924e0c086 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -2,16 +2,16 @@ with config.krebs.lib; rec { execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let - in writeC name { inherit destination; } '' + in writeC name { inherit destination; } /* c */ '' #include static char *const filename = ${toC filename}; ${if argv == null - then /* Propagate arguments */ '' + then /* Propagate arguments */ /* c */ '' #define MAIN_ARGS int argc, char **argv '' - else /* Provide fixed arguments */ '' + else /* Provide fixed arguments */ /* c */ '' #define MAIN_ARGS void static char *const argv[] = ${toC (argv ++ [null])}; ''} @@ -43,7 +43,7 @@ rec { assert types.filename.check name; pkgs.writeBash "/bin/${name}"; - writeC = name: { destination ? "" }: src: pkgs.runCommand name {} '' + writeC = name: { destination ? "" }: src: pkgs.runCommand name {} /* sh */ '' PATH=${makeBinPath (with pkgs; [ binutils coreutils @@ -65,7 +65,7 @@ rec { writeEximConfig = name: text: pkgs.runCommand name { inherit text; passAsFile = [ "text" ]; - } '' + } /* sh */ '' # TODO validate exim config even with config.nix.useChroot == true # currently doing so will fail because "user exim was not found" #${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null @@ -121,7 +121,7 @@ rec { isExecutable = executables != {}; isLibrary = library != null; - cabal-file = pkgs.writeText "${name}-${version}.cabal" '' + cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ '' build-type: Simple cabal-version: >= 1.2 name: ${name} @@ -137,7 +137,7 @@ rec { , text , ... }: if types.filename.check exe-name - then "install -D ${file} $out/${relpath}" + then /* sh */ "install -D ${file} $out/${relpath}" else throw "argument ‘exe-name’ is not a ${types.filename.name}"; exe-section = @@ -147,7 +147,7 @@ rec { , file ? pkgs.writeText "${name}-${exe-name}.hs" text , relpath ? "${exe-name}.hs" , text - , ... }: '' + , ... }: /* cabal */ '' executable ${exe-name} build-depends: ${concatStringsSep "," build-depends} ghc-options: ${toString ghc-options} @@ -170,7 +170,7 @@ rec { { build-depends ? base-depends ++ extra-depends , extra-depends ? [] , exposed-modules - , ... }: '' + , ... }: /* cabal */ '' library build-depends: ${concatStringsSep "," build-depends} ghc-options: ${toString ghc-options} @@ -184,7 +184,7 @@ rec { , text , ... }: if types.haskell.modid.check mod-name - then "install -D ${file} $out/${relpath}" + then /* sh */ "install -D ${file} $out/${relpath}" else throw "argument ‘mod-name’ is not a ${types.haskell.modid.name}"; in haskellPackages.mkDerivation { @@ -198,7 +198,7 @@ rec { (optionals isLibrary (get-depends library)) haskellPackages; pname = name; - src = pkgs.runCommand "${name}-${version}-src" {} '' + src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ '' install -D ${cabal-file} $out/${cabal-file.name} ${optionalString isLibrary (lib-install library)} ${concatStringsSep "\n" (mapAttrsToList exe-install executables)} @@ -210,7 +210,7 @@ rec { "The function `writeNixFromCabal` has been deprecated in favour of" "`writeHaskell`." ]) - (name: path: pkgs.runCommand name {} '' + (name: path: pkgs.runCommand name {} /* sh */ '' ${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out ''); }