Merge remote-tracking branch 'cd/master'
This commit is contained in:
commit
eb710a17e2
3
Makefile
3
Makefile
|
@ -13,6 +13,9 @@ system ?= $(HOSTNAME)
|
||||||
$(if $(system),,$(error unbound variable: system))
|
$(if $(system),,$(error unbound variable: system))
|
||||||
|
|
||||||
nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix
|
nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix
|
||||||
|
ifneq ($(words $(wildcard $(nixos-config))),1)
|
||||||
|
$(error bad nixos-config: $(nixos-config))
|
||||||
|
endif
|
||||||
|
|
||||||
# target = [target_user@]target_host[:target_port][/target_path]
|
# target = [target_user@]target_host[:target_port][/target_path]
|
||||||
ifdef target
|
ifdef target
|
||||||
|
|
|
@ -135,8 +135,7 @@ let
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStartPre = pkgs.writeScript "acng-init" ''
|
ExecStartPre = pkgs.writeDash "acng-init" ''
|
||||||
#!/bin/sh
|
|
||||||
mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
||||||
chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -121,8 +121,7 @@ let
|
||||||
"mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
|
"mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
|
||||||
"flock -n ${shell.escape plan.dst.path} rsync"
|
"flock -n ${shell.escape plan.dst.path} rsync"
|
||||||
];
|
];
|
||||||
in pkgs.writeScript "backup.${plan.name}" ''
|
in pkgs.writeBash "backup.${plan.name}" ''
|
||||||
#! ${pkgs.bash}/bin/bash
|
|
||||||
set -efu
|
set -efu
|
||||||
start_date=$(date +%s)
|
start_date=$(date +%s)
|
||||||
ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})
|
ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})
|
||||||
|
|
|
@ -109,8 +109,7 @@ let
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
|
|
||||||
ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
|
ExecStartPre = assert server.secretKey != ""; pkgs.writeDash "bepasty-server.${name}-init" ''
|
||||||
#!/bin/sh
|
|
||||||
mkdir -p "${server.dataDir}" "${server.workDir}"
|
mkdir -p "${server.dataDir}" "${server.workDir}"
|
||||||
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
|
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
|
||||||
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
|
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
|
||||||
|
|
|
@ -345,8 +345,7 @@ let
|
||||||
Type = "forking";
|
Type = "forking";
|
||||||
PIDFile = "${workdir}/twistd.pid";
|
PIDFile = "${workdir}/twistd.pid";
|
||||||
# TODO: maybe also prepare buildbot.tac?
|
# TODO: maybe also prepare buildbot.tac?
|
||||||
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||||
#!/bin/sh
|
|
||||||
set -efux
|
set -efux
|
||||||
if [ ! -e ${workdir} ];then
|
if [ ! -e ${workdir} ];then
|
||||||
mkdir -p ${workdir}
|
mkdir -p ${workdir}
|
||||||
|
|
|
@ -159,8 +159,7 @@ let
|
||||||
Type = "forking";
|
Type = "forking";
|
||||||
PIDFile = "${workdir}/twistd.pid";
|
PIDFile = "${workdir}/twistd.pid";
|
||||||
# TODO: maybe also prepare buildbot.tac?
|
# TODO: maybe also prepare buildbot.tac?
|
||||||
ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
|
ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
|
||||||
#!/bin/sh
|
|
||||||
set -efux
|
set -efux
|
||||||
mkdir -p ${workdir}/info
|
mkdir -p ${workdir}/info
|
||||||
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
|
||||||
|
|
|
@ -462,7 +462,7 @@ let
|
||||||
|
|
||||||
reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
|
reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
|
||||||
|
|
||||||
# TODO makeGitHooks that uses runCommand instead of scriptFarm?
|
# TODO use `writeOut`
|
||||||
scriptFarm =
|
scriptFarm =
|
||||||
farm-name: scripts:
|
farm-name: scripts:
|
||||||
let
|
let
|
||||||
|
|
|
@ -37,8 +37,7 @@ let
|
||||||
SyslogIdentifier = "github-hosts-sync";
|
SyslogIdentifier = "github-hosts-sync";
|
||||||
User = user.name;
|
User = user.name;
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
ExecStartPre = pkgs.writeScript "github-hosts-sync-init" ''
|
ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
|
||||||
#! /bin/sh
|
|
||||||
set -euf
|
set -euf
|
||||||
install -m 0711 -o ${user.name} -d ${cfg.dataDir}
|
install -m 0711 -o ${user.name} -d ${cfg.dataDir}
|
||||||
install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh
|
install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
arg@{ config, lib, pkgs, ... }:
|
arg@{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs) writeScript writeText;
|
inherit (pkgs) writeText;
|
||||||
|
|
||||||
inherit (builtins)
|
inherit (builtins)
|
||||||
elem
|
elem
|
||||||
|
@ -175,8 +175,7 @@ let
|
||||||
${buildTables iptables-version tables}
|
${buildTables iptables-version tables}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
startScript = writeScript "krebs-iptables_start" ''
|
startScript = pkgs.writeDash "krebs-iptables_start" ''
|
||||||
#! /bin/sh
|
|
||||||
set -euf
|
set -euf
|
||||||
iptables-restore < ${rules4 4}
|
iptables-restore < ${rules4 4}
|
||||||
ip6tables-restore < ${rules4 6}
|
ip6tables-restore < ${rules4 6}
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
with config.krebs.lib;
|
||||||
let
|
let
|
||||||
cfg = config.krebs.repo-sync;
|
cfg = config.krebs.repo-sync;
|
||||||
|
|
||||||
out = {
|
out = {
|
||||||
options.krebs.repo-sync = api;
|
options.krebs.repo-sync = api;
|
||||||
config = mkIf cfg.enable imp;
|
config = lib.mkIf cfg.enable imp;
|
||||||
};
|
};
|
||||||
|
|
||||||
api = {
|
api = {
|
||||||
|
@ -70,7 +70,7 @@ let
|
||||||
imp = {
|
imp = {
|
||||||
users.users.repo-sync = {
|
users.users.repo-sync = {
|
||||||
name = "repo-sync";
|
name = "repo-sync";
|
||||||
uid = config.krebs.lib.genid "repo-sync";
|
uid = genid "repo-sync";
|
||||||
description = "repo-sync user";
|
description = "repo-sync user";
|
||||||
home = cfg.stateDir;
|
home = cfg.stateDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
@ -95,9 +95,8 @@ let
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
PermissionsStartOnly = true;
|
PermissionsStartOnly = true;
|
||||||
ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
|
ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
|
||||||
#! /bin/sh
|
cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
||||||
cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
|
|
||||||
chown repo-sync ${cfg.stateDir}/ssh.priv
|
chown repo-sync ${cfg.stateDir}/ssh.priv
|
||||||
'';
|
'';
|
||||||
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
|
||||||
|
|
|
@ -159,13 +159,13 @@ let
|
||||||
PrivateKeyFile = ${cfg.privkey.path}
|
PrivateKeyFile = ${cfg.privkey.path}
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
"tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" ''
|
"tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" ''
|
||||||
${iproute}/sbin/ip link set ${cfg.netname} up
|
${iproute}/sbin/ip link set ${cfg.netname} up
|
||||||
${optionalString (net.ip4 != null) ''
|
${optionalString (net.ip4 != null) /* sh */ ''
|
||||||
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
|
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
|
||||||
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
|
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
|
||||||
''}
|
''}
|
||||||
${optionalString (net.ip6 != null) ''
|
${optionalString (net.ip6 != null) /* sh */ ''
|
||||||
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
|
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
|
||||||
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
|
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
|
||||||
''}
|
''}
|
||||||
|
|
|
@ -94,8 +94,7 @@ let
|
||||||
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
|
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
|
||||||
restart = "always";
|
restart = "always";
|
||||||
|
|
||||||
ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
|
ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
|
||||||
#!/bin/sh
|
|
||||||
mkdir -p "${internal_dir}" "${external_dir}"
|
mkdir -p "${internal_dir}" "${external_dir}"
|
||||||
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
if ! test -e "${cfg.workingDir}/internal/index.html"; then
|
||||||
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
|
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
|
||||||
|
@ -106,8 +105,7 @@ let
|
||||||
'';
|
'';
|
||||||
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
|
||||||
|
|
||||||
ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
|
ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
|
||||||
#!/bin/sh
|
|
||||||
# TODO: this may break if workingDir is set to something stupid
|
# TODO: this may break if workingDir is set to something stupid
|
||||||
# this is needed because homedir is created with 700
|
# this is needed because homedir is created with 700
|
||||||
chmod 755 "${cfg.workingDir}"
|
chmod 755 "${cfg.workingDir}"
|
||||||
|
|
|
@ -15,6 +15,16 @@ let out = rec {
|
||||||
|
|
||||||
addNames = mapAttrs addName;
|
addNames = mapAttrs addName;
|
||||||
|
|
||||||
|
guard = spec@{ type, value, ... }:
|
||||||
|
assert isOptionType type;
|
||||||
|
if type.check value
|
||||||
|
then value
|
||||||
|
else throw (toString (filter isString [
|
||||||
|
"argument"
|
||||||
|
(if spec ? name then "‘${spec.name}’" else null)
|
||||||
|
"is not a ${type.name}"
|
||||||
|
]));
|
||||||
|
|
||||||
types = import ./types.nix {
|
types = import ./types.nix {
|
||||||
inherit config;
|
inherit config;
|
||||||
lib = lib // { inherit genid optionalTrace; };
|
lib = lib // { inherit genid optionalTrace; };
|
||||||
|
@ -27,6 +37,11 @@ let out = rec {
|
||||||
shell = import ./shell.nix { inherit lib; };
|
shell = import ./shell.nix { inherit lib; };
|
||||||
tree = import ./tree.nix { inherit lib; };
|
tree = import ./tree.nix { inherit lib; };
|
||||||
|
|
||||||
|
lpad = n: c: s:
|
||||||
|
if stringLength s < n
|
||||||
|
then lpad n c (c + s)
|
||||||
|
else s;
|
||||||
|
|
||||||
toC = x: let
|
toC = x: let
|
||||||
type = typeOf x;
|
type = typeOf x;
|
||||||
reject = throw "cannot convert ${type}";
|
reject = throw "cannot convert ${type}";
|
||||||
|
@ -41,6 +56,8 @@ let out = rec {
|
||||||
mapAttrs (name: _: path + "/${name}")
|
mapAttrs (name: _: path + "/${name}")
|
||||||
(filterAttrs (_: eq "directory") (readDir path));
|
(filterAttrs (_: eq "directory") (readDir path));
|
||||||
|
|
||||||
|
genAttrs' = names: f: listToAttrs (map f names);
|
||||||
|
|
||||||
setAttr = name: value: set: set // { ${name} = value; };
|
setAttr = name: value: set: set // { ${name} = value; };
|
||||||
|
|
||||||
optionalTrace = c: msg: x: if c then trace msg x else x;
|
optionalTrace = c: msg: x: if c then trace msg x else x;
|
||||||
|
|
|
@ -163,7 +163,7 @@ types // rec {
|
||||||
secret-file = submodule ({ config, ... }: {
|
secret-file = submodule ({ config, ... }: {
|
||||||
options = {
|
options = {
|
||||||
path = mkOption { type = str; };
|
path = mkOption { type = str; };
|
||||||
mode = mkOption { type = str; default = "0400"; };
|
mode = mkOption { type = file-mode; default = "0400"; };
|
||||||
owner = mkOption {
|
owner = mkOption {
|
||||||
type = user;
|
type = user;
|
||||||
default = config.krebs.users.root;
|
default = config.krebs.users.root;
|
||||||
|
@ -239,7 +239,7 @@ types // rec {
|
||||||
check = let
|
check = let
|
||||||
IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
|
IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in
|
||||||
concatMapStringsSep "." (const d) (range 1 4);
|
concatMapStringsSep "." (const d) (range 1 4);
|
||||||
in x: match IPv4address x != null;
|
in x: isString x && match IPv4address x != null;
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
addr6 = mkOptionType {
|
addr6 = mkOptionType {
|
||||||
|
@ -247,7 +247,7 @@ types // rec {
|
||||||
check = let
|
check = let
|
||||||
# TODO check IPv6 address harder
|
# TODO check IPv6 address harder
|
||||||
IPv6address = "[0-9a-f.:]+";
|
IPv6address = "[0-9a-f.:]+";
|
||||||
in x: match IPv6address x != null;
|
in x: isString x && match IPv6address x != null;
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -293,6 +293,12 @@ types // rec {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
file-mode = mkOptionType {
|
||||||
|
name = "file mode";
|
||||||
|
check = x: isString x && match "[0-7]{4}" x != null;
|
||||||
|
merge = mergeOneOption;
|
||||||
|
};
|
||||||
|
|
||||||
haskell.conid = mkOptionType {
|
haskell.conid = mkOptionType {
|
||||||
name = "Haskell constructor identifier";
|
name = "Haskell constructor identifier";
|
||||||
check = x:
|
check = x:
|
||||||
|
@ -309,7 +315,7 @@ types // rec {
|
||||||
# RFC952, B. Lexical grammar, <hname>
|
# RFC952, B. Lexical grammar, <hname>
|
||||||
hostname = mkOptionType {
|
hostname = mkOptionType {
|
||||||
name = "hostname";
|
name = "hostname";
|
||||||
check = x: all label.check (splitString "." x);
|
check = x: isString x && all label.check (splitString "." x);
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -318,14 +324,15 @@ types // rec {
|
||||||
label = mkOptionType {
|
label = mkOptionType {
|
||||||
name = "label";
|
name = "label";
|
||||||
# TODO case-insensitive labels
|
# TODO case-insensitive labels
|
||||||
check = x: match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null;
|
check = x: isString x
|
||||||
|
&& match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null;
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
# POSIX.1‐2013, 3.278 Portable Filename Character Set
|
# POSIX.1‐2013, 3.278 Portable Filename Character Set
|
||||||
filename = mkOptionType {
|
filename = mkOptionType {
|
||||||
name = "POSIX filename";
|
name = "POSIX filename";
|
||||||
check = x: match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null;
|
check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null;
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -335,7 +342,7 @@ types // rec {
|
||||||
absolute-pathname = mkOptionType {
|
absolute-pathname = mkOptionType {
|
||||||
name = "POSIX absolute pathname";
|
name = "POSIX absolute pathname";
|
||||||
check = x: let xs = splitString "/" x; xa = head xs; in
|
check = x: let xs = splitString "/" x; xa = head xs; in
|
||||||
xa == "/" || (xa == "" && all filename.check (tail xs));
|
isString x && (xa == "/" || (xa == "" && all filename.check (tail xs)));
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -344,7 +351,7 @@ types // rec {
|
||||||
pathname = mkOptionType {
|
pathname = mkOptionType {
|
||||||
name = "POSIX pathname";
|
name = "POSIX pathname";
|
||||||
check = x: let xs = splitString "/" x; in
|
check = x: let xs = splitString "/" x; in
|
||||||
all filename.check (if head xs == "" then tail xs else xs);
|
isString x && all filename.check (if head xs == "" then tail xs else xs);
|
||||||
merge = mergeOneOption;
|
merge = mergeOneOption;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -74,8 +74,7 @@ rec {
|
||||||
};
|
};
|
||||||
|
|
||||||
nixos-version = buildSimpleReaktorPlugin "nixos-version" {
|
nixos-version = buildSimpleReaktorPlugin "nixos-version" {
|
||||||
script = pkgs.writeScript "nixos-version" ''
|
script = pkgs.writeDash "nixos-version" ''
|
||||||
#! /bin/sh
|
|
||||||
. /etc/os-release
|
. /etc/os-release
|
||||||
echo "$PRETTY_NAME"
|
echo "$PRETTY_NAME"
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -2,16 +2,16 @@
|
||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
rec {
|
rec {
|
||||||
execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let
|
execve = name: { filename, argv ? null, envp ? {}, destination ? "" }: let
|
||||||
in writeC name { inherit destination; } ''
|
in writeC name { inherit destination; } /* c */ ''
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
static char *const filename = ${toC filename};
|
static char *const filename = ${toC filename};
|
||||||
|
|
||||||
${if argv == null
|
${if argv == null
|
||||||
then /* Propagate arguments */ ''
|
then /* Propagate arguments */ /* c */ ''
|
||||||
#define MAIN_ARGS int argc, char **argv
|
#define MAIN_ARGS int argc, char **argv
|
||||||
''
|
''
|
||||||
else /* Provide fixed arguments */ ''
|
else /* Provide fixed arguments */ /* c */ ''
|
||||||
#define MAIN_ARGS void
|
#define MAIN_ARGS void
|
||||||
static char *const argv[] = ${toC (argv ++ [null])};
|
static char *const argv[] = ${toC (argv ++ [null])};
|
||||||
''}
|
''}
|
||||||
|
@ -28,22 +28,22 @@ rec {
|
||||||
|
|
||||||
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
|
execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; });
|
||||||
|
|
||||||
writeBash = name: text: pkgs.writeScript name ''
|
makeScriptWriter = interpreter: name: text:
|
||||||
#! ${pkgs.bash}/bin/bash
|
assert (with types; either absolute-pathname filename).check name;
|
||||||
${text}
|
pkgs.writeOut (baseNameOf name) {
|
||||||
'';
|
${optionalString (types.absolute-pathname.check name) name} = {
|
||||||
|
|
||||||
writeBashBin = name: text: pkgs.writeTextFile {
|
|
||||||
executable = true;
|
executable = true;
|
||||||
destination = "/bin/${name}";
|
text = "#! ${interpreter}\n${text}";
|
||||||
name = name;
|
};
|
||||||
text = ''
|
|
||||||
#! ${pkgs.bash}/bin/bash
|
|
||||||
${text}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} ''
|
writeBash = makeScriptWriter "${pkgs.bash}/bin/bash";
|
||||||
|
|
||||||
|
writeBashBin = name:
|
||||||
|
assert types.filename.check name;
|
||||||
|
pkgs.writeBash "/bin/${name}";
|
||||||
|
|
||||||
|
writeC = name: { destination ? "" }: src: pkgs.runCommand name {} /* sh */ ''
|
||||||
PATH=${makeBinPath (with pkgs; [
|
PATH=${makeBinPath (with pkgs; [
|
||||||
binutils
|
binutils
|
||||||
coreutils
|
coreutils
|
||||||
|
@ -56,37 +56,39 @@ rec {
|
||||||
strip --strip-unneeded "$exe"
|
strip --strip-unneeded "$exe"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
writeDash = name: text: pkgs.writeScript name ''
|
writeDash = makeScriptWriter "${pkgs.dash}/bin/dash";
|
||||||
#! ${pkgs.dash}/bin/dash
|
|
||||||
${text}
|
|
||||||
'';
|
|
||||||
|
|
||||||
writeDashBin = name: text: pkgs.writeTextFile {
|
writeDashBin = name:
|
||||||
executable = true;
|
assert types.filename.check name;
|
||||||
destination = "/bin/${name}";
|
pkgs.writeDash "/bin/${name}";
|
||||||
name = name;
|
|
||||||
text = ''
|
|
||||||
#! ${pkgs.dash}/bin/dash
|
|
||||||
${text}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
writeEximConfig = name: text: pkgs.runCommand name {
|
writeEximConfig = name: text: pkgs.runCommand name {
|
||||||
inherit text;
|
inherit text;
|
||||||
passAsFile = [ "text" ];
|
passAsFile = [ "text" ];
|
||||||
} ''
|
} /* sh */ ''
|
||||||
# TODO validate exim config even with config.nix.useChroot == true
|
# TODO validate exim config even with config.nix.useChroot == true
|
||||||
# currently doing so will fail because "user exim was not found"
|
# currently doing so will fail because "user exim was not found"
|
||||||
#${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null
|
#${pkgs.exim}/bin/exim -C "$textPath" -bV >/dev/null
|
||||||
mv "$textPath" $out
|
mv "$textPath" $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
writeFiles = name: specs0:
|
writeOut = name: specs0:
|
||||||
let
|
let
|
||||||
specs = mapAttrsToList (path: spec0: {
|
specs = mapAttrsToList (path0: spec0: rec {
|
||||||
path = assert types.pathname.check path; path;
|
path = guard {
|
||||||
|
type = types.pathname;
|
||||||
|
value = path0;
|
||||||
|
};
|
||||||
var = "file_${hashString "sha1" path}";
|
var = "file_${hashString "sha1" path}";
|
||||||
text = spec0.text;
|
text = spec0.text;
|
||||||
|
executable = guard {
|
||||||
|
type = types.bool;
|
||||||
|
value = spec0.executable or false;
|
||||||
|
};
|
||||||
|
mode = guard {
|
||||||
|
type = types.file-mode;
|
||||||
|
value = spec0.mode or (if executable then "0755" else "0644");
|
||||||
|
};
|
||||||
}) specs0;
|
}) specs0;
|
||||||
|
|
||||||
filevars = genAttrs' specs (spec: nameValuePair spec.var spec.text);
|
filevars = genAttrs' specs (spec: nameValuePair spec.var spec.text);
|
||||||
|
@ -97,7 +99,7 @@ rec {
|
||||||
set -efu
|
set -efu
|
||||||
PATH=${makeBinPath [pkgs.coreutils]}
|
PATH=${makeBinPath [pkgs.coreutils]}
|
||||||
${concatMapStrings (spec: /* sh */ ''
|
${concatMapStrings (spec: /* sh */ ''
|
||||||
install -D ''$${spec.var}Path $out${spec.path}
|
install -m ${spec.mode} -D ''$${spec.var}Path $out${spec.path}
|
||||||
'') specs}
|
'') specs}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
@ -119,7 +121,7 @@ rec {
|
||||||
isExecutable = executables != {};
|
isExecutable = executables != {};
|
||||||
isLibrary = library != null;
|
isLibrary = library != null;
|
||||||
|
|
||||||
cabal-file = pkgs.writeText "${name}-${version}.cabal" ''
|
cabal-file = pkgs.writeText "${name}-${version}.cabal" /* cabal */ ''
|
||||||
build-type: Simple
|
build-type: Simple
|
||||||
cabal-version: >= 1.2
|
cabal-version: >= 1.2
|
||||||
name: ${name}
|
name: ${name}
|
||||||
|
@ -135,7 +137,7 @@ rec {
|
||||||
, text
|
, text
|
||||||
, ... }:
|
, ... }:
|
||||||
if types.filename.check exe-name
|
if types.filename.check exe-name
|
||||||
then "install -D ${file} $out/${relpath}"
|
then /* sh */ "install -D ${file} $out/${relpath}"
|
||||||
else throw "argument ‘exe-name’ is not a ${types.filename.name}";
|
else throw "argument ‘exe-name’ is not a ${types.filename.name}";
|
||||||
|
|
||||||
exe-section =
|
exe-section =
|
||||||
|
@ -145,7 +147,7 @@ rec {
|
||||||
, file ? pkgs.writeText "${name}-${exe-name}.hs" text
|
, file ? pkgs.writeText "${name}-${exe-name}.hs" text
|
||||||
, relpath ? "${exe-name}.hs"
|
, relpath ? "${exe-name}.hs"
|
||||||
, text
|
, text
|
||||||
, ... }: ''
|
, ... }: /* cabal */ ''
|
||||||
executable ${exe-name}
|
executable ${exe-name}
|
||||||
build-depends: ${concatStringsSep "," build-depends}
|
build-depends: ${concatStringsSep "," build-depends}
|
||||||
ghc-options: ${toString ghc-options}
|
ghc-options: ${toString ghc-options}
|
||||||
|
@ -168,7 +170,7 @@ rec {
|
||||||
{ build-depends ? base-depends ++ extra-depends
|
{ build-depends ? base-depends ++ extra-depends
|
||||||
, extra-depends ? []
|
, extra-depends ? []
|
||||||
, exposed-modules
|
, exposed-modules
|
||||||
, ... }: ''
|
, ... }: /* cabal */ ''
|
||||||
library
|
library
|
||||||
build-depends: ${concatStringsSep "," build-depends}
|
build-depends: ${concatStringsSep "," build-depends}
|
||||||
ghc-options: ${toString ghc-options}
|
ghc-options: ${toString ghc-options}
|
||||||
|
@ -182,7 +184,7 @@ rec {
|
||||||
, text
|
, text
|
||||||
, ... }:
|
, ... }:
|
||||||
if types.haskell.modid.check mod-name
|
if types.haskell.modid.check mod-name
|
||||||
then "install -D ${file} $out/${relpath}"
|
then /* sh */ "install -D ${file} $out/${relpath}"
|
||||||
else throw "argument ‘mod-name’ is not a ${types.haskell.modid.name}";
|
else throw "argument ‘mod-name’ is not a ${types.haskell.modid.name}";
|
||||||
in
|
in
|
||||||
haskellPackages.mkDerivation {
|
haskellPackages.mkDerivation {
|
||||||
|
@ -196,7 +198,7 @@ rec {
|
||||||
(optionals isLibrary (get-depends library))
|
(optionals isLibrary (get-depends library))
|
||||||
haskellPackages;
|
haskellPackages;
|
||||||
pname = name;
|
pname = name;
|
||||||
src = pkgs.runCommand "${name}-${version}-src" {} ''
|
src = pkgs.runCommand "${name}-${version}-src" {} /* sh */ ''
|
||||||
install -D ${cabal-file} $out/${cabal-file.name}
|
install -D ${cabal-file} $out/${cabal-file.name}
|
||||||
${optionalString isLibrary (lib-install library)}
|
${optionalString isLibrary (lib-install library)}
|
||||||
${concatStringsSep "\n" (mapAttrsToList exe-install executables)}
|
${concatStringsSep "\n" (mapAttrsToList exe-install executables)}
|
||||||
|
@ -208,7 +210,7 @@ rec {
|
||||||
"The function `writeNixFromCabal` has been deprecated in favour of"
|
"The function `writeNixFromCabal` has been deprecated in favour of"
|
||||||
"`writeHaskell`."
|
"`writeHaskell`."
|
||||||
])
|
])
|
||||||
(name: path: pkgs.runCommand name {} ''
|
(name: path: pkgs.runCommand name {} /* sh */ ''
|
||||||
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
|
${pkgs.cabal2nix}/bin/cabal2nix ${path} > $out
|
||||||
'');
|
'');
|
||||||
}
|
}
|
||||||
|
|
|
@ -101,8 +101,7 @@ let
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
|
||||||
irc-announce-script = pkgs.writeScript "irc-announce-script" ''
|
irc-announce-script = pkgs.writeDash "irc-announce-script" ''
|
||||||
#! /bin/sh
|
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ lib, pkgs, ... }:
|
{ lib, pkgs, ... }:
|
||||||
|
|
||||||
pkgs.writeScriptBin "hashPassword" ''
|
pkgs.writeDashBin "hashPassword" ''
|
||||||
#! /bin/sh
|
|
||||||
# usage: hashPassword
|
# usage: hashPassword
|
||||||
set -euf
|
set -euf
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ writeScriptBin, pkgs }:
|
{ writeDashBin, bepasty-client-cli }:
|
||||||
|
|
||||||
# TODO: use `wrapProgram --add-flags` instead?
|
# TODO use `execve` instead?
|
||||||
writeScriptBin "krebspaste" ''
|
writeDashBin "krebspaste" ''
|
||||||
#! /bin/sh
|
exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
|
||||||
exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
|
|
||||||
''
|
''
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ writeScriptBin }:
|
{ writeDashBin }:
|
||||||
|
|
||||||
writeScriptBin "pssh" ''
|
writeDashBin "pssh" ''
|
||||||
#! /bin/sh
|
|
||||||
set -efu
|
set -efu
|
||||||
case ''${1-} in
|
case ''${1-} in
|
||||||
|
|
||||||
|
|
|
@ -47,8 +47,7 @@ with config.krebs.lib;
|
||||||
boot.tmpOnTmpfs = true;
|
boot.tmpOnTmpfs = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
(writeScriptBin "play" ''
|
(writeDashBin "play" ''
|
||||||
#! /bin/sh
|
|
||||||
set -euf
|
set -euf
|
||||||
mpv() { exec ${mpv}/bin/mpv "$@"; }
|
mpv() { exec ${mpv}/bin/mpv "$@"; }
|
||||||
case $1 in
|
case $1 in
|
||||||
|
|
|
@ -26,8 +26,7 @@ with config.krebs.lib;
|
||||||
hashPassword
|
hashPassword
|
||||||
haskellPackages.lentil
|
haskellPackages.lentil
|
||||||
parallel
|
parallel
|
||||||
(pkgs.writeScriptBin "im" ''
|
(pkgs.writeBashBin "im" ''
|
||||||
#! ${pkgs.bash}/bin/bash
|
|
||||||
export PATH=${makeSearchPath "bin" (with pkgs; [
|
export PATH=${makeSearchPath "bin" (with pkgs; [
|
||||||
tmux
|
tmux
|
||||||
gnugrep
|
gnugrep
|
||||||
|
|
|
@ -67,8 +67,7 @@ in
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkg}/bin/pulseaudio";
|
ExecStart = "${pkg}/bin/pulseaudio";
|
||||||
ExecStartPre = pkgs.writeScript "pulse-start" ''
|
ExecStartPre = pkgs.writeDash "pulse-start" ''
|
||||||
#! /bin/sh
|
|
||||||
install -o pulse -g pulse -m 0750 -d ${runDir}
|
install -o pulse -g pulse -m 0750 -d ${runDir}
|
||||||
install -o pulse -g pulse -m 0700 -d ${runDir}/home
|
install -o pulse -g pulse -m 0700 -d ${runDir}/home
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -211,9 +211,8 @@ let
|
||||||
nix.vim = pkgs.writeText "nix.vim" ''
|
nix.vim = pkgs.writeText "nix.vim" ''
|
||||||
setf nix
|
setf nix
|
||||||
|
|
||||||
syn match NixCode /./
|
|
||||||
|
|
||||||
" Ref <nix/src/libexpr/lexer.l>
|
" Ref <nix/src/libexpr/lexer.l>
|
||||||
|
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
|
||||||
syn match NixINT /\<[0-9]\+\>/
|
syn match NixINT /\<[0-9]\+\>/
|
||||||
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||||
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
|
||||||
|
@ -230,7 +229,7 @@ let
|
||||||
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||||
\ end="'''"
|
\ end="'''"
|
||||||
|
|
||||||
syn cluster NixStrings contains=NixSTRING,NixIND_STRING
|
syn match NixOther /[():/;=.,?\[\]]/
|
||||||
|
|
||||||
syn match NixCommentMatch /\(^\|\s\)#.*/
|
syn match NixCommentMatch /\(^\|\s\)#.*/
|
||||||
syn region NixCommentRegion start="/\*" end="\*/"
|
syn region NixCommentRegion start="/\*" end="\*/"
|
||||||
|
@ -241,6 +240,7 @@ let
|
||||||
|
|
||||||
hi link NixCommentMatch NixComment
|
hi link NixCommentMatch NixComment
|
||||||
hi link NixCommentRegion NixComment
|
hi link NixCommentRegion NixComment
|
||||||
|
hi link NixID NixCode
|
||||||
hi link NixINT NixData
|
hi link NixINT NixData
|
||||||
hi link NixPATH NixData
|
hi link NixPATH NixData
|
||||||
hi link NixHPATH NixData
|
hi link NixHPATH NixData
|
||||||
|
@ -250,12 +250,12 @@ let
|
||||||
hi link NixIND_STRING NixData
|
hi link NixIND_STRING NixData
|
||||||
|
|
||||||
hi link NixEnter NixCode
|
hi link NixEnter NixCode
|
||||||
hi link NixExit NixData
|
hi link NixOther NixCode
|
||||||
hi link NixQuote NixData
|
hi link NixQuote NixData
|
||||||
hi link NixQuote2 NixQuote
|
|
||||||
hi link NixQuote3 NixQuote
|
|
||||||
|
|
||||||
syn cluster NixSubLangs contains=NONE
|
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
|
||||||
|
syn cluster nix_ind_strings contains=NixIND_STRING
|
||||||
|
syn cluster nix_strings contains=NixSTRING
|
||||||
|
|
||||||
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
|
${concatStringsSep "\n" (mapAttrsToList (lang: { extraStart ? null }: let
|
||||||
startAlts = filter isString [
|
startAlts = filter isString [
|
||||||
|
@ -269,27 +269,35 @@ let
|
||||||
|
|
||||||
syn match nix_${lang}_sigil
|
syn match nix_${lang}_sigil
|
||||||
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
|
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
|
||||||
\ nextgroup=nix_${lang}_region
|
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
|
||||||
\ transparent
|
\ transparent
|
||||||
|
|
||||||
syn region nix_${lang}_region
|
syn region nix_${lang}_region_STRING
|
||||||
\ matchgroup=NixSTRING
|
\ matchgroup=NixSTRING
|
||||||
\ start='"'
|
\ start='"'
|
||||||
\ skip='\\"'
|
\ skip='\\"'
|
||||||
\ end='"'
|
\ end='"'
|
||||||
\ contained
|
\ contained
|
||||||
\ contains=@nix_${lang}_syntax
|
\ contains=@nix_${lang}_syntax
|
||||||
|
\ transparent
|
||||||
|
|
||||||
syn region nix_${lang}_region
|
syn region nix_${lang}_region_IND_STRING
|
||||||
\ matchgroup=NixIND_STRING
|
\ matchgroup=NixIND_STRING
|
||||||
\ start="'''"
|
\ start="'''"
|
||||||
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
\ skip="'''\('\|[$]\|\\[nrt]\)"
|
||||||
\ end="'''"
|
\ end="'''"
|
||||||
\ contained
|
\ contained
|
||||||
\ contains=@nix_${lang}_syntax
|
\ contains=@nix_${lang}_syntax
|
||||||
|
\ transparent
|
||||||
|
|
||||||
syn cluster NixSubLangs
|
syn cluster nix_ind_strings
|
||||||
\ add=nix_${lang}_region,@nix_${lang}_syntax
|
\ add=nix_${lang}_region_IND_STRING
|
||||||
|
|
||||||
|
syn cluster nix_strings
|
||||||
|
\ add=nix_${lang}_region_STRING
|
||||||
|
|
||||||
|
syn cluster nix_has_dollar_curly
|
||||||
|
\ add=@nix_${lang}_syntax
|
||||||
'') {
|
'') {
|
||||||
c = {};
|
c = {};
|
||||||
cabal = {};
|
cabal = {};
|
||||||
|
@ -299,26 +307,32 @@ let
|
||||||
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
|
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
|
||||||
})}
|
})}
|
||||||
|
|
||||||
" Clear syntax that interferes with NixBlock.
|
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
|
||||||
" TODO redefine NixBlock so syntax don't have to be cleared
|
syn clear shVarAssign
|
||||||
syn clear shOperator shSetList shVarAssign
|
|
||||||
|
|
||||||
syn region NixBlock
|
syn region nixINSIDE_DOLLAR_CURLY
|
||||||
\ matchgroup=NixEnter
|
\ matchgroup=NixEnter
|
||||||
\ start="[$]{"
|
\ start="[$]{"
|
||||||
\ end="}"
|
\ end="}"
|
||||||
\ contains=TOP
|
\ contains=TOP
|
||||||
\ containedin=@NixSubLangs,@NixStrings
|
\ containedin=@nix_has_dollar_curly
|
||||||
|
\ transparent
|
||||||
|
|
||||||
syn region NixBlockHack
|
syn region nix_inside_curly
|
||||||
\ matchgroup=NixEnter
|
\ matchgroup=NixEnter
|
||||||
\ start="{"
|
\ start="{"
|
||||||
\ end="}"
|
\ end="}"
|
||||||
\ contains=TOP
|
\ contains=TOP
|
||||||
|
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
|
||||||
|
\ transparent
|
||||||
|
|
||||||
syn match NixQuote "'''[$]"he=e-1 contained containedin=@NixSubLangs
|
syn match NixQuote /'''\([''$']\|\\.\)/he=s+2
|
||||||
syn match NixQuote2 "''''"he=s+1 contained containedin=@NixSubLangs
|
\ containedin=@nix_ind_strings
|
||||||
syn match NixQuote3 "'''\\[nrt]" contained containedin=@NixSubLangs
|
\ contained
|
||||||
|
|
||||||
|
syn match NixQuote /\\./he=s+1
|
||||||
|
\ containedin=@nix_strings
|
||||||
|
\ contained
|
||||||
|
|
||||||
syn sync fromstart
|
syn sync fromstart
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,7 @@
|
||||||
{
|
{
|
||||||
nixpkgs.config.packageOverrides = {
|
nixpkgs.config.packageOverrides = {
|
||||||
# TODO use XDG_RUNTIME_DIR?
|
# TODO use XDG_RUNTIME_DIR?
|
||||||
cr = pkgs.writeScriptBin "cr" ''
|
cr = pkgs.writeDashBin "cr" ''
|
||||||
#! /bin/sh
|
|
||||||
set -efu
|
set -efu
|
||||||
export LC_TIME=de_DE.utf8
|
export LC_TIME=de_DE.utf8
|
||||||
exec ${pkgs.chromium}/bin/chromium \
|
exec ${pkgs.chromium}/bin/chromium \
|
||||||
|
|
Loading…
Reference in a new issue