2022-06-12 00:40:15 +00:00
|
|
|
{ lib
|
2022-06-12 00:54:29 +00:00
|
|
|
, pkgs
|
2022-08-19 08:50:51 +00:00
|
|
|
, resholve
|
2022-06-12 00:40:15 +00:00
|
|
|
}:
|
|
|
|
|
2022-08-19 08:50:51 +00:00
|
|
|
# resholve documentation:
|
|
|
|
# - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md
|
|
|
|
# - generic: https://github.com/abathur/resholve
|
|
|
|
resholve.mkDerivation {
|
|
|
|
pname = "sane-scripts";
|
|
|
|
version = "0.1.0";
|
2022-06-12 00:40:15 +00:00
|
|
|
|
|
|
|
src = ./src;
|
|
|
|
|
2022-08-19 08:50:51 +00:00
|
|
|
solutions = {
|
|
|
|
default = {
|
2022-08-19 09:11:46 +00:00
|
|
|
# note: `scripts` refers to the store path here
|
2022-08-19 08:50:51 +00:00
|
|
|
scripts = [ "bin/*" ];
|
|
|
|
interpreter = "${pkgs.bash}/bin/bash";
|
|
|
|
inputs = with pkgs; [
|
|
|
|
coreutils
|
|
|
|
curl
|
2022-09-07 02:46:07 +00:00
|
|
|
file
|
2022-08-19 08:50:51 +00:00
|
|
|
findutils
|
|
|
|
gnugrep
|
2022-10-18 12:29:36 +00:00
|
|
|
gocryptfs
|
2022-08-19 08:50:51 +00:00
|
|
|
ifuse
|
2022-09-26 22:22:52 +00:00
|
|
|
inotify-tools
|
2022-08-19 09:26:59 +00:00
|
|
|
ncurses
|
2022-08-19 08:50:51 +00:00
|
|
|
oath-toolkit
|
|
|
|
openssh
|
|
|
|
rmlint
|
|
|
|
rsync
|
|
|
|
ssh-to-age
|
|
|
|
sops
|
|
|
|
sudo
|
2022-09-30 00:54:45 +00:00
|
|
|
util-linux
|
2022-08-19 08:50:51 +00:00
|
|
|
which
|
|
|
|
];
|
|
|
|
keep = {
|
|
|
|
# we write here: keep it
|
|
|
|
"/tmp/rmlint.sh" = true;
|
2022-08-19 09:01:27 +00:00
|
|
|
# intentionally escapes (into user code)
|
|
|
|
"$external_cmd" = true;
|
2022-08-19 08:50:51 +00:00
|
|
|
};
|
|
|
|
fake = {
|
|
|
|
external = [
|
|
|
|
# https://github.com/abathur/resholve/issues/29
|
|
|
|
"umount"
|
|
|
|
"sudo"
|
|
|
|
|
2022-10-24 15:21:53 +00:00
|
|
|
# these are used internally; probably a better fix
|
2022-08-19 08:50:51 +00:00
|
|
|
"sane-mount-servo"
|
2022-10-24 15:21:53 +00:00
|
|
|
"sane-private-unlock"
|
2022-08-19 08:50:51 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
# list of programs which *can* or *cannot* exec their arguments
|
2022-10-18 12:29:36 +00:00
|
|
|
execer = with pkgs; [
|
|
|
|
"cannot:${gocryptfs}/bin/gocryptfs"
|
|
|
|
"cannot:${ifuse}/bin/ifuse"
|
|
|
|
"cannot:${oath-toolkit}/bin/oathtool"
|
|
|
|
"cannot:${openssh}/bin/ssh-keygen"
|
|
|
|
"cannot:${rmlint}/bin/rmlint"
|
|
|
|
"cannot:${rsync}/bin/rsync"
|
|
|
|
"cannot:${sops}/bin/sops"
|
|
|
|
"cannot:${ssh-to-age}/bin/ssh-to-age"
|
2022-08-19 08:50:51 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
2022-06-12 00:40:15 +00:00
|
|
|
|
|
|
|
installPhase = ''
|
2022-08-19 09:11:46 +00:00
|
|
|
mkdir -p "$out/bin"
|
|
|
|
cp -R * "$out"/bin/
|
2022-06-12 00:40:15 +00:00
|
|
|
'';
|
|
|
|
|
|
|
|
meta = {
|
|
|
|
description = "collection of scripts associated with uninsane systems";
|
|
|
|
homepage = "https://git.uninsane.org";
|
|
|
|
platforms = lib.platforms.all;
|
|
|
|
};
|
|
|
|
}
|