refactor: use lib.getExe where applicable
This commit is contained in:
@@ -22,7 +22,7 @@ let
|
||||
_bitcoindWithExternalIp = pkgs.writeShellScriptBin "bitcoind" ''
|
||||
set -xeu
|
||||
externalip="$(cat /var/lib/tor/onion/bitcoind/hostname)"
|
||||
exec ${bitcoind}/bin/bitcoind "-externalip=$externalip" "$@"
|
||||
exec ${lib.getExe' bitcoind "bitcoind"} "-externalip=$externalip" "$@"
|
||||
'';
|
||||
# the package i provide to services.bitcoind ends up on system PATH, and used by other tools like clightning.
|
||||
# therefore, even though services.bitcoind only needs `bitcoind` binary, provide all the other bitcoin-related binaries (notably `bitcoin-cli`) as well:
|
||||
|
||||
@@ -124,7 +124,7 @@
|
||||
# peerswap:
|
||||
# - config example: <https://github.com/fort-nix/nix-bitcoin/pull/462/files#diff-b357d832705b8ce8df1f41934d613f79adb77c4cd5cd9e9eb12a163fca3e16c6>
|
||||
# XXX: peerswap crashes clightning on launch. stacktrace is useless.
|
||||
# plugin={pkgs.peerswap}/bin/peerswap
|
||||
# plugin={lib.getExe' pkgs.peerswap "peerswap"}
|
||||
# peerswap-db-path=/var/lib/clightning/peerswap/swaps
|
||||
# peerswap-policy-path=...
|
||||
'';
|
||||
|
||||
@@ -457,13 +457,12 @@ lib.mkIf false
|
||||
mod_version = {};
|
||||
};
|
||||
});
|
||||
sed = "${pkgs.gnused}/bin/sed";
|
||||
in ''
|
||||
ip=$(cat '${config.sane.services.dyn-dns.ipPath}')
|
||||
# config is 444 (not 644), so we want to write out-of-place and then atomically move
|
||||
# TODO: factor this out into `sane-woop` helper?
|
||||
rm -f /var/lib/ejabberd/ejabberd.yaml.new
|
||||
${sed} "s/%ANATIVE%/$ip/g" ${config-in} > /var/lib/ejabberd/ejabberd.yaml.new
|
||||
${lib.getExe pkgs.gnused} "s/%ANATIVE%/$ip/g" ${config-in} > /var/lib/ejabberd/ejabberd.yaml.new
|
||||
mv /var/lib/ejabberd/ejabberd.yaml{.new,}
|
||||
'';
|
||||
|
||||
|
||||
@@ -141,7 +141,7 @@ in
|
||||
};
|
||||
data_provider = {
|
||||
driver = "memory";
|
||||
external_auth_hook = "${external_auth_hook}/bin/external_auth_hook";
|
||||
external_auth_hook = lib.getExe external_auth_hook;
|
||||
# track_quota:
|
||||
# - 0: disable quota tracking
|
||||
# - 1: quota is updated on every upload/delete, even if user has no quota restriction
|
||||
|
||||
@@ -86,7 +86,7 @@
|
||||
ENABLED = true;
|
||||
FROM = "notify.git@uninsane.org";
|
||||
PROTOCOL = "sendmail";
|
||||
SENDMAIL_PATH = "${pkgs.postfix}/bin/sendmail";
|
||||
SENDMAIL_PATH = lib.getExe' pkgs.postfix "sendmail";
|
||||
SENDMAIL_ARGS = "--"; # most "sendmail" programs take options, "--" will prevent an email address being interpreted as an option.
|
||||
};
|
||||
time = {
|
||||
|
||||
@@ -11,7 +11,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used it in several mon
|
||||
description = "GoAccess server monitoring";
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.goaccess}/bin/goaccess \
|
||||
${lib.getExe pkgs.goaccess} \
|
||||
-f /var/log/nginx/public.log \
|
||||
--log-format=VCOMBINED \
|
||||
--real-time-html \
|
||||
@@ -23,7 +23,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used it in several mon
|
||||
--port=7890 \
|
||||
-o /var/lib/goaccess/index.html
|
||||
'';
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
ExecReload = "${lib.getExe' pkgs.coreutils "kill"} -HUP $MAINPID";
|
||||
Type = "simple";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
|
||||
@@ -18,7 +18,7 @@ in
|
||||
serviceConfig.ExecStartPre = [ "${lib.getExe pkgs.sane-scripts.ip-check} --no-upnp --expect ${config.sane.netns.ovpns.netnsPubIpv4}" ]; # abort if public IP is not as expected
|
||||
# patch in `--ListenPublic` so that it's reachable from the netns veth.
|
||||
# this also makes it reachable from the VPN pub address. oh well.
|
||||
serviceConfig.ExecStart = lib.mkForce "${cfg.package}/bin/Jackett --ListenPublic --NoUpdates --DataFolder '${cfg.dataDir}'";
|
||||
serviceConfig.ExecStart = lib.mkForce "${lib.getExe' cfg.package "Jackett"} --ListenPublic --NoUpdates --DataFolder '${cfg.dataDir}'";
|
||||
serviceConfig.RestartSec = "30s";
|
||||
|
||||
# hardening (systemd-analyze security jackett)
|
||||
|
||||
@@ -144,7 +144,7 @@ in {
|
||||
# CLI args: <https://git.asonix.dog/asonix/pict-rs#user-content-running>
|
||||
systemd.services.pict-rs = {
|
||||
serviceConfig.ExecStart = lib.mkForce (lib.concatStringsSep " " [
|
||||
"${lib.getBin pict-rs}/bin/pict-rs run"
|
||||
(lib.getExe pict-rs)
|
||||
"--media-video-max-frame-count" (builtins.toString (30*60*60))
|
||||
"--media-process-timeout 120"
|
||||
"--media-video-allow-audio" # allow audio
|
||||
|
||||
@@ -71,20 +71,20 @@ in
|
||||
];
|
||||
|
||||
systemd.services.matrix-synapse.postStart = lib.optionalString ntfy ''
|
||||
ACCESS_TOKEN=$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.matrix_access_token.path})
|
||||
TOPIC=$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.ntfy-sh-topic.path})
|
||||
ACCESS_TOKEN=$(${lib.getExe' pkgs.coreutils "cat"} ${config.sops.secrets.matrix_access_token.path})
|
||||
TOPIC=$(${lib.getExe' pkgs.coreutils "cat"} ${config.sops.secrets.ntfy-sh-topic.path})
|
||||
|
||||
echo "ensuring ntfy push gateway"
|
||||
${pkgs.curl}/bin/curl \
|
||||
${lib.getExe pkgs.curl} \
|
||||
--header "Authorization: Bearer $ACCESS_TOKEN" \
|
||||
--data "{ \"app_display_name\": \"ntfy-adapter\", \"app_id\": \"ntfy.uninsane.org\", \"data\": { \"url\": \"https://ntfy.uninsane.org/_matrix/push/v1/notify\", \"format\": \"event_id_only\" }, \"device_display_name\": \"ntfy-adapter\", \"kind\": \"http\", \"lang\": \"en-US\", \"profile_tag\": \"\", \"pushkey\": \"$TOPIC\" }" \
|
||||
localhost:8008/_matrix/client/v3/pushers/set
|
||||
|
||||
echo "registered push gateways:"
|
||||
${pkgs.curl}/bin/curl \
|
||||
${lib.getExe pkgs.curl} \
|
||||
--header "Authorization: Bearer $ACCESS_TOKEN" \
|
||||
localhost:8008/_matrix/client/v3/pushers \
|
||||
| ${pkgs.jq}/bin/jq .
|
||||
| ${lib.getExe pkgs.jq} .
|
||||
'';
|
||||
|
||||
|
||||
|
||||
@@ -235,7 +235,7 @@ in
|
||||
# to accept it.
|
||||
system.activationScripts.generate-x509-self-signed.text = ''
|
||||
mkdir -p /var/www/certs/wildcard
|
||||
test -f /var/www/certs/wildcard/key.pem || ${pkgs.openssl}/bin/openssl \
|
||||
test -f /var/www/certs/wildcard/key.pem || ${lib.getExe pkgs.openssl} \
|
||||
req -x509 -newkey rsa:4096 \
|
||||
-keyout /var/www/certs/wildcard/key.pem \
|
||||
-out /var/www/certs/wildcard/cert.pem \
|
||||
|
||||
@@ -59,7 +59,7 @@ lib.mkIf false #< 2024/09/30: disabled because i haven't used it in several mon
|
||||
# note that this will fail upon first run, i.e. before ntfy has created its db.
|
||||
# just restart the service.
|
||||
topic=$(cat ${config.sops.secrets.ntfy-sh-topic.path})
|
||||
${pkgs.ntfy-sh}/bin/ntfy access everyone "$topic" read-write
|
||||
${lib.getExe' pkgs.ntfy-sh "ntfy"} access everyone "$topic" read-write
|
||||
'';
|
||||
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ let
|
||||
silence = port - portLow;
|
||||
flags = lib.optional cfg.verbose "--verbose";
|
||||
cli = [
|
||||
"${cfg.package}/bin/ntfy-waiter"
|
||||
(lib.getExe cfg.package)
|
||||
"--port"
|
||||
"${builtins.toString port}"
|
||||
"--silence"
|
||||
|
||||
@@ -46,7 +46,7 @@ in
|
||||
config :pleroma, Pleroma.Emails.Mailer,
|
||||
enabled: true,
|
||||
adapter: Swoosh.Adapters.Sendmail,
|
||||
cmd_path: "${pkgs.postfix}/bin/sendmail"
|
||||
cmd_path: "${lib.getExe' pkgs.postfix "sendmail"}"
|
||||
|
||||
config :pleroma, Pleroma.User,
|
||||
restricted_nicknames: [ "admin", "uninsane", "root" ]
|
||||
|
||||
@@ -279,7 +279,7 @@ in
|
||||
-- s2s_require_encryption = true
|
||||
-- c2s_require_encryption = true
|
||||
'' + lib.optionalString config.services.ntfy-sh.enable ''
|
||||
ntfy_binary = "${pkgs.ntfy-sh}/bin/ntfy"
|
||||
ntfy_binary = "${lib.getExe' pkgs.ntfy-sh "ntfy"}"
|
||||
ntfy_topic = readAll("/run/secrets/ntfy-sh-topic")
|
||||
'';
|
||||
};
|
||||
|
||||
@@ -104,7 +104,7 @@ in
|
||||
# - TR_TORRENT_NAME - Name of torrent (not filename)
|
||||
# - TR_TORRENT_TRACKERS - A comma-delimited list of the torrent's trackers' announce URLs
|
||||
script-torrent-done-enabled = true;
|
||||
script-torrent-done-filename = "${torrent-done}/bin/torrent-done";
|
||||
script-torrent-done-filename = lib.getExe torrent-done;
|
||||
};
|
||||
|
||||
systemd.services.transmission = {
|
||||
@@ -138,7 +138,7 @@ in
|
||||
systemd.services.backup-torrents = {
|
||||
description = "archive torrents to storage not owned by transmission";
|
||||
script = ''
|
||||
${pkgs.rsync}/bin/rsync -arv /var/lib/transmission/.config/transmission-daemon/torrents/ /var/backup/torrents/
|
||||
${lib.getExe pkgs.rsync} -arv /var/lib/transmission/.config/transmission-daemon/torrents/ /var/backup/torrents/
|
||||
'';
|
||||
};
|
||||
systemd.timers.backup-torrents = {
|
||||
|
||||
@@ -3,13 +3,12 @@
|
||||
boot.initrd.supportedFilesystems = [ "ext4" "btrfs" "ext2" "ext3" "vfat" ];
|
||||
# useful emergency utils
|
||||
boot.initrd.extraUtilsCommands = ''
|
||||
copy_bin_and_libs ${pkgs.btrfs-progs}/bin/btrfstune
|
||||
copy_bin_and_libs ${pkgs.util-linux}/bin/{cfdisk,lsblk,lscpu}
|
||||
copy_bin_and_libs ${pkgs.gptfdisk}/bin/{cgdisk,gdisk}
|
||||
copy_bin_and_libs ${pkgs.smartmontools}/bin/smartctl
|
||||
copy_bin_and_libs ${pkgs.e2fsprogs}/bin/resize2fs
|
||||
'' + lib.optionalString pkgs.stdenv.hostPlatform.isx86_64 ''
|
||||
copy_bin_and_libs ${pkgs.nvme-cli}/bin/nvme # doesn't cross compile
|
||||
copy_bin_and_libs ${lib.getExe' pkgs.btrfs-progs "btrfstune"}
|
||||
copy_bin_and_libs ${lib.getExe' pkgs.util-linux "{cfdisk,lsblk,lscpu}"}
|
||||
copy_bin_and_libs ${lib.getExe' pkgs.gptfdisk "{cgdisk,gdisk}"}
|
||||
copy_bin_and_libs ${lib.getExe' pkgs.smartmontools "smartctl"}
|
||||
copy_bin_and_libs ${lib.getExe' pkgs.e2fsprogs "resize2fs"}
|
||||
copy_bin_and_libs ${lib.getExe pkgs.nvme-cli}
|
||||
'';
|
||||
boot.kernelParams = [
|
||||
"boot.shell_on_fail"
|
||||
|
||||
@@ -58,14 +58,14 @@ let
|
||||
mkdir -p $out/share/applications
|
||||
for i in $(cat $pathsPath); do
|
||||
if [ -e "$i/share/applications" ]; then
|
||||
${pkgs.buildPackages.xorg.lndir}/bin/lndir -silent $i/share/applications $out/share/applications
|
||||
${lib.getExe pkgs.buildPackages.xorg.lndir} -silent $i/share/applications $out/share/applications
|
||||
fi
|
||||
done
|
||||
runHook postBuild
|
||||
'';
|
||||
postBuild = ''
|
||||
# rebuild `mimeinfo.cache`, used by file openers to show the list of *all* apps, not just the user's defaults.
|
||||
${pkgs.buildPackages.desktop-file-utils}/bin/update-desktop-database $out/share/applications
|
||||
${lib.getExe' pkgs.buildPackages.desktop-file-utils "update-desktop-database"} $out/share/applications
|
||||
'';
|
||||
});
|
||||
|
||||
|
||||
@@ -59,13 +59,13 @@ in
|
||||
networking.firewall.extraCommands = lib.mkIf cfg.enabled (with pkgs; ''
|
||||
# after an outgoing mDNS query to the multicast address, open FW for incoming responses.
|
||||
# ipset -! means "don't fail if set already exists"
|
||||
${ipset}/bin/ipset create -! mdns hash:ip,port timeout 10
|
||||
${iptables}/bin/iptables -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 5353 -j SET --add-set mdns src,src --exist
|
||||
${iptables}/bin/iptables -A INPUT -p udp -m set --match-set mdns dst,dst -j ACCEPT
|
||||
${lib.getExe' ipset "ipset"} create -! mdns hash:ip,port timeout 10
|
||||
${lib.getExe' iptables "iptables"} -A OUTPUT -d 239.255.255.250/32 -p udp -m udp --dport 5353 -j SET --add-set mdns src,src --exist
|
||||
${lib.getExe' iptables "iptables"} -A INPUT -p udp -m set --match-set mdns dst,dst -j ACCEPT
|
||||
# IPv6 ruleset. ff02::/16 means *any* link-local multicast group (so this is probably more broad than it needs to be)
|
||||
${ipset}/bin/ipset create -! mdns6 hash:ip,port timeout 10 family inet6
|
||||
${iptables}/bin/ip6tables -A OUTPUT -d ff02::/16 -p udp -m udp --dport 5353 -j SET --add-set mdns6 src,src --exist
|
||||
${iptables}/bin/ip6tables -A INPUT -p udp -m set --match-set mdns6 dst,dst -j ACCEPT
|
||||
${lib.getExe' ipset "ipset"} create -! mdns6 hash:ip,port timeout 10 family inet6
|
||||
${lib.getExe' iptables "ip6tables"} -A OUTPUT -d ff02::/16 -p udp -m udp --dport 5353 -j SET --add-set mdns6 src,src --exist
|
||||
${lib.getExe' iptables "ip6tables"} -A INPUT -p udp -m set --match-set mdns6 dst,dst -j ACCEPT
|
||||
'');
|
||||
|
||||
systemd.services.avahi-daemon = lib.mkIf cfg.enabled {
|
||||
|
||||
@@ -13,8 +13,8 @@ in
|
||||
};
|
||||
|
||||
services.udev.extraRules = let
|
||||
chmod = "${pkgs.coreutils}/bin/chmod";
|
||||
chown = "${pkgs.coreutils}/bin/chown";
|
||||
chmod = lib.getExe' pkgs.coreutils "chmod";
|
||||
chown = lib.getExe' pkgs.coreutils "chown";
|
||||
in lib.mkIf cfg.enabled ''
|
||||
# make backlight controllable by members of `video`
|
||||
SUBSYSTEM=="backlight", RUN+="${chown} :video $sys$devpath/brightness", RUN+="${chmod} g+w $sys$devpath/brightness"
|
||||
|
||||
@@ -49,7 +49,7 @@ in
|
||||
# - eg25-control-gps: moves new/<agps> into cache/
|
||||
# - but it moved the result (possibly incomplete) of eg25-control-freshen-agps, incorrectly
|
||||
# in practice, i don't expect much issue from this.
|
||||
ExecStart = "${cfg.package}/bin/eg25-control --ensure-agps-cache --verbose";
|
||||
ExecStart = "${lib.getExe cfg.package} --ensure-agps-cache --verbose";
|
||||
Restart = "no";
|
||||
|
||||
User = "colin";
|
||||
@@ -61,8 +61,8 @@ in
|
||||
};
|
||||
|
||||
services.udev.extraRules = let
|
||||
chmod = "${pkgs.coreutils}/bin/chmod";
|
||||
chown = "${pkgs.coreutils}/bin/chown";
|
||||
chmod = lib.getExe' pkgs.coreutils "chmod";
|
||||
chown = lib.getExe' pkgs.coreutils "chown";
|
||||
in lib.optionalString cfg.enabled ''
|
||||
# make Modem controllable by user
|
||||
DRIVER=="modem-power", RUN+="${chmod} g+w /sys%p/powered", RUN+="${chown} :networkmanager /sys%p/powered"
|
||||
|
||||
@@ -91,7 +91,7 @@ let
|
||||
|
||||
echo "unzipping omni.ja"
|
||||
# N.B. `zip` exits non-zero even on successful extraction, if the file didn't 100% obey spec
|
||||
${pkgs.buildPackages.unzip}/bin/unzip $out/lib/${cfg.browser.libName}/browser/omni.ja -d omni || true
|
||||
${lib.getExe pkgs.buildPackages.unzip} $out/lib/${cfg.browser.libName}/browser/omni.ja -d omni || true
|
||||
|
||||
echo "removing old omni.ja"
|
||||
rm $out/lib/${cfg.browser.libName}/browser/omni.ja
|
||||
@@ -105,7 +105,7 @@ let
|
||||
${lib.getExe pkgs.buildPackages.gnused} -i s'/command="cmd_close" modifiers="accel"/command="cmd_close" modifiers="accel,shift"/' omni/chrome/browser/content/browser/browser.xhtml
|
||||
|
||||
echo "re-zipping omni.ja"
|
||||
pushd omni; ${pkgs.buildPackages.zip}/bin/zip $out/lib/${cfg.browser.libName}/browser/omni.ja -r ./*; popd
|
||||
pushd omni; ${lib.getExe pkgs.buildPackages.zip} $out/lib/${cfg.browser.libName}/browser/omni.ja -r ./*; popd
|
||||
|
||||
echo "omni.ja AFTER:"
|
||||
ls -l $out/lib/${cfg.browser.libName}/browser/omni.ja
|
||||
|
||||
@@ -40,7 +40,7 @@ let
|
||||
cache = (pkgs.makeFontsCache { fontDirectories = config.fonts.packages; }).overrideAttrs (upstream: {
|
||||
buildCommand = lib.replaceStrings
|
||||
[ "fc-cache" ]
|
||||
[ "${pkgs.stdenv.hostPlatform.emulator pkgs.buildPackages} ${pkgs.fontconfig.bin}/bin/fc-cache" ]
|
||||
[ "${pkgs.stdenv.hostPlatform.emulator pkgs.buildPackages} ${lib.getExe' pkgs.fontconfig.bin "fc-cache"}" ]
|
||||
upstream.buildCommand
|
||||
;
|
||||
});
|
||||
|
||||
@@ -54,7 +54,7 @@ in
|
||||
# - <https://difftastic.wilfred.me.uk/git.html>
|
||||
diff.tool = "difftastic";
|
||||
difftool.prompt = false;
|
||||
"difftool \"difftastic\"".cmd = ''${pkgs.difftastic}/bin/difft "$LOCAL" "$REMOTE"'';
|
||||
"difftool \"difftastic\"".cmd = ''${lib.getExe pkgs.difftastic} "$LOCAL" "$REMOTE"'';
|
||||
# now run `git difftool` to use difftastic git
|
||||
|
||||
# render dates as YYYY-MM-DD HH:MM:SS +TZ
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# TODO: gnome-keyring has portal integration? ($out/share/xdg-desktop-portal)
|
||||
{ pkgs, ... }:
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
sane.programs.gnome-keyring = {
|
||||
packageUnwrapped = pkgs.rmDbusServices pkgs.gnome-keyring;
|
||||
@@ -53,7 +53,7 @@
|
||||
mkdir -m 0700 -p $XDG_RUNTIME_DIR/keyring
|
||||
exec gnome-keyring-daemon --start --foreground --components=secrets
|
||||
'';
|
||||
in "${gkr-start}/bin/gnome-keyring-daemon-start";
|
||||
in lib.getExe gkr-start;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -54,7 +54,7 @@
|
||||
services.mako = {
|
||||
description = "mako desktop notification daemon";
|
||||
partOf = [ "graphical-session" ];
|
||||
command = "${config.sane.programs.mako.package}/bin/mako";
|
||||
command = lib.getExe config.sane.programs.mako.package;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ let
|
||||
enabledPrograms;
|
||||
|
||||
fmtAssoc = regex: desktop: ''
|
||||
${mimeo-open-desktop}/bin/mimeo-open-desktop ${desktop} %U
|
||||
${lib.getExe mimeo-open-desktop} ${desktop} %U
|
||||
${regex}
|
||||
'';
|
||||
assocs = builtins.map
|
||||
@@ -31,10 +31,10 @@ let
|
||||
assocs' = lib.flatten assocs;
|
||||
|
||||
fmtFallbackAssoc = mimeType: desktop: if mimeType == "x-scheme-handler/http" then ''
|
||||
${mimeo-open-desktop}/bin/mimeo-open-desktop ${desktop} %U
|
||||
${lib.getExe mimeo-open-desktop} ${desktop} %U
|
||||
^http://.*
|
||||
'' else if mimeType == "x-scheme-handler/https" then ''
|
||||
${mimeo-open-desktop}/bin/mimeo-open-desktop ${desktop} %U
|
||||
${lib.getExe mimeo-open-desktop} ${desktop} %U
|
||||
^https://.*
|
||||
'' else "";
|
||||
fmtFallbackAssoc' = mimeType: desktop:
|
||||
|
||||
@@ -22,7 +22,7 @@ let
|
||||
pathsToLink = [ "/${mopidyPackages.python.sitePackages}" ];
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
postBuild = ''
|
||||
makeWrapper ${mopidy}/bin/mopidy $out/bin/mopidy \
|
||||
makeWrapper ${lib.getExe mopidy} $out/bin/mopidy \
|
||||
--prefix PYTHONPATH : $out/${mopidyPackages.python.sitePackages}
|
||||
'';
|
||||
};
|
||||
|
||||
@@ -32,7 +32,7 @@ in
|
||||
topic=$(cat ~/.config/ntfy-sh/topic)
|
||||
exec ntfy sub "https://ntfy.uninsane.org:2587/$topic"
|
||||
'';
|
||||
in "${sub}/bin/ntfy-sub";
|
||||
in lib.getExe sub;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -117,7 +117,7 @@ in
|
||||
# after = [ "graphical-session.target" ];
|
||||
# wantedBy = [ "graphical-session.target" ];
|
||||
|
||||
# serviceConfig.ExecStart = "${config.sane.programs.actkbd.package}/bin/actkbd -c /home/colin/.config/actkbd/actkbd.conf";
|
||||
# serviceConfig.ExecStart = "${lib.getExe config.sane.programs.actkbd.package} -c /home/colin/.config/actkbd/actkbd.conf";
|
||||
# };
|
||||
# };
|
||||
|
||||
|
||||
@@ -54,7 +54,7 @@ lib.mkMerge [
|
||||
restartIfChanged = false;
|
||||
|
||||
serviceConfig.Type = "simple";
|
||||
serviceConfig.ExecStart = "${cfg.package}/bin/seatd -g seat --bunpen-debug=4";
|
||||
serviceConfig.ExecStart = "${lib.getExe cfg.package} -g seat --bunpen-debug=4";
|
||||
serviceConfig.Group = "seat";
|
||||
# serviceConfig.AmbientCapabilities = [
|
||||
# "CAP_DAC_OVERRIDE"
|
||||
|
||||
@@ -10,7 +10,7 @@ in
|
||||
};
|
||||
}
|
||||
(lib.mkIf cfg.enabled {
|
||||
services.getty.loginProgram = "${cfg.package}/bin/login";
|
||||
services.getty.loginProgram = lib.getExe' cfg.package "login";
|
||||
security.pam.services.login.startSession = lib.mkForce false; #< disable systemd integration
|
||||
})
|
||||
];
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# borrows from:
|
||||
# - default config: <https://github.com/cspeterson/splatmoji/blob/master/splatmoji.config>
|
||||
# - wayland: <https://github.com/cspeterson/splatmoji/issues/32#issuecomment-830862566>
|
||||
{ pkgs, ... }:
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
sane.programs.splatmoji = {
|
||||
@@ -33,9 +33,9 @@
|
||||
# XXX: hardcode the package paths here. all these packages are sandboxed identically
|
||||
# to `splatmoji` itself, so there's zero benefit to acquiring them via the environment;
|
||||
# doing so would in fact be costlier.
|
||||
paste_command=${pkgs.wtype}/bin/wtype -M Ctrl -k v
|
||||
xdotool_command=${pkgs.wtype}/bin/wtype
|
||||
xsel_command=${pkgs.findutils}/bin/xargs ${pkgs.wl-clipboard}/bin/wl-copy
|
||||
paste_command=${lib.getExe pkgs.wtype} -M Ctrl -k v
|
||||
xdotool_command=${lib.getExe pkgs.wtype}
|
||||
xsel_command=${lib.getExe' pkgs.findutils "xargs"} ${lib.getExe' pkgs.wl-clipboard "wl-copy"}
|
||||
'';
|
||||
# alternative tweaks:
|
||||
# rofi_command=${pkgs.wofi}/bin/wofi --dmenu --insensitive --cache-file /dev/null
|
||||
|
||||
@@ -18,7 +18,7 @@ let
|
||||
# (consider: nested sway sessions, where sway actually has a reason to read these)
|
||||
exec env -u DISPLAY -u WAYLAND_DISPLAY \
|
||||
"DESIRED_WAYLAND_DISPLAY=$WAYLAND_DISPLAY" \
|
||||
${configuredSway}/bin/sway \
|
||||
${lib.getExe configuredSway} \
|
||||
2>&1
|
||||
'';
|
||||
in
|
||||
|
||||
@@ -69,7 +69,7 @@ in
|
||||
# XXX: this turns the screen/touch off, and then there's no way to turn it back ON
|
||||
# unless you've configured that elsewhere (e.g. sane-input-handler)
|
||||
enable = lib.mkDefault false;
|
||||
command = "${screenOff}/bin/screen-off";
|
||||
command = lib.getExe screenOff;
|
||||
delay = lib.mkDefault 1500; # 1500s = 25min
|
||||
};
|
||||
config.actions.lock = {
|
||||
|
||||
@@ -39,7 +39,7 @@ in
|
||||
#
|
||||
# N.B.: for this to behave well with multiple MPRIS clients,
|
||||
# `playerctld` must be enabled. see: <https://github.com/altdesktop/playerctl/issues/161>
|
||||
exec = "${waybar-media}/bin/waybar-media";
|
||||
exec = lib.getExe waybar-media;
|
||||
return-type = "json";
|
||||
interval = 2;
|
||||
format = "{icon}{}";
|
||||
|
||||
@@ -18,7 +18,7 @@ let
|
||||
in {
|
||||
sane.programs.zsh.fs = lib.mkIf enabled {
|
||||
".config/zsh/.zshrc".symlink.text = ''
|
||||
eval "$(${pkgs.starship}/bin/starship init zsh)"
|
||||
eval "$(${lib.getExe pkgs.starship} init zsh)"
|
||||
'';
|
||||
".config/starship.toml".symlink.target = let
|
||||
x1b = builtins.fromJSON '' "\u001b" ''; # i.e `^[`
|
||||
|
||||
@@ -123,8 +123,8 @@ in
|
||||
};
|
||||
|
||||
services.udev.extraRules = let
|
||||
chmod = "${pkgs.coreutils}/bin/chmod";
|
||||
chown = "${pkgs.coreutils}/bin/chown";
|
||||
chmod = lib.getExe' pkgs.coreutils "chmod";
|
||||
chown = lib.getExe' pkgs.coreutils "chown";
|
||||
in ''
|
||||
# make Pinephone flashlight writable by user.
|
||||
# taken from postmarketOS: <repo:postmarketOS/pmaports:device/main/device-pine64-pinephone/60-flashlight.rules>
|
||||
@@ -135,9 +135,9 @@ in
|
||||
'';
|
||||
|
||||
systemd.services.unl0kr.preStart = let
|
||||
dmesg = "${pkgs.util-linux}/bin/dmesg";
|
||||
grep = "${pkgs.gnugrep}/bin/grep";
|
||||
modprobe = "${pkgs.kmod}/bin/modprobe";
|
||||
dmesg = lib.getExe' pkgs.util-linux "dmesg";
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
modprobe = lib.getExe' pkgs.kmod "modprobe";
|
||||
in ''
|
||||
# common boot failure:
|
||||
# blank screen (no backlight even), with the following log:
|
||||
|
||||
@@ -92,10 +92,10 @@ in
|
||||
} // (lib.optionalAttrs cfg.forwardToWan {
|
||||
# documented here: <https://nixos.wiki/wiki/WireGuard#Server_setup_2>
|
||||
postSetup = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING --source ${cfg.ip}/24 ! --destination ${cfg.ip}/24 -j MASQUERADE
|
||||
${lib.getExe' pkgs.iptables "iptables"} -t nat -A POSTROUTING --source ${cfg.ip}/24 ! --destination ${cfg.ip}/24 -j MASQUERADE
|
||||
'';
|
||||
postShutdown = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING --source ${cfg.ip}/24 ! --destination ${cfg.ip}/24 -j MASQUERADE
|
||||
${lib.getExe' pkgs.iptables "iptables"} -t nat -D POSTROUTING --source ${cfg.ip}/24 ! --destination ${cfg.ip}/24 -j MASQUERADE
|
||||
'';
|
||||
}));
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ let
|
||||
RestartSec = "3min";
|
||||
ExecStart =
|
||||
let
|
||||
portFwd = "${pkgs.sane-scripts.ip-port-forward}/bin/sane-ip-port-forward";
|
||||
portFwd = lib.getExe pkgs.sane-scripts.ip-port-forward;
|
||||
forwards = builtins.map (proto: "${proto}:${port}:${portCfg.description}") portCfg.protocol;
|
||||
in ''
|
||||
${portFwd} -v -d ${builtins.toString cfg.upnpLeaseDuration} \
|
||||
|
||||
@@ -149,7 +149,7 @@ in
|
||||
requires = [ "bitcoind-${cfg.bitcoindName}.service" ];
|
||||
after = [ "bitcoind-${cfg.bitcoindName}.service" ];
|
||||
|
||||
serviceConfig.ExecStart = "${cfg.package}/bin/lightningd --lightning-dir=${cfg.dataDir}";
|
||||
serviceConfig.ExecStart = "${lib.getExe' cfg.package "lightningd"} --lightning-dir=${cfg.dataDir}";
|
||||
serviceConfig.User = cfg.user;
|
||||
serviceConfig.Restart = "always";
|
||||
serviceConfig.RestartSec = "30s";
|
||||
|
||||
@@ -31,7 +31,7 @@ in
|
||||
serviceConfig.Type = "simple";
|
||||
# N.B.: dropbear ssh key format is incompatible with OpenSSH's.
|
||||
# also, needs to be manually generated on first run (`dropbearkey -t rsa -f /etc/ssh/host_keys/dropbear_rsa_host_key -s 4096`)
|
||||
serviceConfig.ExecStart = "${cfg.package}/bin/dropbear -F -p ${builtins.toString cfg.port} -r /etc/ssh/host_keys/dropbear_rsa_host_key -r /etc/ssh/host_keys/dropbear_ed25519_host_key";
|
||||
serviceConfig.ExecStart = "${lib.getExe' cfg.package "dropbear"} -F -p ${builtins.toString cfg.port} -r /etc/ssh/host_keys/dropbear_rsa_host_key -r /etc/ssh/host_keys/dropbear_ed25519_host_key";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,8 +6,8 @@ let
|
||||
getIp = pkgs.writeShellScript "dyn-dns-query-wan" ''
|
||||
# preferred method and fallback
|
||||
# OPNsense router broadcasts its UPnP endpoint every 30s
|
||||
timeout 60 ${pkgs.sane-scripts.ip-check}/bin/sane-ip-check --json || \
|
||||
${pkgs.sane-scripts.ip-check}/bin/sane-ip-check --json --no-upnp
|
||||
timeout 60 ${lib.getExe pkgs.sane-scripts.ip-check} --json || \
|
||||
${lib.getExe pkgs.sane-scripts.ip-check} --json --no-upnp
|
||||
'';
|
||||
in
|
||||
{
|
||||
@@ -63,8 +63,8 @@ in
|
||||
before = cfg.restartOnChange;
|
||||
|
||||
script = let
|
||||
jq = "${pkgs.jq}/bin/jq";
|
||||
sed = "${pkgs.gnused}/bin/sed";
|
||||
jq = lib.getExe pkgs.jq;
|
||||
sed = lib.getExe pkgs.gnused;
|
||||
in ''
|
||||
mkdir -p "$(dirname '${cfg.ipPath}')"
|
||||
mkdir -p "$(dirname '${cfg.upnpPath}')"
|
||||
@@ -113,8 +113,8 @@ in
|
||||
description = "react to the system's WAN IP changing";
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = if cfg.restartOnChange != [] then ''
|
||||
${pkgs.systemd}/bin/systemctl restart ${toString cfg.restartOnChange}
|
||||
'' else "${pkgs.coreutils}/bin/true";
|
||||
${lib.getExe' pkgs.systemd "systemctl"} restart ${toString cfg.restartOnChange}
|
||||
'' else lib.getExe' pkgs.coreutils "true";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -27,10 +27,10 @@ in
|
||||
systemd.services.eg25-manager = {
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = "${cfg.package}/bin/eg25-manager --config ${eg25-config-toml}";
|
||||
ExecStart = "${lib.getExe cfg.package} --config ${eg25-config-toml}";
|
||||
ExecStartPre = pkgs.writeShellScript "unload-modem-power" ''
|
||||
# see issue: <https://gitlab.com/mobian1/eg25-manager/-/issues/38>
|
||||
${pkgs.kmod}/bin/modprobe -r modem_power && echo "WARNING: kernel configured with CONFIG_MODEM_POWER=y, may be incompatible with eg25-manager" || true
|
||||
${lib.getExe' pkgs.kmod "modprobe"} -r modem_power && echo "WARNING: kernel configured with CONFIG_MODEM_POWER=y, may be incompatible with eg25-manager" || true
|
||||
'';
|
||||
|
||||
Restart = "on-failure";
|
||||
@@ -61,7 +61,7 @@ in
|
||||
# wantedBy = [ "eg25-manager.service" ];
|
||||
# before = [ "eg25-manager.service" ];
|
||||
# script = ''
|
||||
# ${pkgs.kmod}/bin/modprobe -r modem_power && echo "WARNING: kernel configured with CONFIG_MODEM_POWER=y, may be incompatible with eg25-manager" || true
|
||||
# ${lib.getExe' pkgs.kmod "modprobe"} -r modem_power && echo "WARNING: kernel configured with CONFIG_MODEM_POWER=y, may be incompatible with eg25-manager" || true
|
||||
# '';
|
||||
# };
|
||||
};
|
||||
|
||||
@@ -96,7 +96,7 @@ let
|
||||
});
|
||||
|
||||
mkSystemdService = flavor: { includes, listenAddrsIpv4, listenAddrsIpv6, port, substitutions, extraConfig, ... }: let
|
||||
sed = "${pkgs.gnused}/bin/sed";
|
||||
sed = lib.getExe pkgs.gnused;
|
||||
baseConfig = (
|
||||
lib.filterAttrsRecursive (_: v: v != null) config.services.hickory-dns.settings
|
||||
) // {
|
||||
@@ -292,7 +292,7 @@ in
|
||||
|
||||
# run a hook whenever networking details change, so the DNS zone can be updated to reflect this
|
||||
environment.etc."NetworkManager/dispatcher.d/60-hickory-dns-nmhook" = lib.mkIf cfg.asSystemResolver {
|
||||
source = "${hickory-dns-nmhook}/bin/hickory-dns-nmhook";
|
||||
source = lib.getExe hickory-dns-nmhook;
|
||||
};
|
||||
|
||||
# allow NetworkManager (via hickory-dns-nmhook) to restart hickory-dns when necessary
|
||||
|
||||
@@ -44,7 +44,7 @@ in
|
||||
args = maybeListenAddress ++ ["-p" cfg.port] ++ cfg.zimPaths;
|
||||
in {
|
||||
description = "Deliver ZIM file(s) articles via HTTP";
|
||||
serviceConfig.ExecStart = "${cfg.package}/bin/kiwix-serve ${lib.escapeShellArgs args}";
|
||||
serviceConfig.ExecStart = "${lib.getExe' cfg.package "kiwix-serve"} ${lib.escapeShellArgs args}";
|
||||
serviceConfig.Type = "simple";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
@@ -116,7 +116,7 @@ let
|
||||
config = {
|
||||
readiness.waitCommand = lib.mkMerge [
|
||||
(lib.mkIf (config.readiness.waitDbus != null)
|
||||
''${pkgs.systemdMinimal}/bin/busctl --user status "${config.readiness.waitDbus}" > /dev/null''
|
||||
''${lib.getExe' pkgs.systemdMinimal "busctl"} --user status "${config.readiness.waitDbus}" > /dev/null''
|
||||
)
|
||||
(lib.mkIf (config.readiness.waitExists != [])
|
||||
# e.g.: test -e /foo -a -e /bar
|
||||
|
||||
@@ -35,7 +35,7 @@ stdenv.mkDerivation (finalAttrs: {
|
||||
]);
|
||||
|
||||
# postPatch = ''
|
||||
# substituteInPlace Makefile --replace "= lex" '= ${buildPackages.flex}/bin/flex'
|
||||
# substituteInPlace Makefile --replace "= lex" '= ${lib.getExe' buildPackages.flex "flex"}'
|
||||
# '';
|
||||
|
||||
env.CROSS_COMPILE = "or1k-elf-";
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchurl
|
||||
, update-feed
|
||||
{
|
||||
lib,
|
||||
stdenv,
|
||||
fetchurl,
|
||||
update-feed,
|
||||
}:
|
||||
|
||||
# feed-specific args
|
||||
@@ -14,7 +15,7 @@ stdenv.mkDerivation {
|
||||
inherit url;
|
||||
};
|
||||
passthru.updateScript = [
|
||||
"${update-feed}/bin/update.py" url jsonPath
|
||||
(lib.getExe update-feed) url jsonPath
|
||||
];
|
||||
meta = {
|
||||
description = "metadata about any feeds available at ${feedName}";
|
||||
|
||||
@@ -436,11 +436,11 @@ stdenv.mkDerivation (finalAttrs: with finalAttrs; let
|
||||
'';
|
||||
|
||||
symlinkThirdpartyBins = outdir: ''
|
||||
ln -sf "${lib.getBin dropbear}/bin/dropbear" "${outdir}/dropbear"
|
||||
ln -sf "${lib.getExe gnutar}" "${outdir}/tar"
|
||||
ln -sf "${lib.getBin openssh}/libexec/sftp-server" "${outdir}/sftp-server"
|
||||
ln -sf "${lib.getBin sdcv}/bin/sdcv" "${outdir}/sdcv"
|
||||
ln -sf "${lib.getBin zsync}/bin/zsync" "${outdir}/zsync2"
|
||||
ln -sf ${lib.getExe' dropbear "dropbear"} ${outdir}/dropbear
|
||||
ln -sf ${lib.getExe gnutar} ${outdir}/tar
|
||||
ln -sf ${lib.getBin openssh}/libexec/sftp-server ${outdir}/sftp-server
|
||||
ln -sf ${lib.getExe sdcv} ${outdir}/sdcv
|
||||
ln -sf ${lib.getExe' zsync "zsync"} ${outdir}/zsync2
|
||||
'';
|
||||
in {
|
||||
pname = "koreader-from-src";
|
||||
|
||||
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace src/meson.build \
|
||||
--replace-fail "python.find_installation('python3').full_path()" "'${pythonEnv}/bin/python3'"
|
||||
--replace-fail "python.find_installation('python3').full_path()" "'${lib.getExe pythonEnv}'"
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
||||
@@ -70,7 +70,7 @@ stdenv.mkDerivation rec {
|
||||
'';
|
||||
|
||||
|
||||
mesonFlags = [ "-Dcompositor=${phoc}/bin/phoc" ];
|
||||
mesonFlags = [ "-Dcompositor=${lib.getExe phoc}" ];
|
||||
|
||||
depsBuildBuild = [
|
||||
pkg-config
|
||||
|
||||
@@ -362,7 +362,7 @@ buildNpmPackage rec {
|
||||
# electron should auto-detect x11 v.s. wayland: launching with `NIXOS_OZONE_WL=1` is an optional way to force it when debugging.
|
||||
# xdg-utils: needed for ozone-platform-hint=auto to work
|
||||
# else `LaunchProcess: failed to execvp: xdg-settings`
|
||||
makeShellWrapper ${electron'}/bin/electron $out/bin/signal-desktop \
|
||||
makeShellWrapper ${lib.getExe electron'} $out/bin/signal-desktop \
|
||||
"''${gappsWrapperArgs[@]}" \
|
||||
--add-flags $out/lib/Signal/resources/app.asar \
|
||||
--suffix PATH : ${lib.makeBinPath [ xdg-utils ]} \
|
||||
|
||||
Reference in New Issue
Block a user