sane-backup-*: port to nix-shell

2023-05-19 19:58:37 +00:00 · 2023-05-19 19:58:37 +00:00 · 21d17c330f
commit 21d17c330f
parent ae2e4931f3
3 changed files with 16 additions and 8 deletions
--- a/pkgs/additional/sane-scripts/default.nix
+++ b/pkgs/additional/sane-scripts/default.nix
@ -27,7 +27,6 @@ let
          "bin"
          coreutils-full
          curl
-          duplicity
          file
          findutils
          git
@ -53,7 +52,6 @@ let
          which
        ];
        keep = {
-          "/run/secrets/duplicity_passphrase" = true;
          # we write here: keep it
          "/tmp/rmlint.sh" = true;
          # intentionally escapes (into user code)
@ -77,7 +75,6 @@ let

        # list of programs which *can* or *cannot* exec their arguments
        execer = with pkgs; [
-          "cannot:${duplicity}/bin/duplicity"
          "cannot:${git}/bin/git"
          "cannot:${gocryptfs}/bin/gocryptfs"
          "cannot:${ifuse}/bin/ifuse"
@ -89,7 +86,6 @@ let
          "cannot:${sops}/bin/sops"
          "cannot:${ssh-to-age}/bin/ssh-to-age"
          "cannot:${systemd}/bin/systemctl"
-          "cannot:${transmission}/bin/transmission-remote"
        ];
      };
    };
@ -108,6 +104,16 @@ let

  py-scripts = {
    # anything added to this attrset gets symlink-joined into `sane-scripts`
+    backup-ls = static-nix-shell.mkBash {
+      pname = "sane-backup-ls";
+      src = ./src;
+      pkgs = [ "duplicity" ];
+    };
+    backup-restore = static-nix-shell.mkBash {
+      pname = "sane-backup-restore";
+      src = ./src;
+      pkgs = [ "duplicity" ];
+    };
    bt-add = static-nix-shell.mkBash {
      pname = "sane-bt-add";
      src = ./src;
--- a/pkgs/additional/sane-scripts/src/sane-backup-ls
+++ b/pkgs/additional/sane-scripts/src/sane-backup-ls
@ -1,10 +1,11 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p duplicity

 # N.B. must be run as root

 set -ex

 # source the URL; hack to satisfy resholve
-external_cmd="source /run/secrets/duplicity_passphrase"
+external_cmd="source /run/secrets/duplicity_passphrase.env"
 $external_cmd
 duplicity list-current-files --archive-dir /var/lib/duplicity $DUPLICITY_URL
--- a/pkgs/additional/sane-scripts/src/sane-backup-restore
+++ b/pkgs/additional/sane-scripts/src/sane-backup-restore
@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p duplicity

 # N.B. must be run as root

@ -8,6 +9,6 @@ dest_path="$1"
 source_path="$2"

 # source the URL; hack to satisfy resholve
-external_cmd="source /run/secrets/duplicity_passphrase"
+external_cmd="source /run/secrets/duplicity_passphrase.env"
 $external_cmd
 duplicity restore --archive-dir /var/lib/duplicity --file-to-restore "$source_path" $DUPLICITY_URL "$dest_path"