From 21d17c330f4920f7de7f78661e0be3169a0824cd Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 19 May 2023 19:58:37 +0000
Subject: [PATCH] sane-backup-*: port to nix-shell

---
 pkgs/additional/sane-scripts/default.nix           | 14 ++++++++++----
 pkgs/additional/sane-scripts/src/sane-backup-ls    |  5 +++--
 .../sane-scripts/src/sane-backup-restore           |  5 +++--
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/pkgs/additional/sane-scripts/default.nix b/pkgs/additional/sane-scripts/default.nix
index 719c8e1a..f95f9ced 100644
--- a/pkgs/additional/sane-scripts/default.nix
+++ b/pkgs/additional/sane-scripts/default.nix
@@ -27,7 +27,6 @@ let
           "bin"
           coreutils-full
           curl
-          duplicity
           file
           findutils
           git
@@ -53,7 +52,6 @@ let
           which
         ];
         keep = {
-          "/run/secrets/duplicity_passphrase" = true;
           # we write here: keep it
           "/tmp/rmlint.sh" = true;
           # intentionally escapes (into user code)
@@ -77,7 +75,6 @@ let
 
         # list of programs which *can* or *cannot* exec their arguments
         execer = with pkgs; [
-          "cannot:${duplicity}/bin/duplicity"
           "cannot:${git}/bin/git"
           "cannot:${gocryptfs}/bin/gocryptfs"
           "cannot:${ifuse}/bin/ifuse"
@@ -89,7 +86,6 @@ let
           "cannot:${sops}/bin/sops"
           "cannot:${ssh-to-age}/bin/ssh-to-age"
           "cannot:${systemd}/bin/systemctl"
-          "cannot:${transmission}/bin/transmission-remote"
         ];
       };
     };
@@ -108,6 +104,16 @@ let
 
   py-scripts = {
     # anything added to this attrset gets symlink-joined into `sane-scripts`
+    backup-ls = static-nix-shell.mkBash {
+      pname = "sane-backup-ls";
+      src = ./src;
+      pkgs = [ "duplicity" ];
+    };
+    backup-restore = static-nix-shell.mkBash {
+      pname = "sane-backup-restore";
+      src = ./src;
+      pkgs = [ "duplicity" ];
+    };
     bt-add = static-nix-shell.mkBash {
       pname = "sane-bt-add";
       src = ./src;
diff --git a/pkgs/additional/sane-scripts/src/sane-backup-ls b/pkgs/additional/sane-scripts/src/sane-backup-ls
index 23279d6f..3d076d11 100755
--- a/pkgs/additional/sane-scripts/src/sane-backup-ls
+++ b/pkgs/additional/sane-scripts/src/sane-backup-ls
@@ -1,10 +1,11 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p duplicity
 
 # N.B. must be run as root
 
 set -ex
 
 # source the URL; hack to satisfy resholve
-external_cmd="source /run/secrets/duplicity_passphrase"
+external_cmd="source /run/secrets/duplicity_passphrase.env"
 $external_cmd
 duplicity list-current-files --archive-dir /var/lib/duplicity $DUPLICITY_URL
diff --git a/pkgs/additional/sane-scripts/src/sane-backup-restore b/pkgs/additional/sane-scripts/src/sane-backup-restore
index 0cc3726d..2d947444 100755
--- a/pkgs/additional/sane-scripts/src/sane-backup-restore
+++ b/pkgs/additional/sane-scripts/src/sane-backup-restore
@@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p duplicity
 
 # N.B. must be run as root
 
@@ -8,6 +9,6 @@ dest_path="$1"
 source_path="$2"
 
 # source the URL; hack to satisfy resholve
-external_cmd="source /run/secrets/duplicity_passphrase"
+external_cmd="source /run/secrets/duplicity_passphrase.env"
 $external_cmd
 duplicity restore --archive-dir /var/lib/duplicity --file-to-restore "$source_path" $DUPLICITY_URL "$dest_path"