sane-scripts: include the python scripts

2023-03-22 21:21:00 +00:00 · 2023-03-22 21:21:00 +00:00 · 2a148c1543
commit 2a148c1543
parent adf72fc9d4
6 changed files with 152 additions and 108 deletions
--- a/overlays/pkgs.nix
+++ b/overlays/pkgs.nix
@ -3,6 +3,7 @@
  let
    sane = rec {
      #### my own, non-upstreamable packages:
      static-nix-shell = callPackages ../pkgs/static-nix-shell { };
      sane-scripts = callPackage ../pkgs/sane-scripts { };
      feeds = recurseIntoAttrs (callPackage ../pkgs/feeds { });
      tow-boot-pinephone = callPackage ../pkgs/tow-boot-pinephone { };
--- a/pkgs/feeds/default.nix
+++ b/pkgs/feeds/default.nix
@ -1,7 +1,7 @@
 { lib
 , callPackage
 , python3
-, stdenv
+, static-nix-shell
 , writeShellScript
 }:
@ -21,21 +21,11 @@ let
    feed-pkgs;
 in rec {  # TODO: make this a scope
  inherit feed-pkgs;
-  update = stdenv.mkDerivation {
+  update = static-nix-shell.mkPython3Bin {
    pname = "update";
    version = "0.1.0";
    src = ./.;
-    patchPhase =
+    pyPkgs = [ "feedsearch-crawler" ];
-      let
+    srcPath = "update.py";
        pyEnv = python3.withPackages (ps: [ ps.feedsearch-crawler ]);
      in ''
      substituteInPlace ./update.py \
        --replace "#!/usr/bin/env nix-shell" "#!${pyEnv.interpreter}"
    '';
    installPhase = ''
      mkdir -p $out/bin
      mv update.py $out/bin/update.py
    '';
  };
  init-feed = writeShellScript
    "init-feed"
--- a/pkgs/sane-scripts/default.nix
+++ b/pkgs/sane-scripts/default.nix
@ -1,108 +1,129 @@
 { lib
 , pkgs
 , resholve
 , static-nix-shell
 , symlinkJoin
 }:
-# resholve documentation:
+let
-# - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md
+  shell-scripts = resholve.mkDerivation {
-# - generic: https://github.com/abathur/resholve
+    # resholve documentation:
-resholve.mkDerivation {
+    # - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md
-  pname = "sane-scripts";
+    # - generic: https://github.com/abathur/resholve
-  version = "0.1.0";
+    pname = "sane-scripts";
    version = "0.1.0";
-  src = ./src;
+    src = ./src;
-  solutions = {
+    solutions = {
-    default = {
+      default = {
-      # note: `scripts` refers to the store path here
+        # note: `scripts` refers to the store path here
-      scripts = [ "bin/*" ];
+        scripts = [ "bin/*" ];
-      interpreter = "${pkgs.bash}/bin/bash";
+        interpreter = "${pkgs.bash}/bin/bash";
-      inputs = with pkgs; [
+        inputs = with pkgs; [
-        # string is interpreted as relative path from @OUT@.
+          # string is interpreted as relative path from @OUT@.
-        # this lets our scripts reference eachother.
+          # this lets our scripts reference eachother.
-        # see: <https://github.com/abathur/resholve/issues/26>
+          # see: <https://github.com/abathur/resholve/issues/26>
-        "bin"
+          "bin"
-        coreutils-full
+          coreutils-full
-        curl
+          curl
-        duplicity
+          duplicity
-        file
+          file
-        findutils
+          findutils
-        git
+          git
-        gnugrep
+          gnugrep
-        gnused
+          gnused
-        gocryptfs
+          gocryptfs
-        ifuse
+          ifuse
-        inetutils
+          inetutils
-        inotify-tools
+          inotify-tools
-        iwd
+          iwd
-        jq
+          jq
-        ncurses
+          ncurses
-        oath-toolkit
+          oath-toolkit
-        openssh
+          openssh
-        openssl
+          openssl
-        rmlint
+          rmlint
-        rsync
+          rsync
-        ssh-to-age
+          ssh-to-age
-        sops
+          sops
-        sudo
+          sudo
-        systemd
+          systemd
-        util-linux
+          util-linux
-        which
+          which
-      ];
+        ];
-      keep = {
+        keep = {
-        "/run/secrets/duplicity_passphrase" = true;
+          "/run/secrets/duplicity_passphrase" = true;
-        # we write here: keep it
+          # we write here: keep it
-        "/tmp/rmlint.sh" = true;
+          "/tmp/rmlint.sh" = true;
-        # intentionally escapes (into user code)
+          # intentionally escapes (into user code)
-        "$external_cmd" = true;
+          "$external_cmd" = true;
-        "$maybe_sudo" = true;
+          "$maybe_sudo" = true;
-      };
+        };
-      fake = {
+        fake = {
-        external = [
+          external = [
-          # https://github.com/abathur/resholve/issues/29
+            # https://github.com/abathur/resholve/issues/29
-          # "umount"
+            # "umount"
-          # "/run/wrappers/bin/sudo"
+            # "/run/wrappers/bin/sudo"
-          "sudo"
+            "sudo"
          ];
        };
        fix = {
          # this replaces umount with the non-setuid-wrapper umount.
          # not sure if/where that lack of suid causes problems.
          umount = true;
        };
        prologue = "bin/sane-resholve-prologue";
        # list of programs which *can* or *cannot* exec their arguments
        execer = with pkgs; [
          "cannot:${duplicity}/bin/duplicity"
          "cannot:${git}/bin/git"
          "cannot:${gocryptfs}/bin/gocryptfs"
          "cannot:${ifuse}/bin/ifuse"
          "cannot:${iwd}/bin/iwctl"
          "cannot:${oath-toolkit}/bin/oathtool"
          "cannot:${openssh}/bin/ssh-keygen"
          "cannot:${rmlint}/bin/rmlint"
          "cannot:${rsync}/bin/rsync"
          "cannot:${sops}/bin/sops"
          "cannot:${ssh-to-age}/bin/ssh-to-age"
          "cannot:${systemd}/bin/systemctl"
        ];
      };
      fix = {
        # this replaces umount with the non-setuid-wrapper umount.
        # not sure if/where that lack of suid causes problems.
        umount = true;
      };
      prologue = "bin/sane-resholve-prologue";
      # list of programs which *can* or *cannot* exec their arguments
      execer = with pkgs; [
        "cannot:${duplicity}/bin/duplicity"
        "cannot:${git}/bin/git"
        "cannot:${gocryptfs}/bin/gocryptfs"
        "cannot:${ifuse}/bin/ifuse"
        "cannot:${iwd}/bin/iwctl"
        "cannot:${oath-toolkit}/bin/oathtool"
        "cannot:${openssh}/bin/ssh-keygen"
        "cannot:${rmlint}/bin/rmlint"
        "cannot:${rsync}/bin/rsync"
        "cannot:${sops}/bin/sops"
        "cannot:${ssh-to-age}/bin/ssh-to-age"
        "cannot:${systemd}/bin/systemctl"
      ];
    };
    patchPhase = ''
      # remove python scripts  (we package them further below)
      rm sane-bt-search
      rm sane-date-math
      rm sane-reclaim-boot-space
    '';
    installPhase = ''
      mkdir -p $out/bin
      cp -R * $out/bin/
    '';
  };
-  patchPhase = ''
+  bt-search = static-nix-shell.mkPython3Bin {
-    # remove python scripts
+    pname = "sane-bt-search";
-    # TODO: figure out how to make resholve process only shell scripts
+    src = ./src;
-    rm sane-bt-search
+    pyPkgs = [ "natsort" "requests" ];
-    rm sane-date-math
+  };
-    rm sane-reclaim-boot-space
+  date-math = static-nix-shell.mkPython3Bin {
-  '';
+    pname = "sane-date-math";
-
+    src = ./src;
-  installPhase = ''
+  };
-    mkdir -p $out/bin
+  reclaim-boot-space = static-nix-shell.mkPython3Bin {
-    cp -R * $out/bin/
+    pname = "sane-reclaim-boot-space";
-  '';
+    src = ./src;
  };
 in
 symlinkJoin {
  name = "sane-scripts";
  paths = [ shell-scripts bt-search date-math reclaim-boot-space ];
  meta = {
    description = "collection of scripts associated with uninsane systems";
    homepage = "https://git.uninsane.org";
--- a/pkgs/sane-scripts/src/sane-date-math
+++ b/pkgs/sane-scripts/src/sane-date-math
@ -1,4 +1,5 @@
-#!/usr/bin/env python3
+#!/usr/bin/env nix-shell
 #!nix-shell -i python3 -p "python3.withPackages (ps: [  ])"
 # i just went overboard playing around with parsers, is all.
 # use this like `./sane-date-math 'today - 5d'`
--- a/pkgs/sane-scripts/src/sane-reclaim-boot-space
+++ b/pkgs/sane-scripts/src/sane-reclaim-boot-space
@ -1,4 +1,5 @@
-#!/usr/bin/env python3
+#!/usr/bin/env nix-shell
 #!nix-shell -i python3 -p "python3.withPackages (ps: [  ])"
 import os
 import os.path
--- a/pkgs/static-nix-shell/default.nix
+++ b/pkgs/static-nix-shell/default.nix
@ -0,0 +1,30 @@
 { stdenv
 , python3
 }:
 {
  # transform a file which uses `#!/usr/bin/env nix-shell` shebang with a `python3` interpreter
  # into a derivation that can be built statically
  mkPython3Bin = { pname, pyPkgs ? [], srcPath ? pname, ... }@attrs: stdenv.mkDerivation (
    let
      evalPyPkgs = ps: builtins.map (name: ps."${name}") pyPkgs;
      pyEnv = python3.withPackages evalPyPkgs;
      pyPkgsStr = builtins.concatStringsSep " " (builtins.map (p: "ps.${p}") pyPkgs);
    in {
      version = "0.1.0";  # default version
      patchPhase = ''
        substituteInPlace ${srcPath} \
          --replace '#!/usr/bin/env nix-shell' '#!${pyEnv.interpreter}' \
          --replace \
            '#!nix-shell -i python3 -p "python3.withPackages (ps: [ ${pyPkgsStr} ])"' \
            '# nix deps evaluated statically'
      '';
      installPhase = ''
        mkdir -p $out/bin
        mv ${srcPath} $out/bin/${srcPath}
        # ensure that all nix-shell references were substituted
        ! grep nix-shell $out/bin/${srcPath}
      '';
    } // attrs
  );
 }