diff --git a/flake.lock b/flake.lock index e6985aef..fc07af92 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1678202930, - "narHash": "sha256-SF82/tTnagdazlETJLzXD9kjZ6lyk38agdLbmMx1UZE=", + "lastModified": 1684319086, + "narHash": "sha256-5wwlkWqP1cQUPXp/PJsi09FkgAule5yBghngRZZbUQg=", "owner": "edolstra", "repo": "nix-serve", - "rev": "3b6d30016d910a43e0e16f94170440a3e0b8fa8d", + "rev": "e6e3d09438e803daa5374ad8edf1271289348456", "type": "github" }, "original": { @@ -82,11 +82,11 @@ }, "nixpkgs-unpatched": { "locked": { - "lastModified": 1684049129, - "narHash": "sha256-7WB9LpnPNAS8oI7hMoHeKLNhRX7k3CI9uWBRSfmOCCE=", + "lastModified": 1684385584, + "narHash": "sha256-O7y0gK8OLIDqz+LaHJJyeu09IGiXlZIS3+JgEzGmmJA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0470f36b02ef01d4f43c641bbf07020bcab71bf1", + "rev": "48a0fb7aab511df92a17cf239c37f2bd2ec9ae3a", "type": "github" }, "original": { diff --git a/hosts/by-name/desko/default.nix b/hosts/by-name/desko/default.nix index 23bce3c5..c3f67ea0 100644 --- a/hosts/by-name/desko/default.nix +++ b/hosts/by-name/desko/default.nix @@ -36,11 +36,9 @@ services.snapper.configs.nix = { # TODO: for the impermanent setup, we'd prefer to just do /nix/persist, # but that also requires setting up the persist dir as a subvol - subvolume = "/nix"; + SUBVOLUME = "/nix"; # TODO: ALLOW_USERS doesn't seem to work. still need `sudo snapper -c nix list` - extraConfig = '' - ALLOW_USERS = "colin"; - ''; + ALLOW_USERS = [ "colin" ]; }; programs.steam = { diff --git a/hosts/by-name/lappy/default.nix b/hosts/by-name/lappy/default.nix index 9cbf5f85..149109c6 100644 --- a/hosts/by-name/lappy/default.nix +++ b/hosts/by-name/lappy/default.nix @@ -29,7 +29,8 @@ services.snapper.configs.nix = { # TODO: for the impermanent setup, we'd prefer to just do /nix/persist, # but that also requires setting up the persist dir as a subvol - subvolume = "/nix"; + SUBVOLUME = "/nix"; + ALLOW_USERS = [ "colin" ]; }; # TODO: only here for debugging diff --git a/nixpatches/list.nix b/nixpatches/list.nix index 4d96dae4..12c23e86 100644 --- a/nixpatches/list.nix +++ b/nixpatches/list.nix @@ -68,13 +68,6 @@ in [ hash = "sha256-Z1HOps3w/WvxAiyUAHWszKqwS9EwA6rf4XfgPGp+2sQ="; }) - (fetchpatch' { - # kiwix-tools: 3.4.0 -> 3.5.0 - saneCommit = "146f2449a19101ee202aa578a2b1d7377779890b"; - prUrl = "https://github.com/NixOS/nixpkgs/pull/232020"; - hash = "sha256-Tqr8Ri8X2dDljDmWmjAQDRJGNenSFhrY/wr24h2JAh0="; - }) - (fetchpatch' { # nixos/lemmy: support nginx saneCommit = "4c86db6dcb78795ac9bb514d9c779fd591070b23"; diff --git a/pkgs/additional/sane-scripts/default.nix b/pkgs/additional/sane-scripts/default.nix index 8e256e36..f95f9ced 100644 --- a/pkgs/additional/sane-scripts/default.nix +++ b/pkgs/additional/sane-scripts/default.nix @@ -27,7 +27,6 @@ let "bin" coreutils-full curl - duplicity file findutils git @@ -49,12 +48,10 @@ let sops sudo systemd - transmission util-linux which ]; keep = { - "/run/secrets/duplicity_passphrase" = true; # we write here: keep it "/tmp/rmlint.sh" = true; # intentionally escapes (into user code) @@ -78,7 +75,6 @@ let # list of programs which *can* or *cannot* exec their arguments execer = with pkgs; [ - "cannot:${duplicity}/bin/duplicity" "cannot:${git}/bin/git" "cannot:${gocryptfs}/bin/gocryptfs" "cannot:${ifuse}/bin/ifuse" @@ -90,7 +86,6 @@ let "cannot:${sops}/bin/sops" "cannot:${ssh-to-age}/bin/ssh-to-age" "cannot:${systemd}/bin/systemctl" - "cannot:${transmission}/bin/transmission-remote" ]; }; }; @@ -108,14 +103,34 @@ let }; py-scripts = { - # anything added to this attrset gets symlink-joined into into `sane-scripts` + # anything added to this attrset gets symlink-joined into `sane-scripts` + backup-ls = static-nix-shell.mkBash { + pname = "sane-backup-ls"; + src = ./src; + pkgs = [ "duplicity" ]; + }; + backup-restore = static-nix-shell.mkBash { + pname = "sane-backup-restore"; + src = ./src; + pkgs = [ "duplicity" ]; + }; + bt-add = static-nix-shell.mkBash { + pname = "sane-bt-add"; + src = ./src; + pkgs = [ "transmission" ]; + }; + bt-rm = static-nix-shell.mkBash { + pname = "sane-bt-rm"; + src = ./src; + pkgs = [ "transmission" ]; + }; bt-search = static-nix-shell.mkPython3Bin { pname = "sane-bt-search"; src = ./src; pyPkgs = [ "natsort" "requests" ]; }; - bt-rm = static-nix-shell.mkBash { - pname = "sane-bt-rm"; + bt-show = static-nix-shell.mkBash { + pname = "sane-bt-show"; src = ./src; pkgs = [ "transmission" ]; }; diff --git a/pkgs/additional/sane-scripts/src/sane-backup-ls b/pkgs/additional/sane-scripts/src/sane-backup-ls index 23279d6f..3d076d11 100755 --- a/pkgs/additional/sane-scripts/src/sane-backup-ls +++ b/pkgs/additional/sane-scripts/src/sane-backup-ls @@ -1,10 +1,11 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p duplicity # N.B. must be run as root set -ex # source the URL; hack to satisfy resholve -external_cmd="source /run/secrets/duplicity_passphrase" +external_cmd="source /run/secrets/duplicity_passphrase.env" $external_cmd duplicity list-current-files --archive-dir /var/lib/duplicity $DUPLICITY_URL diff --git a/pkgs/additional/sane-scripts/src/sane-backup-restore b/pkgs/additional/sane-scripts/src/sane-backup-restore index 0cc3726d..2d947444 100755 --- a/pkgs/additional/sane-scripts/src/sane-backup-restore +++ b/pkgs/additional/sane-scripts/src/sane-backup-restore @@ -1,4 +1,5 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p duplicity # N.B. must be run as root @@ -8,6 +9,6 @@ dest_path="$1" source_path="$2" # source the URL; hack to satisfy resholve -external_cmd="source /run/secrets/duplicity_passphrase" +external_cmd="source /run/secrets/duplicity_passphrase.env" $external_cmd duplicity restore --archive-dir /var/lib/duplicity --file-to-restore "$source_path" $DUPLICITY_URL "$dest_path" diff --git a/pkgs/additional/sane-scripts/src/sane-bt-add b/pkgs/additional/sane-scripts/src/sane-bt-add index 00b4ddf7..9865d057 100755 --- a/pkgs/additional/sane-scripts/src/sane-bt-add +++ b/pkgs/additional/sane-scripts/src/sane-bt-add @@ -1,11 +1,12 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p transmission set -e endpoint=https://bt.uninsane.org/transmission/rpc PASS=$(sudo cat /run/secrets/transmission_passwd) -options=$(getopt -l prefix:,film,show:,book:,audiobook:,vn:,author: -- "" "${@}") +options=$(getopt -l help,prefix:,film,show:,book:,audiobook:,vn:,author: -- "" "${@}") eval "set -- ${options}" type= @@ -14,6 +15,22 @@ author= prefix= while true; do case "$1" in + (--help) + echo "add a .torrent or magnet:// file to be downloaded by and stored on my server" + echo "usage: sane-bt-add [options] " + echo "options:" + echo " --prefix " + echo " --film" + echo " --show " + echo " --book " + echo " --audiobook " + echo " --vn " + echo " --author " + echo "" + echo "the above options are used to construct the filesystem path where the torrent data will live" + echo "everything is relative to the root media directory (not /)" + exit + ;; (--prefix) shift prefix="$1" diff --git a/pkgs/additional/sane-scripts/src/sane-bt-show b/pkgs/additional/sane-scripts/src/sane-bt-show index 62db7c85..2f234dd5 100755 --- a/pkgs/additional/sane-scripts/src/sane-bt-show +++ b/pkgs/additional/sane-scripts/src/sane-bt-show @@ -1,4 +1,5 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p transmission endpoint=https://bt.uninsane.org/transmission/rpc PASS=$(sudo cat /run/secrets/transmission_passwd)