fs: remove legacy generated.script.script
option
This commit is contained in:
parent
558b35fee0
commit
8753e5e0c6
|
@ -10,7 +10,7 @@ in
|
|||
sane.user.persist.private = [ ".local/share/keyrings" ];
|
||||
|
||||
sane.user.fs."private/.local/share/keyrings/default" = {
|
||||
generated.script.script = "${init-keyring}/bin/init-keyring";
|
||||
generated.script.scriptArgs = [ "${init-keyring}/bin/init-keyring" ];
|
||||
# TODO: is this `wantedBy` needed? can we inherit it?
|
||||
wantedBy = [ config.sane.fs."/home/colin/private".unit ];
|
||||
wantedBeforeBy = [ ]; # don't created this as part of `multi-user.target`
|
||||
|
|
|
@ -37,8 +37,10 @@ in
|
|||
|
||||
config = {
|
||||
sane.fs = mapAttrs (path: c: {
|
||||
generated.script.script = ''${hash-path-with-salt}/bin/hash-path-with-salt "$@"'';
|
||||
generated.script.scriptArgs = [ path ];
|
||||
generated.script.scriptArgs = [
|
||||
"${hash-path-with-salt}/bin/hash-path-with-salt"
|
||||
path
|
||||
];
|
||||
generated.acl.mode = "0600";
|
||||
}) cfg;
|
||||
};
|
||||
|
|
|
@ -15,8 +15,12 @@ in
|
|||
sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
|
||||
sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
|
||||
wantedBeforeBy = [ "bluetooth.service" ];
|
||||
generated.script.script = ''${install-bluetooth}/bin/install-bluetooth "$@"'';
|
||||
generated.script.scriptArgs = [ "/run/secrets/bt" "" "/var/lib/bluetooth/.secrets.stamp" ];
|
||||
generated.script.scriptArgs = [
|
||||
"${install-bluetooth}/bin/install-bluetooth"
|
||||
"/run/secrets/bt"
|
||||
""
|
||||
"/var/lib/bluetooth/.secrets.stamp"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -12,8 +12,12 @@ in
|
|||
sane.fs."/var/lib/iwd/.secrets.psk.stamp" = {
|
||||
wantedBeforeBy = [ "iwd.service" ];
|
||||
generated.acl.mode = "0600";
|
||||
generated.script.script = ''${install-iwd}/bin/install-iwd "$@"'';
|
||||
generated.script.scriptArgs = [ "/run/secrets/net" "/var/lib/iwd" "/var/lib/iwd/.secrets.psk.stamp" ];
|
||||
generated.script.scriptArgs = [
|
||||
"${install-iwd}/bin/install-iwd"
|
||||
"/run/secrets/net"
|
||||
"/var/lib/iwd"
|
||||
"/var/lib/iwd/.secrets.psk.stamp"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -156,9 +156,6 @@ let
|
|||
'';
|
||||
default = [];
|
||||
};
|
||||
script.script = mkOption {
|
||||
type = types.lines;
|
||||
};
|
||||
script.scriptArgs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
|
@ -196,11 +193,6 @@ let
|
|||
mkGeneratedConfig = path: opt: let
|
||||
gen-opt = opt.generated;
|
||||
wrapper = generateWrapperScript path gen-opt;
|
||||
ty =
|
||||
if (opt.dir != null) then "dir"
|
||||
else if (opt.symlink != null) then "symlink"
|
||||
else "custom";
|
||||
wrapperPath = pkgs.writeShellScript "sane-fs-ensure-${ty}" wrapper.script;
|
||||
in {
|
||||
systemd.services."${serviceNameFor path}" = {
|
||||
description = "prepare ${path}";
|
||||
|
@ -208,9 +200,7 @@ let
|
|||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true; # makes `systemctl start ensure-blah` a noop if already completed, instead of a restart
|
||||
ExecStart = escapeShellArgs (
|
||||
[ "${wrapperPath}" ] ++ wrapper.scriptArgs
|
||||
);
|
||||
ExecStart = escapeShellArgs wrapper.scriptArgs;
|
||||
};
|
||||
|
||||
after = gen-opt.depends;
|
||||
|
@ -262,29 +252,31 @@ let
|
|||
(lib.mkIf (opt.mount != null) (mkMountConfig path opt))
|
||||
];
|
||||
|
||||
generateWrapperScript = path: gen-opt: let
|
||||
userScript = pkgs.writeShellScript "sane-fs-user-script" gen-opt.script.script;
|
||||
in {
|
||||
script = ''${ensure-perms}/bin/ensure-perms "$@"'';
|
||||
generateWrapperScript = path: gen-opt: {
|
||||
scriptArgs = [
|
||||
"${ensure-perms}/bin/ensure-perms"
|
||||
path
|
||||
gen-opt.acl.user
|
||||
gen-opt.acl.group
|
||||
gen-opt.acl.mode
|
||||
"${userScript}"
|
||||
] ++ gen-opt.script.scriptArgs;
|
||||
};
|
||||
|
||||
# systemd/shell script used to create and set perms for a specific dir
|
||||
ensureDirScript = path: dir-cfg: {
|
||||
script = ''${ensure-dir}/bin/ensure-dir "$@"'';
|
||||
scriptArgs = [ path ];
|
||||
scriptArgs = [
|
||||
"${ensure-dir}/bin/ensure-dir"
|
||||
path
|
||||
];
|
||||
};
|
||||
|
||||
# systemd/shell script used to create a symlink
|
||||
ensureSymlinkScript = path: link-cfg: {
|
||||
script = ''${ensure-symlink}/bin/ensure-symlink "$@"'';
|
||||
scriptArgs = [ path link-cfg.target ];
|
||||
scriptArgs = [
|
||||
"${ensure-symlink}/bin/ensure-symlink"
|
||||
path
|
||||
link-cfg.target
|
||||
];
|
||||
};
|
||||
|
||||
# return all ancestors of this path.
|
||||
|
|
|
@ -51,8 +51,7 @@ lib.mkIf config.sane.persist.enable
|
|||
${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
|
||||
'';
|
||||
in {
|
||||
script.script = ''${script} "$@"'';
|
||||
script.scriptArgs = [ underlying key ];
|
||||
script.scriptArgs = [ "${script}" underlying key ];
|
||||
# we need the key in order to initialize the store
|
||||
depends = [ config.sane.fs."${key}".unit ];
|
||||
};
|
||||
|
@ -63,8 +62,7 @@ lib.mkIf config.sane.persist.enable
|
|||
dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1"
|
||||
'';
|
||||
in {
|
||||
script.script = ''${script} "$@"'';
|
||||
script.scriptArgs = [ key ];
|
||||
script.scriptArgs = [ "${script}" key ];
|
||||
# no need for anyone else to be able to read the key
|
||||
acl.mode = "0400";
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue
Block a user