From 9d1bb05e49ab33d5a70d21e0d043b3bd072f0ab5 Mon Sep 17 00:00:00 2001 From: Colin Date: Sat, 5 Oct 2024 06:03:14 +0000 Subject: [PATCH] refactor: remove unused sane-private-* scripts or move them into scripts/ --- hosts/common/programs/sane-scripts.nix | 12 ------------ pkgs/by-name/sane-scripts/package.nix | 15 --------------- pkgs/by-name/sane-scripts/src/sane-private-lock | 4 ---- pkgs/by-name/sane-scripts/src/sane-private-unlock | 7 ------- .../bringup/init-persist-private | 5 +++-- 5 files changed, 3 insertions(+), 40 deletions(-) delete mode 100755 pkgs/by-name/sane-scripts/src/sane-private-lock delete mode 100755 pkgs/by-name/sane-scripts/src/sane-private-unlock rename pkgs/by-name/sane-scripts/src/sane-private-init => scripts/bringup/init-persist-private (99%) diff --git a/hosts/common/programs/sane-scripts.nix b/hosts/common/programs/sane-scripts.nix index 1bfbcec2d..f76221de2 100644 --- a/hosts/common/programs/sane-scripts.nix +++ b/hosts/common/programs/sane-scripts.nix @@ -21,9 +21,6 @@ in "sane-scripts.find-dotfiles" "sane-scripts.ip-check" "sane-scripts.private-do" - "sane-scripts.private-init" - "sane-scripts.private-lock" - "sane-scripts.private-unlock" "sane-scripts.rcp" "sane-scripts.reboot" "sane-scripts.reclaim-boot-space" @@ -117,15 +114,6 @@ in net = "all"; extraPaths = [ "/" ]; }; - "sane-scripts.private-init".sandbox = { - method = "bwrap"; - capabilities = [ "sys_admin" ]; # it needs to mount the new store - extraHomePaths = [ - ".persist/private" - ]; - }; - "sane-scripts.private-lock".sandbox.method = null; - "sane-scripts.private-unlock".sandbox.method = null; "sane-scripts.reclaim-boot-space".sandbox = { method = "bunpen"; diff --git a/pkgs/by-name/sane-scripts/package.nix b/pkgs/by-name/sane-scripts/package.nix index 2a7bcd6b8..4f353554f 100644 --- a/pkgs/by-name/sane-scripts/package.nix +++ b/pkgs/by-name/sane-scripts/package.nix @@ -113,21 +113,6 @@ let srcRoot = ./src; pkgs = [ "util-linux" ]; }; - private-init = static-nix-shell.mkBash { - pname = "sane-private-init"; - srcRoot = ./src; - pkgs = [ "gocryptfs" ]; - }; - private-lock = static-nix-shell.mkBash { - pname = "sane-private-lock"; - srcRoot = ./src; - pkgs = [ "util-linux.mount" ]; - }; - private-unlock = static-nix-shell.mkBash { - pname = "sane-private-unlock"; - srcRoot = ./src; - pkgs = [ "util-linux.mount" ]; - }; private-unlock-remote = static-nix-shell.mkBash { pname = "sane-private-unlock-remote"; srcRoot = ./src; diff --git a/pkgs/by-name/sane-scripts/src/sane-private-lock b/pkgs/by-name/sane-scripts/src/sane-private-lock deleted file mode 100755 index a35032835..000000000 --- a/pkgs/by-name/sane-scripts/src/sane-private-lock +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash -p bash -p util-linux.mount - -umount /mnt/persist/private diff --git a/pkgs/by-name/sane-scripts/src/sane-private-unlock b/pkgs/by-name/sane-scripts/src/sane-private-unlock deleted file mode 100755 index e422e5d3b..000000000 --- a/pkgs/by-name/sane-scripts/src/sane-private-unlock +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash -p bash -p util-linux.mount - -# TODO: the mountpoint isn't created as part of startup: why? -sudo mkdir -p /mnt/persist/private -sudo chown colin:users /mmt/persist/private -mount /mnt/persist/private diff --git a/pkgs/by-name/sane-scripts/src/sane-private-init b/scripts/bringup/init-persist-private similarity index 99% rename from pkgs/by-name/sane-scripts/src/sane-private-init rename to scripts/bringup/init-persist-private index b65dfedc1..68b8e651c 100755 --- a/pkgs/by-name/sane-scripts/src/sane-private-init +++ b/scripts/bringup/init-persist-private @@ -1,10 +1,11 @@ #!/usr/bin/env nix-shell #!nix-shell -i bash -p bash -p gocryptfs -set -ex - # configure persistent, encrypted storage that is auto-mounted on login. # this is a one-time setup and user should log out/back in after running it. + +set -ex + p=/nix/persist/private if ! test -d "$p" || ! test -w "$p"; then