colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

refactor: remove unused sane-private-* scripts or move them into scripts/

Browse Source
This commit is contained in:
Colin
2024-10-05 06:03:14 +00:00
parent e60076bdb9
commit 9d1bb05e49
5 changed files with 3 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/common/programs/sane-scripts.nix
View File

@@ -21,9 +21,6 @@ in
"sane-scripts.find-dotfiles" "sane-scripts.find-dotfiles"
"sane-scripts.ip-check" "sane-scripts.ip-check"
"sane-scripts.private-do" "sane-scripts.private-do"
"sane-scripts.private-init"
"sane-scripts.private-lock"
"sane-scripts.private-unlock"
"sane-scripts.rcp" "sane-scripts.rcp"
"sane-scripts.reboot" "sane-scripts.reboot"
"sane-scripts.reclaim-boot-space" "sane-scripts.reclaim-boot-space"
@@ -117,15 +114,6 @@ in
net = "all"; net = "all";
extraPaths = [ "/" ]; extraPaths = [ "/" ];
}; };
"sane-scripts.private-init".sandbox = {
method = "bwrap";
capabilities = [ "sys_admin" ]; # it needs to mount the new store
extraHomePaths = [
".persist/private"
];
};
"sane-scripts.private-lock".sandbox.method = null;
"sane-scripts.private-unlock".sandbox.method = null;
"sane-scripts.reclaim-boot-space".sandbox = { "sane-scripts.reclaim-boot-space".sandbox = {
method = "bunpen"; method = "bunpen";

15
pkgs/by-name/sane-scripts/package.nix
View File

@@ -113,21 +113,6 @@ let
srcRoot = ./src; srcRoot = ./src;
pkgs = [ "util-linux" ]; pkgs = [ "util-linux" ];
}; };
private-init = static-nix-shell.mkBash {
pname = "sane-private-init";
srcRoot = ./src;
pkgs = [ "gocryptfs" ];
};
private-lock = static-nix-shell.mkBash {
pname = "sane-private-lock";
srcRoot = ./src;
pkgs = [ "util-linux.mount" ];
};
private-unlock = static-nix-shell.mkBash {
pname = "sane-private-unlock";
srcRoot = ./src;
pkgs = [ "util-linux.mount" ];
};
private-unlock-remote = static-nix-shell.mkBash { private-unlock-remote = static-nix-shell.mkBash {
pname = "sane-private-unlock-remote"; pname = "sane-private-unlock-remote";
srcRoot = ./src; srcRoot = ./src;

4
pkgs/by-name/sane-scripts/src/sane-private-lock
View File

@@ -1,4 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash -p util-linux.mount
umount /mnt/persist/private

7
pkgs/by-name/sane-scripts/src/sane-private-unlock
View File

@@ -1,7 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash -p util-linux.mount
# TODO: the mountpoint isn't created as part of startup: why?
sudo mkdir -p /mnt/persist/private
sudo chown colin:users /mmt/persist/private
mount /mnt/persist/private

5
pkgs/by-name/sane-scripts/src/sane-private-init → scripts/bringup/init-persist-private
View File

@@ -1,10 +1,11 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash -p gocryptfs #!nix-shell -i bash -p bash -p gocryptfs
set -ex
# configure persistent, encrypted storage that is auto-mounted on login. # configure persistent, encrypted storage that is auto-mounted on login.
# this is a one-time setup and user should log out/back in after running it. # this is a one-time setup and user should log out/back in after running it.
set -ex
p=/nix/persist/private p=/nix/persist/private
if ! test -d "$p" || ! test -w "$p"; then if ! test -d "$p" || ! test -w "$p"; then