colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

fs: generated.script.scriptArgs -> generated.command

Browse Source
This commit is contained in:
Colin
2023-07-08 11:14:55 +00:00
parent 8753e5e0c6
commit db72f5e11f
6 changed files with 18 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/common/home/keyring/default.nix
View File

@@ -10,7 +10,7 @@ in
sane.user.persist.private = [ ".local/share/keyrings" ]; sane.user.persist.private = [ ".local/share/keyrings" ];
sane.user.fs."private/.local/share/keyrings/default" = { sane.user.fs."private/.local/share/keyrings/default" = {
generated.script.scriptArgs = [ "${init-keyring}/bin/init-keyring" ]; generated.command = [ "${init-keyring}/bin/init-keyring" ];
# TODO: is this `wantedBy` needed? can we inherit it? # TODO: is this `wantedBy` needed? can we inherit it?
wantedBy = [ config.sane.fs."/home/colin/private".unit ]; wantedBy = [ config.sane.fs."/home/colin/private".unit ];
wantedBeforeBy = [ ]; # don't created this as part of `multi-user.target` wantedBeforeBy = [ ]; # don't created this as part of `multi-user.target`

2
hosts/modules/derived-secrets/default.nix
View File

@@ -37,7 +37,7 @@ in
config = { config = {
sane.fs = mapAttrs (path: c: { sane.fs = mapAttrs (path: c: {
generated.script.scriptArgs = [ generated.command = [
"${hash-path-with-salt}/bin/hash-path-with-salt" "${hash-path-with-salt}/bin/hash-path-with-salt"
path path
]; ];

2
hosts/modules/roles/client/bluetooth-pairings.nix
View File

@@ -15,7 +15,7 @@ in
sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700"; sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
sane.fs."/var/lib/bluetooth/.secrets.stamp" = { sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
wantedBeforeBy = [ "bluetooth.service" ]; wantedBeforeBy = [ "bluetooth.service" ];
generated.script.scriptArgs = [ generated.command = [
"${install-bluetooth}/bin/install-bluetooth" "${install-bluetooth}/bin/install-bluetooth"
"/run/secrets/bt" "/run/secrets/bt"
"" ""

2
hosts/modules/roles/client/wifi-pairings.nix
View File

@@ -12,7 +12,7 @@ in
sane.fs."/var/lib/iwd/.secrets.psk.stamp" = { sane.fs."/var/lib/iwd/.secrets.psk.stamp" = {
wantedBeforeBy = [ "iwd.service" ]; wantedBeforeBy = [ "iwd.service" ];
generated.acl.mode = "0600"; generated.acl.mode = "0600";
generated.script.scriptArgs = [ generated.command = [
"${install-iwd}/bin/install-iwd" "${install-iwd}/bin/install-iwd"
"/run/secrets/net" "/run/secrets/net"
"/var/lib/iwd" "/var/lib/iwd"

45
modules/fs/default.nix
View File

@@ -86,9 +86,9 @@ let
]; ];
# actually generate the item # actually generate the item
generated.script = lib.mkMerge [ generated.command = lib.mkMerge [
(lib.mkIf (config.dir != null) (ensureDirScript name config.dir)) (lib.mkIf (config.dir != null) [ "${ensure-dir}/bin/ensure-dir" name ])
(lib.mkIf (config.symlink != null) (ensureSymlinkScript name config.symlink)) (lib.mkIf (config.symlink != null) [ "${ensure-symlink}/bin/ensure-symlink" name config.symlink.target ])
]; ];
# make the unit file which generates the underlying thing available so that `mount` can use it. # make the unit file which generates the underlying thing available so that `mount` can use it.
@@ -156,7 +156,7 @@ let
''; '';
default = []; default = [];
}; };
script.scriptArgs = mkOption { command = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
}; };
@@ -192,7 +192,13 @@ let
mkGeneratedConfig = path: opt: let mkGeneratedConfig = path: opt: let
gen-opt = opt.generated; gen-opt = opt.generated;
wrapper = generateWrapperScript path gen-opt; wrappedCommand = [
"${ensure-perms}/bin/ensure-perms"
path
gen-opt.acl.user
gen-opt.acl.group
gen-opt.acl.mode
] ++ gen-opt.command;
in { in {
systemd.services."${serviceNameFor path}" = { systemd.services."${serviceNameFor path}" = {
description = "prepare ${path}"; description = "prepare ${path}";
@@ -200,7 +206,7 @@ let
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; # makes `systemctl start ensure-blah` a noop if already completed, instead of a restart RemainAfterExit = true; # makes `systemctl start ensure-blah` a noop if already completed, instead of a restart
ExecStart = escapeShellArgs wrapper.scriptArgs; ExecStart = escapeShellArgs wrappedCommand;
}; };
after = gen-opt.depends; after = gen-opt.depends;
@@ -252,33 +258,6 @@ let
(lib.mkIf (opt.mount != null) (mkMountConfig path opt)) (lib.mkIf (opt.mount != null) (mkMountConfig path opt))
]; ];
generateWrapperScript = path: gen-opt: {
scriptArgs = [
"${ensure-perms}/bin/ensure-perms"
path
gen-opt.acl.user
gen-opt.acl.group
gen-opt.acl.mode
] ++ gen-opt.script.scriptArgs;
};
# systemd/shell script used to create and set perms for a specific dir
ensureDirScript = path: dir-cfg: {
scriptArgs = [
"${ensure-dir}/bin/ensure-dir"
path
];
};
# systemd/shell script used to create a symlink
ensureSymlinkScript = path: link-cfg: {
scriptArgs = [
"${ensure-symlink}/bin/ensure-symlink"
path
link-cfg.target
];
};
# return all ancestors of this path. # return all ancestors of this path.
# e.g. ancestorsOf "/foo/bar/baz" => [ "/" "/foo" "/foo/bar" ] # e.g. ancestorsOf "/foo/bar/baz" => [ "/" "/foo" "/foo/bar" ]
ancestorsOf = path: lib.init (path-lib.walk "/" path); ancestorsOf = path: lib.init (path-lib.walk "/" path);

4
modules/persist/stores/crypt.nix
View File

@@ -51,7 +51,7 @@ lib.mkIf config.sane.persist.enable
${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing" ${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
''; '';
in { in {
script.scriptArgs = [ "${script}" underlying key ]; command = [ "${script}" underlying key ];
# we need the key in order to initialize the store # we need the key in order to initialize the store
depends = [ config.sane.fs."${key}".unit ]; depends = [ config.sane.fs."${key}".unit ];
}; };
@@ -62,7 +62,7 @@ lib.mkIf config.sane.persist.enable
dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1" dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1"
''; '';
in { in {
script.scriptArgs = [ "${script}" key ]; command = [ "${script}" key ];
# no need for anyone else to be able to read the key # no need for anyone else to be able to read the key
acl.mode = "0400"; acl.mode = "0400";
}; };