fs: generated.script.scriptArgs -> generated.command
This commit is contained in:
@@ -10,7 +10,7 @@ in
|
|||||||
sane.user.persist.private = [ ".local/share/keyrings" ];
|
sane.user.persist.private = [ ".local/share/keyrings" ];
|
||||||
|
|
||||||
sane.user.fs."private/.local/share/keyrings/default" = {
|
sane.user.fs."private/.local/share/keyrings/default" = {
|
||||||
generated.script.scriptArgs = [ "${init-keyring}/bin/init-keyring" ];
|
generated.command = [ "${init-keyring}/bin/init-keyring" ];
|
||||||
# TODO: is this `wantedBy` needed? can we inherit it?
|
# TODO: is this `wantedBy` needed? can we inherit it?
|
||||||
wantedBy = [ config.sane.fs."/home/colin/private".unit ];
|
wantedBy = [ config.sane.fs."/home/colin/private".unit ];
|
||||||
wantedBeforeBy = [ ]; # don't created this as part of `multi-user.target`
|
wantedBeforeBy = [ ]; # don't created this as part of `multi-user.target`
|
||||||
|
@@ -37,7 +37,7 @@ in
|
|||||||
|
|
||||||
config = {
|
config = {
|
||||||
sane.fs = mapAttrs (path: c: {
|
sane.fs = mapAttrs (path: c: {
|
||||||
generated.script.scriptArgs = [
|
generated.command = [
|
||||||
"${hash-path-with-salt}/bin/hash-path-with-salt"
|
"${hash-path-with-salt}/bin/hash-path-with-salt"
|
||||||
path
|
path
|
||||||
];
|
];
|
||||||
|
@@ -15,7 +15,7 @@ in
|
|||||||
sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
|
sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
|
||||||
sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
|
sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
|
||||||
wantedBeforeBy = [ "bluetooth.service" ];
|
wantedBeforeBy = [ "bluetooth.service" ];
|
||||||
generated.script.scriptArgs = [
|
generated.command = [
|
||||||
"${install-bluetooth}/bin/install-bluetooth"
|
"${install-bluetooth}/bin/install-bluetooth"
|
||||||
"/run/secrets/bt"
|
"/run/secrets/bt"
|
||||||
""
|
""
|
||||||
|
@@ -12,7 +12,7 @@ in
|
|||||||
sane.fs."/var/lib/iwd/.secrets.psk.stamp" = {
|
sane.fs."/var/lib/iwd/.secrets.psk.stamp" = {
|
||||||
wantedBeforeBy = [ "iwd.service" ];
|
wantedBeforeBy = [ "iwd.service" ];
|
||||||
generated.acl.mode = "0600";
|
generated.acl.mode = "0600";
|
||||||
generated.script.scriptArgs = [
|
generated.command = [
|
||||||
"${install-iwd}/bin/install-iwd"
|
"${install-iwd}/bin/install-iwd"
|
||||||
"/run/secrets/net"
|
"/run/secrets/net"
|
||||||
"/var/lib/iwd"
|
"/var/lib/iwd"
|
||||||
|
@@ -86,9 +86,9 @@ let
|
|||||||
];
|
];
|
||||||
|
|
||||||
# actually generate the item
|
# actually generate the item
|
||||||
generated.script = lib.mkMerge [
|
generated.command = lib.mkMerge [
|
||||||
(lib.mkIf (config.dir != null) (ensureDirScript name config.dir))
|
(lib.mkIf (config.dir != null) [ "${ensure-dir}/bin/ensure-dir" name ])
|
||||||
(lib.mkIf (config.symlink != null) (ensureSymlinkScript name config.symlink))
|
(lib.mkIf (config.symlink != null) [ "${ensure-symlink}/bin/ensure-symlink" name config.symlink.target ])
|
||||||
];
|
];
|
||||||
|
|
||||||
# make the unit file which generates the underlying thing available so that `mount` can use it.
|
# make the unit file which generates the underlying thing available so that `mount` can use it.
|
||||||
@@ -156,7 +156,7 @@ let
|
|||||||
'';
|
'';
|
||||||
default = [];
|
default = [];
|
||||||
};
|
};
|
||||||
script.scriptArgs = mkOption {
|
command = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [];
|
default = [];
|
||||||
};
|
};
|
||||||
@@ -192,7 +192,13 @@ let
|
|||||||
|
|
||||||
mkGeneratedConfig = path: opt: let
|
mkGeneratedConfig = path: opt: let
|
||||||
gen-opt = opt.generated;
|
gen-opt = opt.generated;
|
||||||
wrapper = generateWrapperScript path gen-opt;
|
wrappedCommand = [
|
||||||
|
"${ensure-perms}/bin/ensure-perms"
|
||||||
|
path
|
||||||
|
gen-opt.acl.user
|
||||||
|
gen-opt.acl.group
|
||||||
|
gen-opt.acl.mode
|
||||||
|
] ++ gen-opt.command;
|
||||||
in {
|
in {
|
||||||
systemd.services."${serviceNameFor path}" = {
|
systemd.services."${serviceNameFor path}" = {
|
||||||
description = "prepare ${path}";
|
description = "prepare ${path}";
|
||||||
@@ -200,7 +206,7 @@ let
|
|||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true; # makes `systemctl start ensure-blah` a noop if already completed, instead of a restart
|
RemainAfterExit = true; # makes `systemctl start ensure-blah` a noop if already completed, instead of a restart
|
||||||
ExecStart = escapeShellArgs wrapper.scriptArgs;
|
ExecStart = escapeShellArgs wrappedCommand;
|
||||||
};
|
};
|
||||||
|
|
||||||
after = gen-opt.depends;
|
after = gen-opt.depends;
|
||||||
@@ -252,33 +258,6 @@ let
|
|||||||
(lib.mkIf (opt.mount != null) (mkMountConfig path opt))
|
(lib.mkIf (opt.mount != null) (mkMountConfig path opt))
|
||||||
];
|
];
|
||||||
|
|
||||||
generateWrapperScript = path: gen-opt: {
|
|
||||||
scriptArgs = [
|
|
||||||
"${ensure-perms}/bin/ensure-perms"
|
|
||||||
path
|
|
||||||
gen-opt.acl.user
|
|
||||||
gen-opt.acl.group
|
|
||||||
gen-opt.acl.mode
|
|
||||||
] ++ gen-opt.script.scriptArgs;
|
|
||||||
};
|
|
||||||
|
|
||||||
# systemd/shell script used to create and set perms for a specific dir
|
|
||||||
ensureDirScript = path: dir-cfg: {
|
|
||||||
scriptArgs = [
|
|
||||||
"${ensure-dir}/bin/ensure-dir"
|
|
||||||
path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# systemd/shell script used to create a symlink
|
|
||||||
ensureSymlinkScript = path: link-cfg: {
|
|
||||||
scriptArgs = [
|
|
||||||
"${ensure-symlink}/bin/ensure-symlink"
|
|
||||||
path
|
|
||||||
link-cfg.target
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# return all ancestors of this path.
|
# return all ancestors of this path.
|
||||||
# e.g. ancestorsOf "/foo/bar/baz" => [ "/" "/foo" "/foo/bar" ]
|
# e.g. ancestorsOf "/foo/bar/baz" => [ "/" "/foo" "/foo/bar" ]
|
||||||
ancestorsOf = path: lib.init (path-lib.walk "/" path);
|
ancestorsOf = path: lib.init (path-lib.walk "/" path);
|
||||||
|
@@ -51,7 +51,7 @@ lib.mkIf config.sane.persist.enable
|
|||||||
${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
|
${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
script.scriptArgs = [ "${script}" underlying key ];
|
command = [ "${script}" underlying key ];
|
||||||
# we need the key in order to initialize the store
|
# we need the key in order to initialize the store
|
||||||
depends = [ config.sane.fs."${key}".unit ];
|
depends = [ config.sane.fs."${key}".unit ];
|
||||||
};
|
};
|
||||||
@@ -62,7 +62,7 @@ lib.mkIf config.sane.persist.enable
|
|||||||
dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1"
|
dd if=/dev/random bs=128 count=1 | base64 --wrap=0 > "$1"
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
script.scriptArgs = [ "${script}" key ];
|
command = [ "${script}" key ];
|
||||||
# no need for anyone else to be able to read the key
|
# no need for anyone else to be able to read the key
|
||||||
acl.mode = "0400";
|
acl.mode = "0400";
|
||||||
};
|
};
|
||||||
|
Reference in New Issue
Block a user