colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
90107c024e
nix-files/pkgs/sane-scripts/default.nix
colin 7863d12263 nix flake update. nixpkgs: 2022-09-{24 -> 25}; sops-nix: 2022-09-{25 -> 26} 
```
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/fde244a8c7655bc28616864e2290ad9c95409c2c' (2022-09-24)
  → 'github:NixOS/nixpkgs/79d3ca08920364759c63fd3eb562e99c0c17044a' (2022-09-25)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/17f009daf09992d2342657f9bd7b44d877cd00e1' (2022-09-25)
  → 'github:Mic92/sops-nix/912f9ff41fd9353dec1f783170793699789fe9aa' (2022-09-26)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/72bdd03f0d5696412b25a93218acaad530570d30' (2022-09-24)
  → 'github:NixOS/nixpkgs/ff9793cfd1a25145a7e591af604675b3d6f68987' (2022-09-26)
• Updated input 'sops-nix/nixpkgs-22_05':
    'github:NixOS/nixpkgs/aee4db5b9eaccd3fb7f16c742685fef9dc355077' (2022-09-24)
  → 'github:NixOS/nixpkgs/00f877f4927b6f7d7b75731b5a1e2ae7324eaf14' (2022-09-26)
```
2022-09-26 15:41:14 -07:00

79 lines
1.8 KiB
Nix
Raw Blame History

{ lib
, pkgs
, resholve
}:
# resholve documentation:
# - nix: https://github.com/nixos/nixpkgs/blob/master/pkgs/development/misc/resholve/README.md
# - generic: https://github.com/abathur/resholve
resholve.mkDerivation {
pname = "sane-scripts";
version = "0.1.0";
src = ./src;
solutions = {
default = {
# note: `scripts` refers to the store path here
scripts = [ "bin/*" ];
interpreter = "${pkgs.bash}/bin/bash";
inputs = with pkgs; [
coreutils
curl
file
findutils
gnugrep
ifuse
inotify-tools
ncurses
oath-toolkit
openssh
rmlint
rsync
ssh-to-age
sops
sudo
which
];
keep = {
# we write here: keep it
"/tmp/rmlint.sh" = true;
# intentionally escapes (into user code)
"$external_cmd" = true;
};
fake = {
external = [
# https://github.com/abathur/resholve/issues/29
"umount"
"sudo"
# this is actually internal; probably a better fix
"sane-mount-servo"
];
};
# list of programs which *can* or *cannot* exec their arguments
execer = [
"cannot:${pkgs.ifuse}/bin/ifuse"
"cannot:${pkgs.oath-toolkit}/bin/oathtool"
"cannot:${pkgs.openssh}/bin/ssh-keygen"
"cannot:${pkgs.rmlint}/bin/rmlint"
"cannot:${pkgs.rsync}/bin/rsync"
"cannot:${pkgs.ssh-to-age}/bin/ssh-to-age"
"cannot:${pkgs.sops}/bin/sops"
];
};
};
installPhase = ''
mkdir -p "$out/bin"
cp -R * "$out"/bin/
'';
meta = {
description = "collection of scripts associated with uninsane systems";
homepage = "https://git.uninsane.org";
platforms = lib.platforms.all;
};
}
Reference in New Issue View Git Blame Copy Permalink