20 files changed, 32 insertions, 51 deletions

diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
index 46b405842..e80d383f8 100644
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -135,8 +135,7 @@ let
       wantedBy = [ "multi-user.target" ];
       serviceConfig = {
         PermissionsStartOnly = true;
-        ExecStartPre = pkgs.writeScript "acng-init" ''
-          #!/bin/sh
+        ExecStartPre = pkgs.writeDash "acng-init" ''
           mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
           chown acng:acng  ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
         '';
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 71b22d8cb..4569d400f 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -121,8 +121,7 @@ let
       "mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
       "flock -n ${shell.escape plan.dst.path} rsync"
     ];
-  in pkgs.writeScript "backup.${plan.name}" ''
-    #! ${pkgs.bash}/bin/bash
+  in pkgs.writeBash "backup.${plan.name}" ''
     set -efu
     start_date=$(date +%s)
     ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index cbf87b2a7..080d2188d 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -109,8 +109,7 @@ let
           Type = "simple";
           PrivateTmp = true;
 
-          ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
-            #!/bin/sh
+          ExecStartPre = assert server.secretKey != ""; pkgs.writeDash "bepasty-server.${name}-init" ''
             mkdir -p "${server.dataDir}" "${server.workDir}"
             chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
             cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 2a1dbe31a..c365798f3 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -345,8 +345,7 @@ let
         Type = "forking";
         PIDFile = "${workdir}/twistd.pid";
         # TODO: maybe also prepare buildbot.tac?
-        ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
-          #!/bin/sh
+        ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
           set -efux
           if [ ! -e ${workdir} ];then
             mkdir -p ${workdir}
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 248b46132..02331ee12 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -159,8 +159,7 @@ let
         Type = "forking";
         PIDFile = "${workdir}/twistd.pid";
         # TODO: maybe also prepare buildbot.tac?
-        ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
-          #!/bin/sh
+        ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
           set -efux
           mkdir -p ${workdir}/info
           cp ${buildbot-slave-init} ${workdir}/buildbot.tac
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 0f5e3172e..6a03b4638 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -462,7 +462,7 @@ let
 
   reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
 
-  # TODO makeGitHooks that uses runCommand instead of scriptFarm?
+  # TODO use `writeOut`
   scriptFarm =
     farm-name: scripts:
     let
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 1d3873232..3646d35d6 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -37,8 +37,7 @@ let
         SyslogIdentifier = "github-hosts-sync";
         User = user.name;
         Restart = "always";
-        ExecStartPre = pkgs.writeScript "github-hosts-sync-init" ''
-          #! /bin/sh
+        ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
           set -euf
           install -m 0711 -o ${user.name} -d ${cfg.dataDir}
           install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index bb06a9388..dccc11b3f 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -1,7 +1,7 @@
 arg@{ config, lib, pkgs, ... }:
 
 let
-  inherit (pkgs) writeScript writeText;
+  inherit (pkgs) writeText;
 
   inherit (builtins)
     elem
@@ -175,8 +175,7 @@ let
         ${buildTables iptables-version tables}
       '';
 
-  startScript = writeScript "krebs-iptables_start" ''
-    #! /bin/sh
+  startScript = pkgs.writeDash "krebs-iptables_start" ''
     set -euf
     iptables-restore < ${rules4 4}
     ip6tables-restore < ${rules4 6}
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index 7a7c80a75..c5c806cdf 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -1,12 +1,12 @@
 { config, lib, pkgs, ... }:
 
-with lib;
+with config.krebs.lib;
 let
   cfg = config.krebs.repo-sync;
 
   out = {
     options.krebs.repo-sync = api;
-    config = mkIf cfg.enable imp;
+    config = lib.mkIf cfg.enable imp;
   };
 
   api = {
@@ -70,7 +70,7 @@ let
   imp = {
     users.users.repo-sync = {
       name = "repo-sync";
-      uid = config.krebs.lib.genid "repo-sync";
+      uid = genid "repo-sync";
       description = "repo-sync user";
       home = cfg.stateDir;
       createHome = true;
@@ -95,9 +95,8 @@ let
       serviceConfig = {
         Type = "simple";
         PermissionsStartOnly = true;
-        ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
-          #! /bin/sh
-          cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
+        ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
+          cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
           chown repo-sync ${cfg.stateDir}/ssh.priv
         '';
         ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 5a035fa50..22991f093 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -159,13 +159,13 @@ let
       PrivateKeyFile = ${cfg.privkey.path}
       ${cfg.extraConfig}
     '';
-    "tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" ''
+    "tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" ''
       ${iproute}/sbin/ip link set ${cfg.netname} up
-      ${optionalString (net.ip4 != null) ''
+      ${optionalString (net.ip4 != null) /* sh */ ''
         ${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
         ${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
       ''}
-      ${optionalString (net.ip6 != null) ''
+      ${optionalString (net.ip6 != null) /* sh */ ''
         ${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
         ${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
       ''}
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 2692de982..dec89d249 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -94,8 +94,7 @@ let
         TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
         restart = "always";
 
-        ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
-          #!/bin/sh
+        ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
           mkdir -p "${internal_dir}" "${external_dir}"
           if ! test -e "${cfg.workingDir}/internal/index.html"; then
             cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
@@ -106,8 +105,7 @@ let
         '';
         ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
 
-        ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
-          #!/bin/sh
+        ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
           # TODO: this may break if workingDir is set to something stupid
           # this is needed because homedir is created with 700
           chmod 755  "${cfg.workingDir}"
diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix
index 0f61688e3..a483db32c 100644
--- a/krebs/5pkgs/Reaktor/plugins.nix
+++ b/krebs/5pkgs/Reaktor/plugins.nix
@@ -74,8 +74,7 @@ rec {
   };
 
   nixos-version = buildSimpleReaktorPlugin "nixos-version" {
-    script = pkgs.writeScript "nixos-version" ''
-      #! /bin/sh
+    script = pkgs.writeDash "nixos-version" ''
       . /etc/os-release
       echo "$PRETTY_NAME"
       '';
diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix
index 3aba90535..c8e8c8f53 100644
--- a/krebs/5pkgs/git-hooks/default.nix
+++ b/krebs/5pkgs/git-hooks/default.nix
@@ -101,8 +101,7 @@ let
     fi
   '';
 
-  irc-announce-script = pkgs.writeScript "irc-announce-script" ''
-    #! /bin/sh
+  irc-announce-script = pkgs.writeDash "irc-announce-script" ''
     set -euf
 
     export PATH=${makeSearchPath "bin" (with pkgs; [
diff --git a/krebs/5pkgs/hashPassword/default.nix b/krebs/5pkgs/hashPassword/default.nix
index 6a7c51c57..3da65ad79 100644
--- a/krebs/5pkgs/hashPassword/default.nix
+++ b/krebs/5pkgs/hashPassword/default.nix
@@ -1,7 +1,6 @@
 { lib, pkgs, ... }:
 
-pkgs.writeScriptBin "hashPassword" ''
-  #! /bin/sh
+pkgs.writeDashBin "hashPassword" ''
   # usage: hashPassword
   set -euf
 
diff --git a/krebs/5pkgs/krebspaste/default.nix b/krebs/5pkgs/krebspaste/default.nix
index fb318af83..dd7616a05 100644
--- a/krebs/5pkgs/krebspaste/default.nix
+++ b/krebs/5pkgs/krebspaste/default.nix
@@ -1,7 +1,6 @@
-{ writeScriptBin, pkgs }:
+{ writeDashBin, bepasty-client-cli }:
 
-# TODO: use `wrapProgram --add-flags` instead?
-writeScriptBin "krebspaste" ''
-  #! /bin/sh
-  exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
+# TODO use `execve` instead?
+writeDashBin "krebspaste" ''
+  exec ${bepasty-client-cli}/bin/bepasty-cli --url http://paste.retiolum "$@"
 ''
diff --git a/krebs/5pkgs/pssh/default.nix b/krebs/5pkgs/pssh/default.nix
index fd48d3e7c..2676af0cf 100644
--- a/krebs/5pkgs/pssh/default.nix
+++ b/krebs/5pkgs/pssh/default.nix
@@ -1,7 +1,6 @@
-{ writeScriptBin }:
+{ writeDashBin }:
 
-writeScriptBin "pssh" ''
-  #! /bin/sh
+writeDashBin "pssh" ''
   set -efu
   case ''${1-} in
 
diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix
index fed67a105..3696bcdfc 100644
--- a/tv/1systems/nomic.nix
+++ b/tv/1systems/nomic.nix
@@ -47,8 +47,7 @@ with config.krebs.lib;
   boot.tmpOnTmpfs = true;
 
   environment.systemPackages = with pkgs; [
-    (writeScriptBin "play" ''
-      #! /bin/sh
+    (writeDashBin "play" ''
       set -euf
       mpv() { exec ${mpv}/bin/mpv "$@"; }
       case $1 in
diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix
index a79ae498b..6ba7ab327 100644
--- a/tv/1systems/xu.nix
+++ b/tv/1systems/xu.nix
@@ -26,8 +26,7 @@ with config.krebs.lib;
         hashPassword
         haskellPackages.lentil
         parallel
-        (pkgs.writeScriptBin "im" ''
-          #! ${pkgs.bash}/bin/bash
+        (pkgs.writeBashBin "im" ''
           export PATH=${makeSearchPath "bin" (with pkgs; [
             tmux
             gnugrep
diff --git a/tv/2configs/pulse.nix b/tv/2configs/pulse.nix
index 8e611f21e..512919759 100644
--- a/tv/2configs/pulse.nix
+++ b/tv/2configs/pulse.nix
@@ -67,8 +67,7 @@ in
     };
     serviceConfig = {
       ExecStart = "${pkg}/bin/pulseaudio";
-      ExecStartPre = pkgs.writeScript "pulse-start" ''
-        #! /bin/sh
+      ExecStartPre = pkgs.writeDash "pulse-start" ''
         install -o pulse -g pulse -m 0750 -d ${runDir}
         install -o pulse -g pulse -m 0700 -d ${runDir}/home
       '';
diff --git a/tv/5pkgs/default.nix b/tv/5pkgs/default.nix
index da3c914b8..607980807 100644
--- a/tv/5pkgs/default.nix
+++ b/tv/5pkgs/default.nix
@@ -3,8 +3,7 @@
 {
   nixpkgs.config.packageOverrides = {
     # TODO use XDG_RUNTIME_DIR?
-    cr = pkgs.writeScriptBin "cr" ''
-      #! /bin/sh
+    cr = pkgs.writeDashBin "cr" ''
       set -efu
       export LC_TIME=de_DE.utf8
       exec ${pkgs.chromium}/bin/chromium \