summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/apt-cacher-ng.nix3
-rw-r--r--krebs/3modules/backup.nix3
-rw-r--r--krebs/3modules/bepasty-server.nix3
-rw-r--r--krebs/3modules/buildbot/master.nix3
-rw-r--r--krebs/3modules/buildbot/slave.nix3
-rw-r--r--krebs/3modules/git.nix2
-rw-r--r--krebs/3modules/github-hosts-sync.nix3
-rw-r--r--krebs/3modules/iptables.nix5
-rw-r--r--krebs/3modules/repo-sync.nix11
-rw-r--r--krebs/3modules/retiolum.nix6
-rw-r--r--krebs/3modules/tinc_graphs.nix6
11 files changed, 19 insertions, 29 deletions
diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix
index 46b405842..e80d383f8 100644
--- a/krebs/3modules/apt-cacher-ng.nix
+++ b/krebs/3modules/apt-cacher-ng.nix
@@ -135,8 +135,7 @@ let
wantedBy = [ "multi-user.target" ];
serviceConfig = {
PermissionsStartOnly = true;
- ExecStartPre = pkgs.writeScript "acng-init" ''
- #!/bin/sh
+ ExecStartPre = pkgs.writeDash "acng-init" ''
mkdir -p ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
chown acng:acng ${shell.escape cfg.cacheDir} ${shell.escape cfg.logDir}
'';
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 71b22d8cb..4569d400f 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -121,8 +121,7 @@ let
"mkdir -m 0700 -p ${shell.escape plan.dst.path}/current"
"flock -n ${shell.escape plan.dst.path} rsync"
];
- in pkgs.writeScript "backup.${plan.name}" ''
- #! ${pkgs.bash}/bin/bash
+ in pkgs.writeBash "backup.${plan.name}" ''
set -efu
start_date=$(date +%s)
ssh_target=${shell.escape login-name}@$(${fastest-address remote.host})
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index cbf87b2a7..080d2188d 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -109,8 +109,7 @@ let
Type = "simple";
PrivateTmp = true;
- ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
- #!/bin/sh
+ ExecStartPre = assert server.secretKey != ""; pkgs.writeDash "bepasty-server.${name}-init" ''
mkdir -p "${server.dataDir}" "${server.workDir}"
chown bepasty:bepasty "${server.workDir}" "${server.dataDir}"
cat > "${server.workDir}/bepasty-${name}.conf" <<EOF
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index 2a1dbe31a..c365798f3 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -345,8 +345,7 @@ let
Type = "forking";
PIDFile = "${workdir}/twistd.pid";
# TODO: maybe also prepare buildbot.tac?
- ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
- #!/bin/sh
+ ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
if [ ! -e ${workdir} ];then
mkdir -p ${workdir}
diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix
index 248b46132..02331ee12 100644
--- a/krebs/3modules/buildbot/slave.nix
+++ b/krebs/3modules/buildbot/slave.nix
@@ -159,8 +159,7 @@ let
Type = "forking";
PIDFile = "${workdir}/twistd.pid";
# TODO: maybe also prepare buildbot.tac?
- ExecStartPre = pkgs.writeScript "buildbot-master-init" ''
- #!/bin/sh
+ ExecStartPre = pkgs.writeDash "buildbot-master-init" ''
set -efux
mkdir -p ${workdir}/info
cp ${buildbot-slave-init} ${workdir}/buildbot.tac
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 0f5e3172e..6a03b4638 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -462,7 +462,7 @@ let
reponames = rules: sort lessThan (unique (map (x: x.repo.name) rules));
- # TODO makeGitHooks that uses runCommand instead of scriptFarm?
+ # TODO use `writeOut`
scriptFarm =
farm-name: scripts:
let
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index 1d3873232..3646d35d6 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -37,8 +37,7 @@ let
SyslogIdentifier = "github-hosts-sync";
User = user.name;
Restart = "always";
- ExecStartPre = pkgs.writeScript "github-hosts-sync-init" ''
- #! /bin/sh
+ ExecStartPre = pkgs.writeDash "github-hosts-sync-init" ''
set -euf
install -m 0711 -o ${user.name} -d ${cfg.dataDir}
install -m 0700 -o ${user.name} -d ${cfg.dataDir}/.ssh
diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix
index bb06a9388..dccc11b3f 100644
--- a/krebs/3modules/iptables.nix
+++ b/krebs/3modules/iptables.nix
@@ -1,7 +1,7 @@
arg@{ config, lib, pkgs, ... }:
let
- inherit (pkgs) writeScript writeText;
+ inherit (pkgs) writeText;
inherit (builtins)
elem
@@ -175,8 +175,7 @@ let
${buildTables iptables-version tables}
'';
- startScript = writeScript "krebs-iptables_start" ''
- #! /bin/sh
+ startScript = pkgs.writeDash "krebs-iptables_start" ''
set -euf
iptables-restore < ${rules4 4}
ip6tables-restore < ${rules4 6}
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index 7a7c80a75..c5c806cdf 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -1,12 +1,12 @@
{ config, lib, pkgs, ... }:
-with lib;
+with config.krebs.lib;
let
cfg = config.krebs.repo-sync;
out = {
options.krebs.repo-sync = api;
- config = mkIf cfg.enable imp;
+ config = lib.mkIf cfg.enable imp;
};
api = {
@@ -70,7 +70,7 @@ let
imp = {
users.users.repo-sync = {
name = "repo-sync";
- uid = config.krebs.lib.genid "repo-sync";
+ uid = genid "repo-sync";
description = "repo-sync user";
home = cfg.stateDir;
createHome = true;
@@ -95,9 +95,8 @@ let
serviceConfig = {
Type = "simple";
PermissionsStartOnly = true;
- ExecStartPre = pkgs.writeScript "prepare-repo-sync-user" ''
- #! /bin/sh
- cp -v ${config.krebs.lib.shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
+ ExecStartPre = pkgs.writeDash "prepare-repo-sync-user" ''
+ cp -v ${shell.escape cfg.privateKeyFile} ${cfg.stateDir}/ssh.priv
chown repo-sync ${cfg.stateDir}/ssh.priv
'';
ExecStart = "${pkgs.repo-sync}/bin/repo-sync ${repo-sync-config}";
diff --git a/krebs/3modules/retiolum.nix b/krebs/3modules/retiolum.nix
index 5a035fa50..22991f093 100644
--- a/krebs/3modules/retiolum.nix
+++ b/krebs/3modules/retiolum.nix
@@ -159,13 +159,13 @@ let
PrivateKeyFile = ${cfg.privkey.path}
${cfg.extraConfig}
'';
- "tinc-up" = pkgs.writeScript "${cfg.netname}-tinc-up" ''
+ "tinc-up" = pkgs.writeDash "${cfg.netname}-tinc-up" ''
${iproute}/sbin/ip link set ${cfg.netname} up
- ${optionalString (net.ip4 != null) ''
+ ${optionalString (net.ip4 != null) /* sh */ ''
${iproute}/sbin/ip -4 addr add ${net.ip4.addr} dev ${cfg.netname}
${iproute}/sbin/ip -4 route add ${net.ip4.prefix} dev ${cfg.netname}
''}
- ${optionalString (net.ip6 != null) ''
+ ${optionalString (net.ip6 != null) /* sh */ ''
${iproute}/sbin/ip -6 addr add ${net.ip6.addr} dev ${cfg.netname}
${iproute}/sbin/ip -6 route add ${net.ip6.prefix} dev ${cfg.netname}
''}
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 2692de982..dec89d249 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -94,8 +94,7 @@ let
TimeoutSec = 300; # we will wait 5 minutes, kill otherwise
restart = "always";
- ExecStartPre = pkgs.writeScript "tinc_graphs-init" ''
- #!/bin/sh
+ ExecStartPre = pkgs.writeDash "tinc_graphs-init" ''
mkdir -p "${internal_dir}" "${external_dir}"
if ! test -e "${cfg.workingDir}/internal/index.html"; then
cp -fr "$(${pkgs.tinc_graphs}/bin/tincstats-static-dir)/internal/." "${internal_dir}"
@@ -106,8 +105,7 @@ let
'';
ExecStart = "${pkgs.tinc_graphs}/bin/all-the-graphs";
- ExecStartPost = pkgs.writeScript "tinc_graphs-post" ''
- #!/bin/sh
+ ExecStartPost = pkgs.writeDash "tinc_graphs-post" ''
# TODO: this may break if workingDir is set to something stupid
# this is needed because homedir is created with 700
chmod 755 "${cfg.workingDir}"