summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xrun70
-rw-r--r--wu.nix10
2 files changed, 71 insertions, 9 deletions
diff --git a/run b/run
index ff8f93368..3440088a0 100755
--- a/run
+++ b/run
@@ -18,12 +18,25 @@ deploy() {(
target=$2
hosts=$(list_hosts)
- imports=$(set -euf; list_imports "$main")
- secrets=$(echo "$imports" | xargs cat | quoted_strings | filter_secrets)
+ module_imports=$(set -euf; list_module_imports "$main")
+ other_imports=$(
+ echo "$module_imports" \
+ | xargs grep -H . \
+ | import_statements \
+ | slash_path_relpath \
+ | undot_paths \
+ | sort \
+ | uniq \
+ | sed '/\.nix$/!s:$:/default.nix:' \
+ )
+ secrets=$(echo "$module_imports" | xargs cat | quoted_strings | filter_secrets)
+
+ # TODO collect all other paths from *_imports
abs_deps=$(
echo "$hosts"
- echo "$imports"
+ echo "$module_imports"
+ echo "$other_imports"
echo "$secrets"
)
@@ -35,8 +48,8 @@ deploy() {(
ssh "$target" nixos-rebuild switch -I nixos-config=/etc/nixos/"$main"
)}
-# list_imports : nix-file -> lines nix-file
-list_imports() {
+# list_module_imports : nix-file -> lines nix-file
+list_module_imports() {
if echo "$1" | grep -q ^/; then
:
else
@@ -65,6 +78,38 @@ filter_secrets() {
sed -n 's:^\(.*/\)\?\(secrets/.*\):'"${PWD//:/\\:}"'/\2:p'
}
+# import_statements : lines (path ": " string) |> lines (path ": " relpath)
+import_statements() {
+ sed -n '
+ s@^\([^:]\+: \)\('"$(bre_invert_word import)"'\)*\<import\s\+@\1@
+ t1;d
+ :1; s@^\([^:]\+: \)\(\.*/\S*\)@\1\2\n@
+ t2;d
+ :2; P;D
+ '
+}
+
+# slash_path_relpath : lines (path ": " relpath) |> lines path
+#
+# Example: "/foo/bar: baz" => "/foo/baz"
+#
+slash_path_relpath() {
+ sed -n 's@/[^/]\+: @/@p'
+}
+
+# undot_paths : lines path |> lines path
+# Remove all dots (. and ..) from input paths.
+undot_paths() {
+ sed '
+ :0
+ s://\+:/:g
+ s:/\.\(/\|$\):\1:g
+ s:/[^/]\+/\.\.\(/\|$\):\1:g
+ s:^/\(\.\./\)\+:/:
+ t0
+ s:^$:/:
+ '
+}
# quoted_strings : lines string |> lines string
# Extract all (double-) quoted strings from stdin.
@@ -86,6 +131,21 @@ bre_escape() {
sed 's:[\.\[\\\*\^\$]:\\&:g'
}
+# bre_invert_word : string -> BRE
+# TODO escape chars in the resulting BRE.
+bre_invert_word() {
+ awk -v input="$1" '
+ BEGIN {
+ split(input,s,"")
+ for (i in s) {
+ c=s[i]
+ printf "\\|%s[^%s]", y, c
+ y = y c
+ }
+ }
+ '
+}
+
# ls_bre : directory -> BRE
# Create a BRE from the files in a directory.
ls_bre() {
diff --git a/wu.nix b/wu.nix
index de435fc3a..4db4f09b2 100644
--- a/wu.nix
+++ b/wu.nix
@@ -9,7 +9,7 @@ with (import ./lib { inherit pkgs; });
./modules/urxvt.nix
./modules/iptables.nix
./modules/users.nix
- ./modules/tools.nix
+ #./modules/tools.nix
./modules/hosts.nix
./modules/xserver.nix
./modules/exim.nix
@@ -280,9 +280,11 @@ with (import ./lib { inherit pkgs; });
"slock"
];
- security.pki.certificateFiles = [
- ./certs/zalora-ca.crt
- ];
+ # TODO
+ # Currently ./run doesn't know about certificates
+ #security.pki.certificateFiles = [
+ # ./certs/zalora-ca.crt
+ #];
#security.pam.loginLimits = [
# # for jack