blob: bc60bef90e4c94045e5c1d1d5deceffb6418f3b9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
{ config, lib, pkgs, ... }:
with lib;
let
text = import ../lib/write-text.nix {
inherit lib;
mkTextDerivation = name: text: pkgs.writeText "etc-${name}" text;
};
etc = filter (f: f.enable) (attrValues config.environment.etc);
in
{
options = {
environment.etc = mkOption {
type = types.attrsOf (types.submodule text);
default = { };
description = ''
Set of files that have to be linked in {file}`/etc`.
'';
};
};
config = {
system.build.etc = pkgs.runCommand "etc"
{ preferLocalBuild = true; }
''
mkdir -p $out/etc
cd $out/etc
${concatMapStringsSep "\n" (attr: ''
mkdir -p "$(dirname ${escapeShellArg attr.target})"
ln -s ${escapeShellArgs [ attr.source attr.target ]}
'') etc}
'';
system.activationScripts.etcChecks.text = ''
declare -A etcSha256Hashes=(
${concatMapStringsSep "\n "
(attr:
"[${escapeShellArg attr.target}]=" +
escapeShellArg (concatStringsSep " " attr.knownSha256Hashes))
etc}
)
declare -a etcProblems=()
while IFS= read -r -d "" configFile; do
subPath=''${configFile#"$systemConfig"/etc/}
etcStaticFile=/etc/static/$subPath
etcFile=/etc/$subPath
# We need to check files that exist and aren't already links to
# $etcStaticFile for known hashes.
if [[
-e $etcFile
&& $(readlink "$etcFile") != "$etcStaticFile"
]]; then
# Only check hashes of paths that resolve to regular files;
# everything else (e.g. directories) we complain about
# unconditionally.
if [[ -f $(readlink -f "$etcFile") ]]; then
etcFileSha256Output=$(shasum -a 256 "$etcFile")
etcFileSha256Hash=''${etcFileSha256Output%% *}
for knownSha256Hash in ''${etcSha256Hashes[$subPath]}; do
if [[ $etcFileSha256Hash == "$knownSha256Hash" ]]; then
# Hash matches, OK to overwrite; go to the next file.
continue 2
fi
done
fi
etcProblems+=("$etcFile")
fi
done < <(find -H "$systemConfig/etc" -type l -print0)
if (( ''${#etcProblems[@]} )); then
printf >&2 '\x1B[1;31merror: Unexpected files in /etc, aborting '
printf >&2 'activation\x1B[0m\n'
printf >&2 'The following files have unrecognized content and would be '
printf >&2 'overwritten:\n\n'
printf >&2 ' %s\n' "''${etcProblems[@]}"
printf >&2 '\nPlease check there is nothing critical in these files, '
printf >&2 'rename them by adding .before-nix-darwin to the end, and '
printf >&2 'then try again.\n'
exit 2
fi
'';
system.activationScripts.etc.text = ''
# Set up the statically computed bits of /etc.
printf >&2 'setting up /etc...\n'
ln -sfn "$(readlink -f "$systemConfig/etc")" /etc/static
while IFS= read -r -d "" etcStaticFile; do
etcFile=/etc/''${etcStaticFile#/etc/static/}
etcDir=''${etcFile%/*}
if [[ ! -d $etcDir ]]; then
mkdir -p "$etcDir"
fi
if [[ -e $etcFile ]]; then
if [[ $(readlink -- "$etcFile") == "$etcStaticFile" ]]; then
continue
else
mv "$etcFile" "$etcFile.before-nix-darwin"
fi
fi
ln -s "$etcStaticFile" "$etcFile"
done < <(find -H /etc/static -type l -print0)
while IFS= read -r -d "" etcFile; do
etcStaticFile=/etc/static/''${etcFile#/etc/}
# Delete stale links into /etc/static.
if [[
$(readlink -- "$etcFile") == "$etcStaticFile"
&& ! -e $etcStaticFile
]]; then
rm "$etcFile"
fi
done < <(find -H /etc -type l -print0)
'';
};
}
|
