feat(hm/pkgs/scr/fupdate): Move fupdate in my main config tree

4 files changed, 249 insertions, 2 deletions

diff --git a/hm/soispha/pkgs/default.nix b/hm/soispha/pkgs/default.nix
index 8541e667..60884493 100644
--- a/hm/soispha/pkgs/default.nix
+++ b/hm/soispha/pkgs/default.nix
@@ -5,7 +5,6 @@
   system,
   config,
   # my bins
-  flake_update,
   grades,
   video_pause,
   ...
@@ -141,7 +140,6 @@ with pkgs; let
 in {
   home.packages =
     [
-      flake_update.outputs.packages.${system}.default
       grades.outputs.packages.${system}.default
       video_pause.outputs.packages.${system}.default
     ]
diff --git a/hm/soispha/pkgs/scripts.nix b/hm/soispha/pkgs/scripts.nix
index e295a587..c801b3f0 100644
--- a/hm/soispha/pkgs/scripts.nix
+++ b/hm/soispha/pkgs/scripts.nix
@@ -107,6 +107,25 @@
     path = "small_functions";
     dependencies = builtins.attrValues {inherit (pkgs) git git-crypt nixos-rebuild sudo openssh coreutils mktemp gnugrep gnused;};
   };
+  fupdate-src = write_script {
+    name = "fupdate";
+    path = "apps";
+    dependencies = builtins.attrValues {
+      inherit
+        (pkgs)
+        dash
+        nix
+        gnugrep
+        fd
+        coreutils
+        bat # used by batgrep
+        gnused # required by batgrep
+        git # needed to fetch through git
+        git-crypt # needed to unlock git-crypted repos
+        ;
+      inherit (pkgs.bat-extras) batgrep;
+    };
+  };
   ll-scr = sysLib.writeShellScriptWithLibraryUnwrapped {
     name = "ll";
     src = ./scripts/wrappers/ll;
@@ -142,6 +161,7 @@ in [
   screenshot_temporary-scr
   # spodi-scr # # TODO: Reactivate when spotdl builds again <2023-10-31>
   update-sys-scr
+  fupdate-src
   virsh-del-scr
   yti-scr
 ]
diff --git a/hm/soispha/pkgs/scripts/apps/fupdate b/hm/soispha/pkgs/scripts/apps/fupdate
new file mode 100644
index 00000000..030bcd75
--- /dev/null
+++ b/hm/soispha/pkgs/scripts/apps/fupdate
@@ -0,0 +1,167 @@
+#! /usr/bin/env dash
+
+# shellcheck source=/dev/null
+SHELL_LIBRARY_VERSION="1.7.1" . %SHELL_LIBRARY_PATH
+
+
+UPDATE_SCRIPT_NAME="update.sh";
+CONFIG_DIRECTORY_PATH="$HOME/.local/share/flake-update";
+
+AUTHORS="Soispha"
+YEARS="2023"
+
+# Searches upward for a `UPDATE_SCRIPT_NAME` script
+# Returns a path to the script if it exists, otherwise nothing is returned
+check_for_update_script() {
+    dirname="$(search_upward_files "$UPDATE_SCRIPT_NAME")"
+    if [ "$dirname" ]; then
+        printf "%s/%s" "$dirname" "$UPDATE_SCRIPT_NAME"
+    fi
+}
+
+# Checks if a given path to the update script is allowed.
+# Takes the path as input
+# Return 0, if allowed, 1 if not.
+check_for_allowed_update_script(){
+    update_script="$1";
+    config_path="${CONFIG_DIRECTORY_PATH}${update_script}";
+    update_script_hash="$(sha256sum "$update_script")";
+    if [ -f "$config_path" ]; then
+        if [ "$(cat "$config_path")" = "$update_script_hash" ];then
+            dbg "Recorded hash matches";
+            return 0;
+        else
+            dbg "Recorded hash \'$(cat "$config_path")\' does not match real hash \'$update_script_hash\', assuming not allowed";
+            return 1;
+        fi
+    else
+        dbg "Path \'$config_path\' does not exist, assuming not allowed";
+        return 1;
+    fi
+}
+
+
+# Asks the user if they want to allow a given script.
+# Takes the path as input
+ask_to_allow_update_script(){
+    update_script="$1";
+    config_path="${CONFIG_DIRECTORY_PATH}${update_script}";
+    update_script_hash="$(sha256sum "$update_script")";
+    println "\033[2J"; # clear the screen
+    cat "$update_script";
+    readp "Do you want to allow this script?[N/y]: " allow;
+    dbg "allow is: $allow";
+    case "$allow" in
+        [yY])
+            dbg "allowed script";
+            dbg "storing contents in: $config_path";
+            mkdir --parents "$(dirname "$config_path")";
+            print "$update_script_hash" > "$config_path";
+            ;;
+        *)
+            UPDATE_SCRIPT_NOT_ALLOWED=true;
+            ;;
+    esac
+}
+
+# Runs the provided script and continues to update the nix flake
+# Takes the path to the script and the directory to the flake as arguments
+# If the path to the update script is empty, it will be ignored
+update(){
+    update_script="$1";
+    flake_base_dir="$2";
+
+    [ "$update_script" = "" ] || "$update_script";
+    dbg "changed directory to: $flake_base_dir";
+    cd "$flake_base_dir" || die "Provided dir \'$flake_base_dir\' can not be accessed";
+
+    nix flake update
+    if grep '[^0-9]_[0-9]' flake.lock > /dev/null; then
+        batgrep '[^0-9]_[0-9]' flake.lock;
+        die "Your flake.nix contains duplicate inputs!";
+    fi
+}
+
+help() {
+cat << EOF
+This is a Nix flake update manager.
+
+Usage:
+    $NAME [--help]
+
+Options:
+    --help   | -h
+                            Display this help and exit.
+    --version   | -v
+                            Display version and copyright information and exit.
+
+Commands:
+    flake
+                            update the flake project
+    <some other command>
+                            runs a executable called "update-<some other command>", if it exists
+EOF
+}
+
+main() {
+    if ! [ "$UPDATE_SCRIPT_NOT_ALLOWED" = true ]; then
+        update_script="$(check_for_update_script)";
+        flake_base_dir="$(search_flake_base_dir)"; # Assume, that the update script is in the base dir
+        dbg "update_script is: $update_script";
+        dbg "flake_base_dir is: $flake_base_dir";
+
+        if [ "$update_script" = "" ]; then
+            update "" "$flake_base_dir";
+        elif check_for_allowed_update_script "$update_script" && ! [ "$update_script" = "" ]; then
+            update "$update_script" "$flake_base_dir";
+        else
+            ask_to_allow_update_script "$update_script";
+            main;
+        fi
+    fi
+}
+
+if [ "$#" -eq 0 ]; then
+    main;
+fi
+
+for input in "$@"; do
+    case "$input" in
+        "--help" | "-h")
+            help;
+            exit 0;
+            ;;
+        "--version" | "-v")
+            version;
+            exit 0;
+            ;;
+        "--")
+            end_of_cli_options=true;
+            ;;
+    esac
+    [ "$end_of_cli_options" = "true" ] && break
+done
+
+while [ "$#" -ne 0 ]; do
+    case "$1" in
+        "flake")
+            main;
+            shift 1;
+            ;;
+        *)
+            command="$1";
+            shift 1;
+            [ "$1" = "--" ] && shift 1
+            if which update-"$command" > /dev/null 2>&1;then
+                if [ "$end_of_cli_options" = "true" ]; then
+                    update-"$command" "$@";
+                else
+                    update-"$command";
+                fi
+            else
+                die "command \"update-$command\" is not executable, or does not exist";
+            fi
+            ;;
+    esac
+    [ "$end_of_cli_options" = "true" ] && break
+done
diff --git a/hm/soispha/pkgs/scripts/apps/fupdate.1.md b/hm/soispha/pkgs/scripts/apps/fupdate.1.md
new file mode 100644
index 00000000..b2b7bf4f
--- /dev/null
+++ b/hm/soispha/pkgs/scripts/apps/fupdate.1.md
@@ -0,0 +1,62 @@
+% FUPDATE(1) fupdate 1.0.0
+% Soispha
+% May 2023
+
+# NAME
+fupdate - updates your flake, while checking for common mistakes
+
+# SYNOPSIS
+**fupdate** list of [*flake*|*&lt;some word&gt;*|*--help*|*-h*]
+
+# DESCRIPTION
+Argument can be stacked, this makes it possible to specify multiple targets to be updated in succession. See the Examples section for further details.
+
+No argument or *flake*
+: **fupdate**, when executed without arguments or with *flake*, will update your *flake.lock*, check for duplicate flake inputs, i.e., an input has an input declared, which you have also declared as input, and will run a script called *update.sh*, if you allow it.
+The allowance for the script is asked, when you run **fupdate** and the found script is not yet allowed. Furthermore, the allowance is based on the concrete sha256 hash of the script, so any changes will require another allowance.
+
+**&lt;some word&gt;** as argument
+: If the executable **update-&lt;some word&gt;** is reachable thought the PATH variable, than this is run. Otherwise, the program will exit.
+
+# OPTIONS
+**\-\-help**, **-h**
+: Displays a help message and exit.
+
+**\-\-version**, **-v**
+: Displays the software version and exit.
+
+# EXAMPLES
+**fupdate** or **fupdate flake**
+: Updates your *flake.lock*. See the Description section for further details.
+
+**fupdate sys**
+: Run the executable **update-sys**, if it exists. See the Description section for further details.
+
+**fupdate flake sys docs**
+: First updates your flake, then, if the command succeeded, runs **update-sys**, afterweich **update-docs** is run.
+
+# FILES
+*update.sh*
+: This is supposed to be a shell script located in your flake base directory, i.e., the directory which contains both a *flake.nix* and a *flake.lock* file.
+
+*~/.local/share/flake-update/*
+: **fupdate** will store the hashes to the allowed *update.sh* files here.
+
+# BUGS
+Report bugs to <https://codeberg.org/soispha/flake_update/issues>.
+
+# COPYRIGHT
+Copyright (C) 2023  Soispha
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.