diff options
Diffstat (limited to 'system/services/nix-sync')
| -rw-r--r-- | system/services/nix-sync/default.nix | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/system/services/nix-sync/default.nix b/system/services/nix-sync/default.nix index d0ca114..e951119 100644 --- a/system/services/nix-sync/default.nix +++ b/system/services/nix-sync/default.nix @@ -8,9 +8,14 @@ mkUnit = name: repo: let esa = lib.strings.escapeShellArg; + optionalPathSeparator = + if lib.strings.hasPrefix "/" repo.path + then "" + else "/"; + repoCachePath = cfg.cachePath + optionalPathSeparator + repo.path; execStartScript = pkgs.writeScript "git-sync-exec" '' #! /usr/bin/env dash - cd ${esa (cfg.cachePath + "/" + repo.path)}; + cd ${esa repoCachePath}; while true; do origin="$(git rev-parse @{u})"; @@ -31,12 +36,12 @@ done ''; execStartPreScript = '' - if ! stat ${esa (cfg.cachePath + "/" + repo.path)}/.git; then - mkdir --parents ${esa cfg.cachePath}/${esa repo.path}; - git clone ${esa repo.uri} ${esa (cfg.cachePath + "/" + repo.path)}; + if ! stat ${esa repoCachePath}/.git; then + mkdir --parents ${esa repoCachePath}; + git clone ${esa repo.uri} ${esa repoCachePath}; out_paths=$(mktemp); - nix build ${esa (cfg.cachePath + "/" + repo.path)} --print-out-paths --experimental-features 'nix-command flakes' > "$out_paths"; + nix build ${esa repoCachePath} --print-out-paths --experimental-features 'nix-command flakes' > "$out_paths"; [ "$(wc -l < "$out_paths")" -gt 1 ] && (echo "To many out-paths"; exit 1) out_path="$(cat "$out_paths")"; ln -s "$out_path" ${esa repo.path}; @@ -76,7 +81,7 @@ # Security NoNewPrivileges = true; # Sandboxing (sorted by occurrence in https://www.freedesktop.org/software/systemd/man/systemd.exec.html) - ReadWritePaths = ["${repo.path}" "${cfg.cachePath}/${repo.path}"]; + ReadWritePaths = ["${repo.path}" "${esa repoCachePath}"]; ProtectSystem = "strict"; ProtectHome = true; PrivateTmp = true; |