1#!/usr/bin/env bash 2 3set -eu 4set -o pipefail 5 6readonly SERVICE_SRC=/lib/systemd/system/nix-daemon.service 7readonly SERVICE_DEST=/etc/systemd/system/nix-daemon.service 8 9readonly SOCKET_SRC=/lib/systemd/system/nix-daemon.socket 10readonly SOCKET_DEST=/etc/systemd/system/nix-daemon.socket 11 12 13# Path for the systemd override unit file to contain the proxy settings 14readonly SERVICE_OVERRIDE=${SERVICE_DEST}.d/override.conf 15 16create_systemd_override() { 17 header "Configuring proxy for the nix-daemon service" 18 _sudo "create directory for systemd unit override" mkdir -p "$(dirname $SERVICE_OVERRIDE)" 19 cat <<EOF | _sudo "create systemd unit override" tee "$SERVICE_OVERRIDE" 20[Service] 21$1 22EOF 23} 24 25# Gather all non-empty proxy environment variables into a string 26create_systemd_proxy_env() { 27 vars="http_proxy https_proxy ftp_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY" 28 for v in $vars; do 29 if [ "x${!v:-}" != "x" ]; then 30 echo "Environment=${v}=${!v}" 31 fi 32 done 33} 34 35handle_network_proxy() { 36 # Create a systemd unit override with proxy environment variables 37 # if any proxy environment variables are not empty. 38 PROXY_ENV_STRING=$(create_systemd_proxy_env) 39 if [ -n "${PROXY_ENV_STRING}" ]; then 40 create_systemd_override "${PROXY_ENV_STRING}" 41 fi 42} 43 44poly_validate_assumptions() { 45 if [ "$(uname -s)" != "Linux" ]; then 46 failure "This script is for use with Linux!" 47 fi 48} 49 50poly_service_installed_check() { 51 [ "$(systemctl is-enabled nix-daemon.service)" = "linked" ] \ 52 || [ "$(systemctl is-enabled nix-daemon.socket)" = "enabled" ] 53} 54 55poly_service_uninstall_directions() { 56 cat <<EOF 57$1. Delete the systemd service and socket units 58 59 sudo systemctl stop nix-daemon.socket 60 sudo systemctl stop nix-daemon.service 61 sudo systemctl disable nix-daemon.socket 62 sudo systemctl disable nix-daemon.service 63 sudo systemctl daemon-reload 64EOF 65} 66 67poly_service_setup_note() { 68 cat <<EOF 69 - load and start a service (at $SERVICE_DEST 70 and $SOCKET_DEST) for nix-daemon 71 72EOF 73} 74 75poly_configure_nix_daemon_service() { 76 _sudo "to set up the nix-daemon service" \ 77 systemctl link "/nix/var/nix/profiles/default$SERVICE_SRC" 78 79 _sudo "to set up the nix-daemon socket service" \ 80 systemctl enable "/nix/var/nix/profiles/default$SOCKET_SRC" 81 82 handle_network_proxy 83 84 _sudo "to load the systemd unit for nix-daemon" \ 85 systemctl daemon-reload 86 87 _sudo "to start the nix-daemon.socket" \ 88 systemctl start nix-daemon.socket 89 90 _sudo "to start the nix-daemon.service" \ 91 systemctl restart nix-daemon.service 92 93} 94 95poly_group_exists() { 96 getent group "$1" > /dev/null 2>&1 97} 98 99poly_group_id_get() { 100 getent group "$1" | cut -d: -f3 101} 102 103poly_create_build_group() { 104 _sudo "Create the Nix build group, $NIX_BUILD_GROUP_NAME" \ 105 groupadd -g "$NIX_BUILD_GROUP_ID" --system \ 106 "$NIX_BUILD_GROUP_NAME" >&2 107} 108 109poly_user_exists() { 110 getent passwd "$1" > /dev/null 2>&1 111} 112 113poly_user_id_get() { 114 getent passwd "$1" | cut -d: -f3 115} 116 117poly_user_hidden_get() { 118 echo "1" 119} 120 121poly_user_hidden_set() { 122 true 123} 124 125poly_user_home_get() { 126 getent passwd "$1" | cut -d: -f6 127} 128 129poly_user_home_set() { 130 _sudo "in order to give $1 a safe home directory" \ 131 usermod --home "$2" "$1" 132} 133 134poly_user_note_get() { 135 getent passwd "$1" | cut -d: -f5 136} 137 138poly_user_note_set() { 139 _sudo "in order to give $1 a useful comment" \ 140 usermod --comment "$2" "$1" 141} 142 143poly_user_shell_get() { 144 getent passwd "$1" | cut -d: -f7 145} 146 147poly_user_shell_set() { 148 _sudo "in order to prevent $1 from logging in" \ 149 usermod --shell "$2" "$1" 150} 151 152poly_user_in_group_check() { 153 groups "$1" | grep -q "$2" > /dev/null 2>&1 154} 155 156poly_user_in_group_set() { 157 _sudo "Add $1 to the $2 group"\ 158 usermod --append --groups "$2" "$1" 159} 160 161poly_user_primary_group_get() { 162 getent passwd "$1" | cut -d: -f4 163} 164 165poly_user_primary_group_set() { 166 _sudo "to let the nix daemon use this user for builds (this might seem redundant, but there are two concepts of group membership)" \ 167 usermod --gid "$2" "$1" 168 169} 170 171poly_create_build_user() { 172 username=$1 173 uid=$2 174 builder_num=$3 175 176 _sudo "Creating the Nix build user, $username" \ 177 useradd \ 178 --home-dir /var/empty \ 179 --comment "Nix build user $builder_num" \ 180 --gid "$NIX_BUILD_GROUP_ID" \ 181 --groups "$NIX_BUILD_GROUP_NAME" \ 182 --no-user-group \ 183 --system \ 184 --shell /sbin/nologin \ 185 --uid "$uid" \ 186 --password "!" \ 187 "$username" 188} 189