1#!/usr/bin/env bash
2
3set -eu
4set -o pipefail
5
6readonly SERVICE_SRC=/lib/systemd/system/nix-daemon.service
7readonly SERVICE_DEST=/etc/systemd/system/nix-daemon.service
8
9readonly SOCKET_SRC=/lib/systemd/system/nix-daemon.socket
10readonly SOCKET_DEST=/etc/systemd/system/nix-daemon.socket
11
12
13# Path for the systemd override unit file to contain the proxy settings
14readonly SERVICE_OVERRIDE=${SERVICE_DEST}.d/override.conf
15
16create_systemd_override() {
17     header "Configuring proxy for the nix-daemon service"
18    _sudo "create directory for systemd unit override" mkdir -p "$(dirname $SERVICE_OVERRIDE)"
19    cat <<EOF | _sudo "create systemd unit override" tee "$SERVICE_OVERRIDE"
20[Service]
21$1
22EOF
23}
24
25# Gather all non-empty proxy environment variables into a string
26create_systemd_proxy_env() {
27    vars="http_proxy https_proxy ftp_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY"
28    for v in $vars; do
29        if [ "x${!v:-}" != "x" ]; then
30            echo "Environment=${v}=${!v}"
31        fi
32    done
33}
34
35handle_network_proxy() {
36    # Create a systemd unit override with proxy environment variables
37    # if any proxy environment variables are not empty.
38    PROXY_ENV_STRING=$(create_systemd_proxy_env)
39    if [ -n "${PROXY_ENV_STRING}" ]; then
40        create_systemd_override "${PROXY_ENV_STRING}"
41    fi
42}
43
44poly_validate_assumptions() {
45    if [ "$(uname -s)" != "Linux" ]; then
46        failure "This script is for use with Linux!"
47    fi
48}
49
50poly_service_installed_check() {
51    [ "$(systemctl is-enabled nix-daemon.service)" = "linked" ] \
52        || [ "$(systemctl is-enabled nix-daemon.socket)" = "enabled" ]
53}
54
55poly_service_uninstall_directions() {
56        cat <<EOF
57$1. Delete the systemd service and socket units
58
59  sudo systemctl stop nix-daemon.socket
60  sudo systemctl stop nix-daemon.service
61  sudo systemctl disable nix-daemon.socket
62  sudo systemctl disable nix-daemon.service
63  sudo systemctl daemon-reload
64EOF
65}
66
67poly_service_setup_note() {
68    cat <<EOF
69 - load and start a service (at $SERVICE_DEST
70   and $SOCKET_DEST) for nix-daemon
71
72EOF
73}
74
75poly_configure_nix_daemon_service() {
76    _sudo "to set up the nix-daemon service" \
77          systemctl link "/nix/var/nix/profiles/default$SERVICE_SRC"
78
79    _sudo "to set up the nix-daemon socket service" \
80          systemctl enable "/nix/var/nix/profiles/default$SOCKET_SRC"
81
82    handle_network_proxy
83
84    _sudo "to load the systemd unit for nix-daemon" \
85          systemctl daemon-reload
86
87    _sudo "to start the nix-daemon.socket" \
88          systemctl start nix-daemon.socket
89
90    _sudo "to start the nix-daemon.service" \
91          systemctl restart nix-daemon.service
92
93}
94
95poly_group_exists() {
96    getent group "$1" > /dev/null 2>&1
97}
98
99poly_group_id_get() {
100    getent group "$1" | cut -d: -f3
101}
102
103poly_create_build_group() {
104    _sudo "Create the Nix build group, $NIX_BUILD_GROUP_NAME" \
105          groupadd -g "$NIX_BUILD_GROUP_ID" --system \
106          "$NIX_BUILD_GROUP_NAME" >&2
107}
108
109poly_user_exists() {
110    getent passwd "$1" > /dev/null 2>&1
111}
112
113poly_user_id_get() {
114    getent passwd "$1" | cut -d: -f3
115}
116
117poly_user_hidden_get() {
118    echo "1"
119}
120
121poly_user_hidden_set() {
122    true
123}
124
125poly_user_home_get() {
126    getent passwd "$1" | cut -d: -f6
127}
128
129poly_user_home_set() {
130    _sudo "in order to give $1 a safe home directory" \
131          usermod --home "$2" "$1"
132}
133
134poly_user_note_get() {
135    getent passwd "$1" | cut -d: -f5
136}
137
138poly_user_note_set() {
139    _sudo "in order to give $1 a useful comment" \
140          usermod --comment "$2" "$1"
141}
142
143poly_user_shell_get() {
144    getent passwd "$1" | cut -d: -f7
145}
146
147poly_user_shell_set() {
148    _sudo "in order to prevent $1 from logging in" \
149          usermod --shell "$2" "$1"
150}
151
152poly_user_in_group_check() {
153    groups "$1" | grep -q "$2" > /dev/null 2>&1
154}
155
156poly_user_in_group_set() {
157    _sudo "Add $1 to the $2 group"\
158          usermod --append --groups "$2" "$1"
159}
160
161poly_user_primary_group_get() {
162    getent passwd "$1" | cut -d: -f4
163}
164
165poly_user_primary_group_set() {
166    _sudo "to let the nix daemon use this user for builds (this might seem redundant, but there are two concepts of group membership)" \
167          usermod --gid "$2" "$1"
168
169}
170
171poly_create_build_user() {
172    username=$1
173    uid=$2
174    builder_num=$3
175
176    _sudo "Creating the Nix build user, $username" \
177          useradd \
178          --home-dir /var/empty \
179          --comment "Nix build user $builder_num" \
180          --gid "$NIX_BUILD_GROUP_ID" \
181          --groups "$NIX_BUILD_GROUP_NAME" \
182          --no-user-group \
183          --system \
184          --shell /sbin/nologin \
185          --uid "$uid" \
186          --password "!" \
187          "$username"
188}
189