-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathscripts.nix
More file actions
120 lines (104 loc) · 7.12 KB
/
scripts.nix
File metadata and controls
120 lines (104 loc) · 7.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# ParamantOS — operator scripts
# Each script lives in scripts/*.sh and is read at build time with builtins.readFile.
# This avoids all Nix ''...'' string-escaping issues.
{ pkgs, lib, ... }:
{
environment.systemPackages = [
# ── Setup & diagnostics ────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-setup"
(builtins.readFile ./scripts/paramant-setup.sh))
(pkgs.writeShellScriptBin "paramant-help"
(builtins.readFile ./scripts/paramant-help.sh))
(pkgs.writeShellScriptBin "paramant-info"
(builtins.readFile ./scripts/paramant-info.sh))
(pkgs.writeShellScriptBin "paramant-doctor"
(builtins.readFile ./scripts/paramant-doctor.sh))
# ── Relay control & monitoring ─────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-status"
(builtins.readFile ./scripts/paramant-status.sh))
(pkgs.writeShellScriptBin "paramant-logs"
(builtins.readFile ./scripts/paramant-logs.sh))
(pkgs.writeShellScriptBin "paramant-restart"
(builtins.readFile ./scripts/paramant-restart.sh))
(pkgs.writeShellScriptBin "paramant-dashboard"
(builtins.readFile ./scripts/paramant-dashboard.sh))
# ── API key management ─────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-keys"
(builtins.readFile ./scripts/paramant-keys.sh))
(pkgs.writeShellScriptBin "paramant-key-add"
(builtins.readFile ./scripts/paramant-key-add.sh))
(pkgs.writeShellScriptBin "paramant-key-revoke"
(builtins.readFile ./scripts/paramant-key-revoke.sh))
# ── License ────────────────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-license"
(builtins.readFile ./scripts/paramant-license.sh))
# ── Network ───────────────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-wifi"
(builtins.readFile ./scripts/paramant-wifi.sh))
(pkgs.writeShellScriptBin "paramant-ip"
(builtins.readFile ./scripts/paramant-ip.sh))
(pkgs.writeShellScriptBin "paramant-ports"
(builtins.readFile ./scripts/paramant-ports.sh))
(pkgs.writeShellScriptBin "paramant-scan"
(builtins.readFile ./scripts/paramant-scan.sh))
# ── Security ──────────────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-security"
(builtins.readFile ./scripts/paramant-security.sh))
# ── Sectors ───────────────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-sector-add"
(builtins.readFile ./scripts/paramant-sector-add.sh))
# ── Data management ────────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-export"
(builtins.readFile ./scripts/paramant-export.sh))
(pkgs.writeShellScriptBin "paramant-backup"
(builtins.readFile ./scripts/paramant-backup.sh))
(pkgs.writeShellScriptBin "paramant-restore"
(builtins.readFile ./scripts/paramant-restore.sh))
# ── Maintenance ────────────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-cron"
(builtins.readFile ./scripts/paramant-cron.sh))
(pkgs.writeShellScriptBin "paramant-update"
(builtins.readFile ./scripts/paramant-update.sh))
# ── Security verification ──────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-verify"
(builtins.readFile ./scripts/paramant-verify.sh))
# ── Diagnostics ───────────────────────────────────────────────────────────
(pkgs.writeShellScriptBin "paramant-test"
(builtins.readFile ./scripts/paramant-test.sh))
# ── Installer ─────────────────────────────────────────────────────────────
# paramant-installer: full Python TUI wizard (interactive + unattended)
# paramant-install: legacy bash wrapper kept for muscle memory / docs
(pkgs.writeScriptBin "paramant-installer"
''
#!${pkgs.python3}/bin/python3
${builtins.readFile ./scripts/paramant-installer.py}
'')
(pkgs.writeShellScriptBin "paramant-install"
(builtins.readFile ./scripts/paramant-install.sh))
(pkgs.writeShellScriptBin "paramant-boot-choice"
(builtins.readFile ./scripts/paramant-boot-choice.sh))
];
# ── First-login boot choice / auto-wizard ─────────────────────────────────
# On the installer ISO: shows Install/Live/Shell menu (paramant-boot-choice).
# On an installed system: runs paramant-setup on first login.
# paramant-boot-choice auto-detects which context it is in.
programs.bash.loginShellInit = ''
if [ "$(id -un)" = "paramant" ]; then
paramant-boot-choice
fi
'';
# ── Bash completion ─────────────────────────────────────────────────────────
# Enables Tab completion for all paramant-* commands.
# Type: paramant-<Tab><Tab> to list all commands.
# Type: paramant-setup --<Tab> to see flags.
programs.bash.completion.enable = true;
environment.etc."bash_completion.d/paramant".text =
builtins.readFile ./scripts/paramant-completion.bash;
# ── /etc/paramant/ directory ────────────────────────────────────────────────
# Created at boot so the relay service can write the license env-file there.
systemd.tmpfiles.rules = [
# 0770: root owns, paramant-relay group rw — paramant user is in paramant-relay group
# so paramant-setup/paramant-scan can write license/peers; relay service can read them.
"d /etc/paramant 0770 root paramant-relay -"
];
}