extras/mk-enc-usb.nix

@@ -5,8 +5,7 @@
   writeShellApplication,
 }: let
   encryptedUSBData = import ../data/drives/encryptedUSB.nix;
-in
+in writeShellApplication {
-  writeShellApplication {
   name = "mk-enc-usb";
   runtimeInputs = [
     parted

extras/mk-encrypted-drive.nix

@@ -6,8 +6,7 @@
   writeShellApplication,
 }: let
   driveData = import ../data/drives/encryptedDrive.nix;
-in
+in writeShellApplication {
-  writeShellApplication {
   name = "mk-encrypted-drive";
   runtimeInputs = [
     parted

extras/mk-raspberry-ext-drive.nix

@@ -5,8 +5,7 @@
   writeShellApplication,
 }: let
   externalDriveData = import ../data/drives/raspberryExternalDrive.nix;
-in
+in writeShellApplication {
-  writeShellApplication {
   name = "mk-raspberry-ext-drive";
   runtimeInputs = [
     util-linux

home/musicLibrary.nix

@@ -21,29 +21,6 @@ in {
     '')
   ];
 
-  home.file."Music/music-sync-check.sh" = {
-    executable = true;
-    text = ''
-      #!/usr/bin/env bash
-
-      SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-      cd "''${SCRIPT_DIR}"
-
-      ERROR_LOG=$(mktemp -t music-check-log-XXX)
-
-      echo "Checking StorageBox sync status"
-      if rclone check . Storage:Music --exclude "/*.sh" 2>$ERROR_LOG; then
-        echo "Up to date with StorageBox"
-      else
-        echo "An error occured attempting to check sync status:"
-        cat "$ERROR_LOG"
-        echo
-      fi
-
-      rm "$ERROR_LOG"
-    '';
-  };
-
   home.file."Music/music-sync.sh" = {
     executable = true;
     text = ''
@@ -52,7 +29,7 @@ in {
       SCRIPT_DIR=$( cd -- "$( dirname -- "''${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
       cd "''${SCRIPT_DIR}"
 
-      rclone sync -P . Storage:Music --exclude "/*.sh"
+      rclone sync -P . Storage:Music --exclude music-sync.sh,music-download.sh
       restic-music backup $(fd -t d --max-depth=1 && fd -t f --max-depth=1)
 
       TITLE="chaos's Music Library"

modules/nixos/secretsLib/lib.nix

@@ -306,8 +306,7 @@ in rec {
         then "secrets-init"
         else "secrets-init-${name}";
       scripts = genScripts cfg;
-  in
+    in writeShellApplication {
-    writeShellApplication {
       name = scriptName;
       runtimeInputs = defaultPackages ++ cfg.packages;
       text = scripts.initScript;
@@ -320,8 +319,7 @@ in rec {
         then "secrets-check"
         else "secrets-check-${name}";
       scripts = genScripts cfg;
-  in
+    in writeShellApplication {
-    writeShellApplication {
       name = scriptName;
       runtimeInputs = defaultPackages ++ cfg.checkPackages;
       text = scripts.checkScript;
@@ -346,8 +344,7 @@ in rec {
           capabilities = [${concatStringsSep "," (forEach capabilities escapeString)}]
         }
       '');
-  in
+    in toFile "vault-policy-${name}.hcl" ''
-    toFile "vault-policy-${name}.hcl" ''
       ${concatStringsSep "\n" policies}
     '';
 }

outputs.nix

@@ -202,8 +202,7 @@ in
             (mergeAttrsList (forEach machinesWithContainers (machineName: let
               machine = machines.${machineName};
               inherit (machine) containers;
-            in
+            in mergeAttrsList (forEach containers (containerName: {
-              mergeAttrsList (forEach containers (containerName: {
               "secrets-init-${machineName}-container-${containerName}" = secretsInitScriptForContainer machineName containerName;
               "vault-policy-${machineName}-container-${containerName}" = vaultPolicyForContainer machineName containerName;
             })))))