From 09ebdf44fabc0f4a11df971c52cbd041db425094 Mon Sep 17 00:00:00 2001
From: Dominique Martinet <asmadeus@codewreck.org>
Date: Sat, 13 Jan 2024 21:14:28 +0900
Subject: [PATCH] nixos/anki-sync-server: do not use unqualified 'cat' in
 execStart script

Using cat relies on coreutils (or equivalent) being in $PATH, which is
not always true.
We could write ${pkgs.coreutils}/bin/cat but in this case we can get by
with the 'read' builtin

While here, cleanup a bit to avoid the x/bin/x patterns we can easily
avoid:
 - use lib.getExe for anki-sync-server
 - use writeShellScript instead of writeShellScriptBin
---
 nixos/modules/services/misc/anki-sync-server.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/nixos/modules/services/misc/anki-sync-server.nix b/nixos/modules/services/misc/anki-sync-server.nix
index a65382009417..4a6f127e860b 100644
--- a/nixos/modules/services/misc/anki-sync-server.nix
+++ b/nixos/modules/services/misc/anki-sync-server.nix
@@ -16,7 +16,7 @@ with lib; let
     cfg.users;
   usersWithIndexesFile = filter (x: x.user.passwordFile != null) usersWithIndexes;
   usersWithIndexesNoFile = filter (x: x.user.passwordFile == null && x.user.password != null) usersWithIndexes;
-  anki-sync-server-run = pkgs.writeShellScriptBin "anki-sync-server-run" ''
+  anki-sync-server-run = pkgs.writeShellScript "anki-sync-server-run" ''
     # When services.anki-sync-server.users.passwordFile is set,
     # each password file is passed as a systemd credential, which is mounted in
     # a file system exposed to the service. Here we read the passwords from
@@ -25,7 +25,10 @@ with lib; let
     ${
       concatMapStringsSep
       "\n"
-      (x: ''export SYNC_USER${toString x.i}=${escapeShellArg x.user.username}:"''$(cat "''${CREDENTIALS_DIRECTORY}/"${escapeShellArg x.user.username})"'')
+      (x: ''
+        read -r pass < "''${CREDENTIALS_DIRECTORY}/"${escapeShellArg x.user.username}
+        export SYNC_USER${toString x.i}=${escapeShellArg x.user.username}:"$pass"
+      '')
       usersWithIndexesFile
     }
     # For users where services.anki-sync-server.users.password isn't set,
@@ -36,7 +39,7 @@ with lib; let
       (x: ''export SYNC_USER${toString x.i}=${escapeShellArg x.user.username}:${escapeShellArg x.user.password}'')
       usersWithIndexesNoFile
     }
-    exec ${cfg.package}/bin/anki-sync-server
+    exec ${lib.getExe cfg.package}
   '';
 in {
   options.services.anki-sync-server = {
@@ -123,7 +126,7 @@ in {
         Type = "simple";
         DynamicUser = true;
         StateDirectory = name;
-        ExecStart = "${anki-sync-server-run}/bin/anki-sync-server-run";
+        ExecStart = anki-sync-server-run;
         Restart = "always";
         LoadCredential =
           map