Escaping special characters inside writeScriptBin script body

Hello there. I’m trying to create a script and provision it, inside the NixOS, but I bumped into some syntax issues. Here’s my script body(sensitive data is replaced with words in triangular braces):

{ pkgs, ... }:

environment.systemPackages = let 
  script = pkgs.writeScriptBin "script" ''
    #!${pkgs.stdenv.shell}
    #!/bin/bash
    export DOMAIN=<domain>
    export CLOUDFLARE_EMAIL=<e-mail>
    export CLOUDFLARE_TOKEN=<token0>
    export HETZNER_TOKEN=<token1>
    export USERNAME=test
    export PASSWORD=<password>

    curl -s -X GET "https://api.cloudflare.com/client/v4/zones" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_zones.json

    export zoneid=$( for i in {0..24}; do jq 'if .result['$i'].name == "'$DOMAIN'" then .result['$i'].id else null end' .cloudflare_zones.json; done | grep -v null | sed -e 's/^"//' -e 's/"$//' )
    curl -X GET "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json" > .cloudflare_records.json

    for i in `seq 0 4`
    do  
        export recordid=$(jq '.result['$i'].id' .cloudflare_records.json | sed -e 's/^"//' -e 's/"$//')
        curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$zoneid/dns_records/$recordid" -H "X-Auth-Email: $CLOUDFLARE_EMAIL" -H "X-Auth-Key: $CLOUDFLARE_TOKEN" -H "Content-Type: application/json"
    done

    curl -H "Authorization: Bearer $HETZNER_TOKEN" 'https://api.hetzner.cloud/v1/servers' > .hetzner_machines.json

    export machineid=$( for i in {0..3}; do jq 'if .servers['$i'].name == "<machine-name>" then .servers['$i'].id else null end' .hetzner_machines.json ; done | grep -v null )
    curl -X DELETE -H "Authorization: Bearer $HETZNER_TOKEN" https://api.hetzner.cloud/v1/servers/$machineid

    DOMAIN=<domain> && CLOUDFLARE_TOKEN=<token1> && HETZNER_TOKEN=<token0> && USERNAME=test && PASSWORD=<password> | bash <(curl -s https://link.to/script.sh)
  '';

in [ script ];

But, while doing nixos-rebuild switch, there’s an error error: syntax error, unexpected '=', expecting $end in the line curl -X DELETE -H "Authorization: Bearer $HETZNER_TOKEN" https://api.hetzner.cloud/v1/servers/$machineid

I suppose, I have something to do with special characters escaping there, but, I’m not sure, what

When I copy and paste your code as is into my editor, it marks the = in line 3.

This is probably because of the missing {} that should enclose the returned attrset.

Have you left them of for simplicity or are they really missing?

After adding {} my editor doesn’t show any further errors in the file and I am not eager to fit that into my config to perhaps see more errors, especially as I do not know all those tokens anyway.

Also please be aware, that your /nix/store is world readable, you probably shouldn’t put secrets or scripts containing them into it.

Just tried surrounding things that go after let in curly braces, like this:


environment.systemPackages = let {
''
...
'';
}

It made no difference :frowning: The same error, the same line

Nope, Not there…

{ pkgs, ... }:

{ # here
  environment.systemPackages = let … in …;
} # and here
1 Like