#!/nix/store/l0wlqpbsvh1pgvhcdhw7qkka3d31si7k-bash-5.1-p8/bin/bash

systemConfig='/nix/store/wl1rvmpb3c591q303z3nk1xj7cvcvw81-nixos-system-guardian-22.05.19700101.dirty'

export PATH=/empty
for i in /nix/store/fvprxgcxf4px865gdjd81fbwnxcjrg41-coreutils-9.0 /nix/store/lhambyc1v2c7qzzr5sq7p449xs1j6pg8-gnugrep-3.7 /nix/store/rnx655nq2qs53yb5arv2gapa91r1wsbn-findutils-4.8.0 /nix/store/fmdggb1g7zganhnng3lf42g7p6fyxdig-getent-glibc-2.33-56 /nix/store/c5bd4lrnsck51cll6s14wkp93ni4zj1j-glibc-2.33-56-bin /nix/store/khv33kn327fpdx2311bcjj98kigd2rac-shadow-4.8.1 /nix/store/8hrr221p6qd1zdnnx311bjdfdsbkbmin-net-tools-2.10 /nix/store/j9qg60v12mm5c0s8xnjsb0gl98ap8zlh-util-linux-2.37.2-bin; do
    PATH=$PATH:$i/bin:$i/sbin
done

_status=0
trap "_status=1 _localstatus=\$?" ERR

# Ensure a consistent umask.
umask 0022

#### Activation script snippet bash:
_localstatus=0
mkdir -p /bin
ln -sf /run/current-system/sw/bin/bash /bin/bash


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "bash" "$_localstatus"
fi

#### Activation script snippet specialfs:
_localstatus=0
specialMount() {
  local device="$1"
  local mountPoint="$2"
  local options="$3"
  local fsType="$4"

  if mountpoint -q "$mountPoint"; then
    local options="remount,$options"
  else
    mkdir -m 0755 -p "$mountPoint"
  fi
  mount -t "$fsType" -o "$options" "$device" "$mountPoint"
}
source /nix/store/5ssdb57k8ihg0nvv9ga0qc46dlvniyaw-mounts.sh


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "specialfs" "$_localstatus"
fi

#### Activation script snippet binfmt:
_localstatus=0
mkdir -p -m 0755 /run/binfmt



if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "binfmt" "$_localstatus"
fi

#### Activation script snippet stdio:
_localstatus=0


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "stdio" "$_localstatus"
fi

#### Activation script snippet binsh:
_localstatus=0
# Create the required /bin/sh symlink; otherwise lots of things
# (notably the system() function) won't work.
mkdir -m 0755 -p /bin
ln -sfn "/nix/store/90y23lrznwmkdnczk1dzdsq4m35zj8ww-bash-interactive-5.1-p8/bin/sh" /bin/.sh.tmp
mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "binsh" "$_localstatus"
fi

#### Activation script snippet domain:
_localstatus=0


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "domain" "$_localstatus"
fi

#### Activation script snippet dtc_dynEtcPre:
_localstatus=0
rm -rfv '/etc/nginx'
rm -rfv '/etc/ssl/letsencrypt'
rm -rfv '/etc/netplan'


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "dtc_dynEtcPre" "$_localstatus"
fi

#### Activation script snippet users:
_localstatus=0
install -m 0700 -d /root
install -m 0755 -d /home

/nix/store/c574kdpzmzazki2d311sg58iqafqbkr3-perl-5.34.0-env/bin/perl \
-w /nix/store/8smw5zaclai395bpr5gp5inzdgbkn43h-update-users-groups.pl /nix/store/kgjws633bysn10xkgw9k6ndkb0da1x1v-users-groups.json


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "users" "$_localstatus"
fi

#### Activation script snippet groups:
_localstatus=0


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "groups" "$_localstatus"
fi

#### Activation script snippet etc:
_localstatus=0
# Set up the statically computed bits of /etc.
echo "setting up /etc..."
/nix/store/qlss9csm5p9d75497jqhafh6d6jqnlrv-perl-5.34.0-env/bin/perl /nix/store/cz6na7w751iv7z78fb9ms8hhvnsd0l8z-setup-etc.pl /nix/store/dv955x8h6nfs6w9i5s4rnb7hqi0g8l7j-etc/etc


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "etc" "$_localstatus"
fi

#### Activation script snippet etc_dynEtcPost:
_localstatus=0
echo dyn '/etc/nginx'...
rm -rfv '/etc/nginx'
if [ -e '/etc/static/nginx' ]; then
  for staticFolder in $(find -L '/etc/static/nginx' -type d); do
    actualFolder=${staticFolder/'/etc/static/nginx'/'/var/etc/nginx'}
    mkdir -p "${actualFolder}"
  done
  for staticFile in $(find -L '/etc/static/nginx' -not -type d); do
    actualFile=${staticFile/'/etc/static/nginx'/'/var/etc/nginx'}
    if [ ! -e "${actualFile}" ]; then
      ln -sv "${staticFile}" "${actualFile}"
    fi
  done
else
  echo "WARN: target folder is empty, creating anyways"
  mkdir -p '/var/etc/nginx'
fi
for outFile in $(find -L '/var/etc/nginx' -not -type d); do
  if [ ! -e "${outFile}" ]; then
    rm -fv "${outFile}"
  fi
done
ln -sv '/var/etc/nginx' '/etc/nginx'
echo dyn '/etc/ssl/letsencrypt'...
rm -rfv '/etc/ssl/letsencrypt'
if [ -e '/etc/static/ssl/letsencrypt' ]; then
  for staticFolder in $(find -L '/etc/static/ssl/letsencrypt' -type d); do
    actualFolder=${staticFolder/'/etc/static/ssl/letsencrypt'/'/var/etc/ssl/letsencrypt'}
    mkdir -p "${actualFolder}"
  done
  for staticFile in $(find -L '/etc/static/ssl/letsencrypt' -not -type d); do
    actualFile=${staticFile/'/etc/static/ssl/letsencrypt'/'/var/etc/ssl/letsencrypt'}
    if [ ! -e "${actualFile}" ]; then
      ln -sv "${staticFile}" "${actualFile}"
    fi
  done
else
  echo "WARN: target folder is empty, creating anyways"
  mkdir -p '/var/etc/ssl/letsencrypt'
fi
for outFile in $(find -L '/var/etc/ssl/letsencrypt' -not -type d); do
  if [ ! -e "${outFile}" ]; then
    rm -fv "${outFile}"
  fi
done
ln -sv '/var/etc/ssl/letsencrypt' '/etc/ssl/letsencrypt'
echo dyn '/etc/netplan'...
rm -rfv '/etc/netplan'
if [ -e '/etc/static/netplan' ]; then
  for staticFolder in $(find -L '/etc/static/netplan' -type d); do
    actualFolder=${staticFolder/'/etc/static/netplan'/'/var/etc/netplan'}
    mkdir -p "${actualFolder}"
  done
  for staticFile in $(find -L '/etc/static/netplan' -not -type d); do
    actualFile=${staticFile/'/etc/static/netplan'/'/var/etc/netplan'}
    if [ ! -e "${actualFile}" ]; then
      ln -sv "${staticFile}" "${actualFile}"
    fi
  done
else
  echo "WARN: target folder is empty, creating anyways"
  mkdir -p '/var/etc/netplan'
fi
for outFile in $(find -L '/var/etc/netplan' -not -type d); do
  if [ ! -e "${outFile}" ]; then
    rm -fv "${outFile}"
  fi
done
ln -sv '/var/etc/netplan' '/etc/netplan'


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "etc_dynEtcPost" "$_localstatus"
fi

#### Activation script snippet hostname:
_localstatus=0
hostname "guardian"


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "hostname" "$_localstatus"
fi

#### Activation script snippet installInitScript:
_localstatus=0
ln -fs $systemConfig/init /sbin/init


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "installInitScript" "$_localstatus"
fi

#### Activation script snippet nix:
_localstatus=0
install -m 0755 -d /nix/var/nix/{gcroots,profiles}/per-user

# Subscribe the root user to the NixOS channel by default.
if [ ! -e "/root/.nix-channels" ]; then
    echo "https://nixos.org/channels/nixos-unstable nixos" > "/root/.nix-channels"
fi


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "nix" "$_localstatus"
fi

#### Activation script snippet usrbinenv:
_localstatus=0
mkdir -m 0755 -p /usr/bin
ln -sfn /nix/store/fvprxgcxf4px865gdjd81fbwnxcjrg41-coreutils-9.0/bin/env /usr/bin/.env.tmp
mv /usr/bin/.env.tmp /usr/bin/env # atomically replace /usr/bin/env


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "usrbinenv" "$_localstatus"
fi

#### Activation script snippet var:
_localstatus=0
# Various log/runtime directories.

mkdir -m 1777 -p /var/tmp

# Empty, immutable home directory of many system accounts.
mkdir -p /var/empty
# Make sure it's really empty
/nix/store/6jx018s11y5y8q61187yxmg0p4jpb461-e2fsprogs-1.46.4-bin/bin/chattr -f -i /var/empty || true
find /var/empty -mindepth 1 -delete
chmod 0555 /var/empty
chown root:root /var/empty
/nix/store/6jx018s11y5y8q61187yxmg0p4jpb461-e2fsprogs-1.46.4-bin/bin/chattr -f +i /var/empty || true


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "var" "$_localstatus"
fi

#### Activation script snippet wrappers:
_localstatus=0
chmod 755 "/run/wrappers"

# We want to place the tmpdirs for the wrappers to the parent dir.
wrapperDir=$(mktemp --directory --tmpdir="/run/wrappers" wrappers.XXXXXXXXXX)
chmod a+rx "$wrapperDir"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/apps.plugin"
echo -n "/nix/store/xhpf0hh6017yayjds6x04hnqm8my7awf-netdata-1.31.0/libexec/netdata/plugins.d/apps.plugin.org" > "$wrapperDir/apps.plugin.real"

# Prevent races
chmod 0000 "$wrapperDir/apps.plugin"
chown netdata.netdata "$wrapperDir/apps.plugin"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/6kffpwxq4630g42xwx8s5qdzn993r4yi-libcap-2.49/bin/setcap "cap_setpcap,cap_dac_read_search,cap_sys_ptrace+ep" "$wrapperDir/apps.plugin"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/apps.plugin"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/cgroup-network"
echo -n "/nix/store/xhpf0hh6017yayjds6x04hnqm8my7awf-netdata-1.31.0/libexec/netdata/plugins.d/cgroup-network.org" > "$wrapperDir/cgroup-network.real"

# Prevent races
chmod 0000 "$wrapperDir/cgroup-network"
chown netdata.netdata "$wrapperDir/cgroup-network"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/6kffpwxq4630g42xwx8s5qdzn993r4yi-libcap-2.49/bin/setcap "cap_setpcap,cap_setuid+ep" "$wrapperDir/cgroup-network"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/cgroup-network"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/chsh"
echo -n "/nix/store/khv33kn327fpdx2311bcjj98kigd2rac-shadow-4.8.1/bin/chsh" > "$wrapperDir/chsh.real"

# Prevent races
chmod 0000 "$wrapperDir/chsh"
chown root.root "$wrapperDir/chsh"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/chsh"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/dbus-daemon-launch-helper"
echo -n "/nix/store/am952qxrg0g276kk2cfyyj0pdrzdagwl-dbus-1.12.20/libexec/dbus-daemon-launch-helper" > "$wrapperDir/dbus-daemon-launch-helper.real"

# Prevent races
chmod 0000 "$wrapperDir/dbus-daemon-launch-helper"
chown root.messagebus "$wrapperDir/dbus-daemon-launch-helper"

chmod "u+s,g-s,u+rx,g+rx,o-rx" "$wrapperDir/dbus-daemon-launch-helper"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/freeipmi.plugin"
echo -n "/nix/store/xhpf0hh6017yayjds6x04hnqm8my7awf-netdata-1.31.0/libexec/netdata/plugins.d/freeipmi.plugin.org" > "$wrapperDir/freeipmi.plugin.real"

# Prevent races
chmod 0000 "$wrapperDir/freeipmi.plugin"
chown netdata.netdata "$wrapperDir/freeipmi.plugin"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/6kffpwxq4630g42xwx8s5qdzn993r4yi-libcap-2.49/bin/setcap "cap_setpcap,cap_dac_override,cap_fowner+ep" "$wrapperDir/freeipmi.plugin"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/freeipmi.plugin"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/fusermount"
echo -n "/nix/store/mpzj2rc43m3v6xcqynmnxx26haqkcxw7-fuse-2.9.9/bin/fusermount" > "$wrapperDir/fusermount.real"

# Prevent races
chmod 0000 "$wrapperDir/fusermount"
chown root.root "$wrapperDir/fusermount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/fusermount"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/fusermount3"
echo -n "/nix/store/4n9j735xmz5zc3xvc3vljngh0y7cl4g3-fuse-3.10.5/bin/fusermount3" > "$wrapperDir/fusermount3.real"

# Prevent races
chmod 0000 "$wrapperDir/fusermount3"
chown root.root "$wrapperDir/fusermount3"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/fusermount3"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/mount"
echo -n "/nix/store/j9qg60v12mm5c0s8xnjsb0gl98ap8zlh-util-linux-2.37.2-bin/bin/mount" > "$wrapperDir/mount.real"

# Prevent races
chmod 0000 "$wrapperDir/mount"
chown root.root "$wrapperDir/mount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/mount"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/newgidmap"
echo -n "/nix/store/khv33kn327fpdx2311bcjj98kigd2rac-shadow-4.8.1/bin/newgidmap" > "$wrapperDir/newgidmap.real"

# Prevent races
chmod 0000 "$wrapperDir/newgidmap"
chown root.root "$wrapperDir/newgidmap"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newgidmap"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/newgrp"
echo -n "/nix/store/khv33kn327fpdx2311bcjj98kigd2rac-shadow-4.8.1/bin/newgrp" > "$wrapperDir/newgrp.real"

# Prevent races
chmod 0000 "$wrapperDir/newgrp"
chown root.root "$wrapperDir/newgrp"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newgrp"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/newuidmap"
echo -n "/nix/store/khv33kn327fpdx2311bcjj98kigd2rac-shadow-4.8.1/bin/newuidmap" > "$wrapperDir/newuidmap.real"

# Prevent races
chmod 0000 "$wrapperDir/newuidmap"
chown root.root "$wrapperDir/newuidmap"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/newuidmap"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/passwd"
echo -n "/nix/store/khv33kn327fpdx2311bcjj98kigd2rac-shadow-4.8.1/bin/passwd" > "$wrapperDir/passwd.real"

# Prevent races
chmod 0000 "$wrapperDir/passwd"
chown root.root "$wrapperDir/passwd"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/passwd"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/perf.plugin"
echo -n "/nix/store/xhpf0hh6017yayjds6x04hnqm8my7awf-netdata-1.31.0/libexec/netdata/plugins.d/perf.plugin.org" > "$wrapperDir/perf.plugin.real"

# Prevent races
chmod 0000 "$wrapperDir/perf.plugin"
chown netdata.netdata "$wrapperDir/perf.plugin"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/6kffpwxq4630g42xwx8s5qdzn993r4yi-libcap-2.49/bin/setcap "cap_setpcap,cap_sys_admin+ep" "$wrapperDir/perf.plugin"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/perf.plugin"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/ping"
echo -n "/nix/store/is3vrx29xxp60jrbf0dp31nw4glw9swr-iputils-20210722/bin/ping" > "$wrapperDir/ping.real"

# Prevent races
chmod 0000 "$wrapperDir/ping"
chown root.root "$wrapperDir/ping"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/6kffpwxq4630g42xwx8s5qdzn993r4yi-libcap-2.49/bin/setcap "cap_setpcap,cap_net_raw+p" "$wrapperDir/ping"

# Set the executable bit
chmod u+rx,g+x,o+x "$wrapperDir/ping"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/pkexec"
echo -n "/nix/store/7lm9xwmslsz3g5g5j48gpgv9apbv1i5a-polkit-0.120-bin/bin/pkexec" > "$wrapperDir/pkexec.real"

# Prevent races
chmod 0000 "$wrapperDir/pkexec"
chown root.root "$wrapperDir/pkexec"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/pkexec"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/polkit-agent-helper-1"
echo -n "/nix/store/f36nscads0plr02yw3dzlbxwyj3206ip-polkit-0.120/lib/polkit-1/polkit-agent-helper-1" > "$wrapperDir/polkit-agent-helper-1.real"

# Prevent races
chmod 0000 "$wrapperDir/polkit-agent-helper-1"
chown root.root "$wrapperDir/polkit-agent-helper-1"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/polkit-agent-helper-1"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/sg"
echo -n "/nix/store/khv33kn327fpdx2311bcjj98kigd2rac-shadow-4.8.1/bin/sg" > "$wrapperDir/sg.real"

# Prevent races
chmod 0000 "$wrapperDir/sg"
chown root.root "$wrapperDir/sg"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sg"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/slabinfo.plugin"
echo -n "/nix/store/xhpf0hh6017yayjds6x04hnqm8my7awf-netdata-1.31.0/libexec/netdata/plugins.d/slabinfo.plugin.org" > "$wrapperDir/slabinfo.plugin.real"

# Prevent races
chmod 0000 "$wrapperDir/slabinfo.plugin"
chown netdata.netdata "$wrapperDir/slabinfo.plugin"

# Set desired capabilities on the file plus cap_setpcap so
# the wrapper program can elevate the capabilities set on
# its file into the Ambient set.
/nix/store/6kffpwxq4630g42xwx8s5qdzn993r4yi-libcap-2.49/bin/setcap "cap_setpcap,cap_dac_override+ep" "$wrapperDir/slabinfo.plugin"

# Set the executable bit
chmod u+rx,g+x,o-rwx "$wrapperDir/slabinfo.plugin"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/su"
echo -n "/nix/store/59z53l3k43ix5ywxv3wm37sj5h5ay7gj-shadow-4.8.1-su/bin/su" > "$wrapperDir/su.real"

# Prevent races
chmod 0000 "$wrapperDir/su"
chown root.root "$wrapperDir/su"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/su"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/sudo"
echo -n "/nix/store/x8cbqswrp0v9n94jbvmdsp30s4qdcyfh-sudo-1.9.7p2/bin/sudo" > "$wrapperDir/sudo.real"

# Prevent races
chmod 0000 "$wrapperDir/sudo"
chown root.root "$wrapperDir/sudo"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sudo"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/sudoedit"
echo -n "/nix/store/x8cbqswrp0v9n94jbvmdsp30s4qdcyfh-sudo-1.9.7p2/bin/sudoedit" > "$wrapperDir/sudoedit.real"

# Prevent races
chmod 0000 "$wrapperDir/sudoedit"
chown root.root "$wrapperDir/sudoedit"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/sudoedit"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/umount"
echo -n "/nix/store/j9qg60v12mm5c0s8xnjsb0gl98ap8zlh-util-linux-2.37.2-bin/bin/umount" > "$wrapperDir/umount.real"

# Prevent races
chmod 0000 "$wrapperDir/umount"
chown root.root "$wrapperDir/umount"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/umount"

cp /nix/store/9il36wasldws1w6rc54ipffdwxvbibyp-security-wrapper/bin/security-wrapper "$wrapperDir/unix_chkpwd"
echo -n "/nix/store/3g6fhn6pplnfjz8m4mzg500sj2y86fzp-linux-pam-1.5.1/sbin/unix_chkpwd.orig" > "$wrapperDir/unix_chkpwd.real"

# Prevent races
chmod 0000 "$wrapperDir/unix_chkpwd"
chown root.root "$wrapperDir/unix_chkpwd"

chmod "u+s,g-s,u+rx,g+x,o+x" "$wrapperDir/unix_chkpwd"


if [ -L /run/wrappers/bin ]; then
  # Atomically replace the symlink
  # See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
  old=$(readlink -f /run/wrappers/bin)
  if [ -e "/run/wrappers/bin-tmp" ]; then
    rm --force --recursive "/run/wrappers/bin-tmp"
  fi
  ln --symbolic --force --no-dereference "$wrapperDir" "/run/wrappers/bin-tmp"
  mv --no-target-directory "/run/wrappers/bin-tmp" "/run/wrappers/bin"
  rm --force --recursive "$old"
else
  # For initial setup
  ln --symbolic "$wrapperDir" "/run/wrappers/bin"
fi


if (( _localstatus > 0 )); then
  printf "Activation script snippet '%s' failed (%s)\n" "wrappers" "$_localstatus"
fi


# Make this configuration the current configuration.
# The readlink is there to ensure that when $systemConfig = /system
# (which is a symlink to the store), /run/current-system is still
# used as a garbage collection root.
ln -sfn "$(readlink -f "$systemConfig")" /run/current-system

# Prevent the current configuration from being garbage-collected.
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system

exit $_status

