Fix killswitch paths in watchdog scripts, remove replaceStrings workaround

configuration.nix

@@ -14,10 +14,7 @@ let
   cpu-watchdog = pkgs.writeShellApplication {
     name = "cpu-watchdog";
     runtimeInputs = with pkgs; [ procps gawk coreutils util-linux killswitch ];
-    text = builtins.replaceStrings
+    text = builtins.readFile ./scripts/cpu-watchdog;
-      [ "/usr/local/bin/killswitch" ]
-      [ "killswitch" ]
-      (builtins.readFile ./scripts/cpu-watchdog);
   };
 
   egress-watchdog = pkgs.writeShellApplication {
@@ -25,10 +22,7 @@ let
     # Note: -e removed intentionally - grep returns 1 when no matches
     bashOptions = [ "nounset" "pipefail" ];
     runtimeInputs = with pkgs; [ systemd gnugrep coreutils util-linux killswitch gawk ];
-    text = builtins.replaceStrings
+    text = builtins.readFile ./scripts/egress-watchdog;
-      [ "/usr/local/bin/killswitch" ]
-      [ "killswitch" ]
-      (builtins.readFile ./scripts/egress-watchdog);
   };
 
   # ==========================================================================

scripts/cpu-watchdog

@@ -33,7 +33,7 @@ for homedir in /home/*; do
         logger -t cpu-watchdog "User $user at ${pct}% CPU (strike $count/$MAX_STRIKES)"
 
         if [ "$count" -ge "$MAX_STRIKES" ]; then
-            /usr/local/bin/killswitch "$user" "sustained CPU abuse (${pct}%)"
+            killswitch "$user" "sustained CPU abuse (${pct}%)"
             rm -f "$COUNTDIR/$user"
         fi
     else

scripts/egress-watchdog

@@ -41,7 +41,7 @@ while read -r count uid; do
         logger -t egress-watchdog "User $user hit egress limit $count times (strike $strikes/$MAX_STRIKES)"
 
         if [ "$strikes" -ge "$MAX_STRIKES" ]; then
-            /usr/local/bin/killswitch "$user" "egress abuse ($count blocked connections)"
+            killswitch "$user" "egress abuse ($count blocked connections)"
             rm -f "$COUNTDIR/$user"
         fi
     else