From 853e6b6d2610a9c49bf24c1c29ab59fddad64382 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 19:26:45 +0200
Subject: l: add ensure-permissions module

---
 lass/3modules/default.nix            |  1 +
 lass/3modules/ensure-permissions.nix | 66 ++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 lass/3modules/ensure-permissions.nix

diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 613c7c8a..59043aeb 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,6 +3,7 @@ _:
   imports = [
     ./dnsmasq.nix
     ./ejabberd
+    ./ensure-permissions.nix
     ./folderPerms.nix
     ./hosts.nix
     ./mysql-backup.nix
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix
new file mode 100644
index 00000000..36edc112
--- /dev/null
+++ b/lass/3modules/ensure-permissions.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }: with import <stockholm/lib>;
+
+let
+
+  cfg = config.lass.ensure-permissions;
+
+in
+
+{
+  options.lass.ensure-permissions = mkOption {
+    default = [];
+    type = types.listOf (types.submodule ({
+      options = {
+
+        folder = mkOption {
+          type = types.absolute-pathname;
+        };
+
+        owner = mkOption {
+          # TODO user type
+          type = types.str;
+          default = "root";
+        };
+
+        group = mkOption {
+          # TODO group type
+          type = types.str;
+          default = "root";
+        };
+
+        permission = mkOption {
+          # TODO permission type
+          type = types.str;
+          default = "u+rw,g+rw";
+        };
+
+      };
+    }));
+  };
+
+  config = mkIf (cfg != []) {
+
+  system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
+    ${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
+    ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
+    ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
+  '') cfg;
+    systemd.services =
+      listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          Restart = "always";
+          RestartSec = 10;
+          ExecStart = pkgs.writeDash "ensure-perms" ''
+            ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
+              | while IFS= read -r FILE; do
+                ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
+                ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
+              done
+          '';
+        };
+      }) cfg)
+    ;
+
+  };
+}
-- 
cgit v1.2.3