diff options
author | jeschli <jeschli@gmail.com> | 2019-04-09 20:12:06 +0200 |
---|---|---|
committer | jeschli <jeschli@gmail.com> | 2019-04-09 20:12:06 +0200 |
commit | a4be985644762dcc2750a366db5780687690ef7d (patch) | |
tree | 5bc270cec7c01b986cd146769bc94bf2268c4113 /lass/3modules/ensure-permissions.nix | |
parent | cb03267e0c3fd3bfa4beaa454f8986856a93963f (diff) | |
parent | 7e1b197dab13d024ba491c96dc959306324943c0 (diff) |
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'lass/3modules/ensure-permissions.nix')
-rw-r--r-- | lass/3modules/ensure-permissions.nix | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix new file mode 100644 index 000000000..36edc1127 --- /dev/null +++ b/lass/3modules/ensure-permissions.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + cfg = config.lass.ensure-permissions; + +in + +{ + options.lass.ensure-permissions = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + folder = mkOption { + type = types.absolute-pathname; + }; + + owner = mkOption { + # TODO user type + type = types.str; + default = "root"; + }; + + group = mkOption { + # TODO group type + type = types.str; + default = "root"; + }; + + permission = mkOption { + # TODO permission type + type = types.str; + default = "u+rw,g+rw"; + }; + + }; + })); + }; + + config = mkIf (cfg != []) { + + system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' + ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} + '') cfg; + systemd.services = + listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "ensure-perms" '' + ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ + | while IFS= read -r FILE; do + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null + done + ''; + }; + }) cfg) + ; + + }; +} |