diff options
author | makefu <github@syntax-fehler.de> | 2019-04-12 19:28:17 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2019-04-12 19:28:17 +0200 |
commit | 8bea69348ae0f286b395e9087db7d70e6f1a375a (patch) | |
tree | 956a2dfb39f0ca1bb00ba40bd21e18037f1093fb /lass/3modules/ensure-permissions.nix | |
parent | 179e95d0bfc985940d4970d6c1365c2c8e000d0d (diff) | |
parent | 72cd01d104bb61b5a5e28c2c10e0bd2bd55ce681 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/3modules/ensure-permissions.nix')
-rw-r--r-- | lass/3modules/ensure-permissions.nix | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix new file mode 100644 index 000000000..36edc1127 --- /dev/null +++ b/lass/3modules/ensure-permissions.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + cfg = config.lass.ensure-permissions; + +in + +{ + options.lass.ensure-permissions = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + folder = mkOption { + type = types.absolute-pathname; + }; + + owner = mkOption { + # TODO user type + type = types.str; + default = "root"; + }; + + group = mkOption { + # TODO group type + type = types.str; + default = "root"; + }; + + permission = mkOption { + # TODO permission type + type = types.str; + default = "u+rw,g+rw"; + }; + + }; + })); + }; + + config = mkIf (cfg != []) { + + system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' + ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} + '') cfg; + systemd.services = + listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "ensure-perms" '' + ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ + | while IFS= read -r FILE; do + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null + done + ''; + }; + }) cfg) + ; + + }; +} |