summaryrefslogtreecommitdiffstats
path: root/lass/3modules/ensure-permissions.nix
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2019-04-09 20:12:06 +0200
committerjeschli <jeschli@gmail.com>2019-04-09 20:12:06 +0200
commita4be985644762dcc2750a366db5780687690ef7d (patch)
tree5bc270cec7c01b986cd146769bc94bf2268c4113 /lass/3modules/ensure-permissions.nix
parentcb03267e0c3fd3bfa4beaa454f8986856a93963f (diff)
parent7e1b197dab13d024ba491c96dc959306324943c0 (diff)
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'lass/3modules/ensure-permissions.nix')
-rw-r--r--lass/3modules/ensure-permissions.nix66
1 files changed, 66 insertions, 0 deletions
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix
new file mode 100644
index 000000000..36edc1127
--- /dev/null
+++ b/lass/3modules/ensure-permissions.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }: with import <stockholm/lib>;
+
+let
+
+ cfg = config.lass.ensure-permissions;
+
+in
+
+{
+ options.lass.ensure-permissions = mkOption {
+ default = [];
+ type = types.listOf (types.submodule ({
+ options = {
+
+ folder = mkOption {
+ type = types.absolute-pathname;
+ };
+
+ owner = mkOption {
+ # TODO user type
+ type = types.str;
+ default = "root";
+ };
+
+ group = mkOption {
+ # TODO group type
+ type = types.str;
+ default = "root";
+ };
+
+ permission = mkOption {
+ # TODO permission type
+ type = types.str;
+ default = "u+rw,g+rw";
+ };
+
+ };
+ }));
+ };
+
+ config = mkIf (cfg != []) {
+
+ system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
+ ${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
+ ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
+ ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
+ '') cfg;
+ systemd.services =
+ listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Restart = "always";
+ RestartSec = 10;
+ ExecStart = pkgs.writeDash "ensure-perms" ''
+ ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
+ | while IFS= read -r FILE; do
+ ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
+ ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
+ done
+ '';
+ };
+ }) cfg)
+ ;
+
+ };
+}