diff options
| author | tv <tv@krebsco.de> | 2019-04-13 14:07:30 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2019-04-13 14:07:30 +0200 |
| commit | 0430fbbbfeef5f7d6188ec70d7f084ffa1cb1a46 (patch) | |
| tree | 38daa64159448bc750de5b3c6692c7e2027ed4c7 /lass/3modules/ensure-permissions.nix | |
| parent | 39fba33bed71c7553da47e56c5e34a0389950c71 (diff) | |
| parent | bb2f8b9b920287df33e194a3b62d86669d8e6ddd (diff) | |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/3modules/ensure-permissions.nix')
| -rw-r--r-- | lass/3modules/ensure-permissions.nix | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix new file mode 100644 index 000000000..36edc1127 --- /dev/null +++ b/lass/3modules/ensure-permissions.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + cfg = config.lass.ensure-permissions; + +in + +{ + options.lass.ensure-permissions = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + folder = mkOption { + type = types.absolute-pathname; + }; + + owner = mkOption { + # TODO user type + type = types.str; + default = "root"; + }; + + group = mkOption { + # TODO group type + type = types.str; + default = "root"; + }; + + permission = mkOption { + # TODO permission type + type = types.str; + default = "u+rw,g+rw"; + }; + + }; + })); + }; + + config = mkIf (cfg != []) { + + system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' + ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} + '') cfg; + systemd.services = + listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "ensure-perms" '' + ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ + | while IFS= read -r FILE; do + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null + done + ''; + }; + }) cfg) + ; + + }; +} |