diff options
author | tv <tv@krebsco.de> | 2019-04-13 14:07:30 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2019-04-13 14:07:30 +0200 |
commit | 0430fbbbfeef5f7d6188ec70d7f084ffa1cb1a46 (patch) | |
tree | 38daa64159448bc750de5b3c6692c7e2027ed4c7 /lass/3modules | |
parent | 39fba33bed71c7553da47e56c5e34a0389950c71 (diff) | |
parent | bb2f8b9b920287df33e194a3b62d86669d8e6ddd (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/3modules')
-rw-r--r-- | lass/3modules/default.nix | 1 | ||||
-rw-r--r-- | lass/3modules/ensure-permissions.nix | 66 | ||||
-rw-r--r-- | lass/3modules/screenlock.nix | 9 |
3 files changed, 73 insertions, 3 deletions
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 613c7c8ac..59043aeb1 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,6 +3,7 @@ _: imports = [ ./dnsmasq.nix ./ejabberd + ./ensure-permissions.nix ./folderPerms.nix ./hosts.nix ./mysql-backup.nix diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix new file mode 100644 index 000000000..36edc1127 --- /dev/null +++ b/lass/3modules/ensure-permissions.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + + cfg = config.lass.ensure-permissions; + +in + +{ + options.lass.ensure-permissions = mkOption { + default = []; + type = types.listOf (types.submodule ({ + options = { + + folder = mkOption { + type = types.absolute-pathname; + }; + + owner = mkOption { + # TODO user type + type = types.str; + default = "root"; + }; + + group = mkOption { + # TODO group type + type = types.str; + default = "root"; + }; + + permission = mkOption { + # TODO permission type + type = types.str; + default = "u+rw,g+rw"; + }; + + }; + })); + }; + + config = mkIf (cfg != []) { + + system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' + ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} + '') cfg; + systemd.services = + listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "ensure-perms" '' + ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ + | while IFS= read -r FILE; do + ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null + ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null + done + ''; + }; + }) cfg) + ; + + }; +} diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index 29c3861f2..b5c69b65a 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -13,15 +13,18 @@ let api = { enable = mkEnableOption "screenlock"; command = mkOption { - type = types.str; - default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1"; + type = types.path; + default = pkgs.writeDash "screenlock" '' + ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 + sleep 3 + ''; }; }; imp = { systemd.services.screenlock = { before = [ "sleep.target" ]; - wantedBy = [ "sleep.target" ]; + requiredBy = [ "sleep.target" ]; environment = { DISPLAY = ":${toString config.services.xserver.display}"; }; |