summaryrefslogtreecommitdiffstats
path: root/lass/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2019-04-13 14:07:30 +0200
committertv <tv@krebsco.de>2019-04-13 14:07:30 +0200
commit0430fbbbfeef5f7d6188ec70d7f084ffa1cb1a46 (patch)
tree38daa64159448bc750de5b3c6692c7e2027ed4c7 /lass/3modules
parent39fba33bed71c7553da47e56c5e34a0389950c71 (diff)
parentbb2f8b9b920287df33e194a3b62d86669d8e6ddd (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/3modules')
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/ensure-permissions.nix66
-rw-r--r--lass/3modules/screenlock.nix9
3 files changed, 73 insertions, 3 deletions
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 613c7c8ac..59043aeb1 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,6 +3,7 @@ _:
imports = [
./dnsmasq.nix
./ejabberd
+ ./ensure-permissions.nix
./folderPerms.nix
./hosts.nix
./mysql-backup.nix
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix
new file mode 100644
index 000000000..36edc1127
--- /dev/null
+++ b/lass/3modules/ensure-permissions.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }: with import <stockholm/lib>;
+
+let
+
+ cfg = config.lass.ensure-permissions;
+
+in
+
+{
+ options.lass.ensure-permissions = mkOption {
+ default = [];
+ type = types.listOf (types.submodule ({
+ options = {
+
+ folder = mkOption {
+ type = types.absolute-pathname;
+ };
+
+ owner = mkOption {
+ # TODO user type
+ type = types.str;
+ default = "root";
+ };
+
+ group = mkOption {
+ # TODO group type
+ type = types.str;
+ default = "root";
+ };
+
+ permission = mkOption {
+ # TODO permission type
+ type = types.str;
+ default = "u+rw,g+rw";
+ };
+
+ };
+ }));
+ };
+
+ config = mkIf (cfg != []) {
+
+ system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
+ ${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
+ ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
+ ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
+ '') cfg;
+ systemd.services =
+ listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Restart = "always";
+ RestartSec = 10;
+ ExecStart = pkgs.writeDash "ensure-perms" ''
+ ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
+ | while IFS= read -r FILE; do
+ ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
+ ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
+ done
+ '';
+ };
+ }) cfg)
+ ;
+
+ };
+}
diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix
index 29c3861f2..b5c69b65a 100644
--- a/lass/3modules/screenlock.nix
+++ b/lass/3modules/screenlock.nix
@@ -13,15 +13,18 @@ let
api = {
enable = mkEnableOption "screenlock";
command = mkOption {
- type = types.str;
- default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1";
+ type = types.path;
+ default = pkgs.writeDash "screenlock" ''
+ ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
+ sleep 3
+ '';
};
};
imp = {
systemd.services.screenlock = {
before = [ "sleep.target" ];
- wantedBy = [ "sleep.target" ];
+ requiredBy = [ "sleep.target" ];
environment = {
DISPLAY = ":${toString config.services.xserver.display}";
};