summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lass/3modules/folderPerms.nix107
1 files changed, 107 insertions, 0 deletions
diff --git a/lass/3modules/folderPerms.nix b/lass/3modules/folderPerms.nix
new file mode 100644
index 000000000..789fd48dc
--- /dev/null
+++ b/lass/3modules/folderPerms.nix
@@ -0,0 +1,107 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (pkgs)
+ writeScript
+ ;
+
+ inherit (lib)
+ concatMapStringsSep
+ concatStringsSep
+ mkEnableOption
+ mkIf
+ mkOption
+ types
+ ;
+
+ cfg = config.lass.folderPerms;
+
+ out = {
+ options.lass.folderPerms = api;
+ config = mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "folder permissions";
+ permissions = mkOption {
+ type = with types; listOf (submodule ({
+ options = {
+ path = mkOption {
+ type = str;
+ };
+ permission = mkOption {
+ type = nullOr str;
+ example = "755";
+ description = ''
+ basically anything that chmod takes as permission
+ '';
+ default = null;
+ };
+ owner = mkOption {
+ type = nullOr str;
+ example = "root:root";
+ description = ''
+ basically anything that chown takes as owner
+ '';
+ default = null;
+ };
+ recursive = mkOption {
+ type = bool;
+ default = false;
+ };
+ };
+ }));
+ };
+ };
+
+ imp = {
+ systemd.services.lass-folderPerms = {
+ description = "lass-folderPerms";
+ wantedBy = [ "multi-user.target" ];
+
+ path = with pkgs; [
+ coreutils
+ ];
+
+ restartIfChanged = true;
+
+ serviceConfig = {
+ type = "simple";
+ RemainAfterExit = true;
+ Restart = "always";
+ ExecStart = "@${startScript}";
+ };
+ };
+ };
+
+ startScript = writeScript "lass-folderPerms" ''
+ ${concatMapStringsSep "\n" writeCommand cfg.permissions}
+ '';
+
+ writeCommand = fperm:
+ concatStringsSep "\n" [
+ (buildPermission fperm)
+ (buildOwner fperm)
+ ];
+
+ buildPermission = perm:
+ if (perm.permission == null) then
+ ""
+ else
+ if perm.recursive then
+ "chmod -R ${perm.permission} ${perm.path}"
+ else
+ "chmod ${perm.permission} ${perm.path}"
+ ;
+
+ buildOwner = perm:
+ if (perm.owner == null) then
+ ""
+ else
+ if perm.recursive then
+ "chown -R ${perm.owner} ${perm.path}"
+ else
+ "chown ${perm.owner} ${perm.path}"
+ ;
+
+in out