1 files changed, 104 insertions, 0 deletions
diff --git a/lass/3modules/folderPerms.nix b/lass/3modules/folderPerms.nix
new file mode 100644
index 000000000..bb0320327
--- /dev/null
+++ b/lass/3modules/folderPerms.nix
@@ -0,0 +1,104 @@
+{ config, lib, pkgs, ... }:
+
+#TODO: implement recursive mode maybe?
+# enable different mods for files and folders
+
+let
+  inherit (pkgs)
+    writeScript
+  ;
+
+  inherit (lib)
+    concatMapStringsSep
+    concatStringsSep
+    mkEnableOption
+    mkIf
+    mkOption
+    types
+  ;
+
+  cfg = config.lass.folderPerms;
+
+  out = {
+    options.lass.folderPerms = api;
+    config = mkIf cfg.enable imp;
+  };
+
+  api = {
+    enable = mkEnableOption "folder permissions";
+    permissions = mkOption {
+      type = with types; listOf (submodule ({
+        options = {
+          path = mkOption {
+            type = str;
+          };
+          permission = mkOption {
+            type = nullOr str;
+            example = "755";
+            description = ''
+              basically anything that chmod takes as permission
+            '';
+            default = null;
+          };
+          owner = mkOption {
+            type = nullOr str;
+            example = "root:root";
+            description = ''
+              basically anything that chown takes as owner
+            '';
+            default = null;
+          };
+        };
+      }));
+    };
+  };
+
+  imp = {
+    systemd.services.lass-folderPerms = {
+      description = "lass-folderPerms";
+      wantedBy = [ "multi-user.target" ];
+
+      path = with pkgs; [
+        coreutils
+      ];
+
+      restartIfChanged = true;
+
+      serviceConfig = {
+        type = "simple";
+        RemainAfterExit = true;
+        Restart = "always";
+        ExecStart = "@${startScript}";
+      };
+    };
+  };
+
+  startScript = writeScript "lass-folderPerms" ''
+    ${concatMapStringsSep "\n" writeCommand cfg.permissions}
+  '';
+
+  writeCommand = fperm:
+    concatStringsSep "\n" [
+      (buildPermission fperm)
+      (buildOwner fperm)
+    ];
+
+  buildPermission = perm:
+    #TODO: create folder maybe
+    #TODO: check if permission is valid
+    if (perm.permission == null) then
+      ""
+    else
+      "chmod ${perm.permission} ${perm.path}"
+  ;
+
+  buildOwner = perm:
+    #TODO: create folder maybe
+    #TODO: check if owner/group valid
+    if (perm.owner == null) then
+      ""
+    else
+      "chown ${perm.owner} ${perm.path}"
+  ;
+
+in out