diff options
Diffstat (limited to 'lass/3modules')
| -rw-r--r-- | lass/3modules/default.nix | 1 | ||||
| -rw-r--r-- | lass/3modules/ensure-permissions.nix | 66 | ||||
| -rw-r--r-- | lass/3modules/screenlock.nix | 9 | 
3 files changed, 73 insertions, 3 deletions
| diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 613c7c8ac..59043aeb1 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -3,6 +3,7 @@ _:    imports = [      ./dnsmasq.nix      ./ejabberd +    ./ensure-permissions.nix      ./folderPerms.nix      ./hosts.nix      ./mysql-backup.nix diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix new file mode 100644 index 000000000..36edc1127 --- /dev/null +++ b/lass/3modules/ensure-permissions.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; + +let + +  cfg = config.lass.ensure-permissions; + +in + +{ +  options.lass.ensure-permissions = mkOption { +    default = []; +    type = types.listOf (types.submodule ({ +      options = { + +        folder = mkOption { +          type = types.absolute-pathname; +        }; + +        owner = mkOption { +          # TODO user type +          type = types.str; +          default = "root"; +        }; + +        group = mkOption { +          # TODO group type +          type = types.str; +          default = "root"; +        }; + +        permission = mkOption { +          # TODO permission type +          type = types.str; +          default = "u+rw,g+rw"; +        }; + +      }; +    })); +  }; + +  config = mkIf (cfg != []) { + +  system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: '' +    ${pkgs.coreutils}/bin/mkdir -p ${plan.folder} +    ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder} +    ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder} +  '') cfg; +    systemd.services = +      listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" { +        wantedBy = [ "multi-user.target" ]; +        serviceConfig = { +          Restart = "always"; +          RestartSec = 10; +          ExecStart = pkgs.writeDash "ensure-perms" '' +            ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \ +              | while IFS= read -r FILE; do +                ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null +                ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null +              done +          ''; +        }; +      }) cfg) +    ; + +  }; +} diff --git a/lass/3modules/screenlock.nix b/lass/3modules/screenlock.nix index 29c3861f2..b5c69b65a 100644 --- a/lass/3modules/screenlock.nix +++ b/lass/3modules/screenlock.nix @@ -13,15 +13,18 @@ let    api = {      enable = mkEnableOption "screenlock";      command = mkOption { -      type = types.str; -      default = "${pkgs.xlockmore}/bin/xlock -mode life1d -size 1"; +      type = types.path; +      default = pkgs.writeDash "screenlock" '' +        ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 +        sleep 3 +      '';      };    };    imp = {      systemd.services.screenlock = {        before = [ "sleep.target" ]; -      wantedBy = [ "sleep.target" ]; +      requiredBy = [ "sleep.target" ];        environment = {          DISPLAY = ":${toString config.services.xserver.display}";        }; | 
