From 3fee51f7378a523a95e494d160b7562206cf714b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 9 Apr 2019 16:52:17 +0200 Subject: syncthing: fix permissions of keys --- krebs/3modules/syncthing.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index 34879fd3..bfbac1db 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -133,8 +133,16 @@ in systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { preStart = '' - ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"} - ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"} + ${optionalString (cfg.cert != null) '' + cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem + chmod 400 ${config.services.syncthing.dataDir}/cert.pem + ''} + ${optionalString (cfg.key != null) '' + cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem + chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem + chmod 400 ${config.services.syncthing.dataDir}/key.pem + ''} ''; }; -- cgit v1.2.3 From 6c28491768cc6b86c69dd732544a3dbb0801faf4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 11:30:43 +0200 Subject: bepasty: use python3 --- krebs/3modules/bepasty-server.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index e12367b7..0f00cd38 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import ; let - gunicorn = pkgs.pythonPackages.gunicorn; + gunicorn = pkgs.python3Packages.gunicorn; bepasty = pkgs.bepasty; - gevent = pkgs.pythonPackages.gevent; - python = pkgs.pythonPackages.python; + gevent = pkgs.python3Packages.gevent; + python = pkgs.python3Packages.python; cfg = config.krebs.bepasty; out = { -- cgit v1.2.3 From 39fba33bed71c7553da47e56c5e34a0389950c71 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 13:44:39 +0200 Subject: krebs.setuid: propagate env by default --- krebs/3modules/setuid.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 3ba598a4..97cf21cd 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -21,8 +21,8 @@ let default = config._module.args.name; }; envp = mkOption { - type = types.attrsOf types.str; - default = {}; + type = types.nullOr (types.attrsOf types.str); + default = null; }; filename = mkOption { type = mkOptionType { -- cgit v1.2.3 From 7f9b2c6f45ce0ca09c0fe8ba07fab16bf4428f38 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 15:39:40 +0200 Subject: ci: create gcroot only if result exists --- krebs/3modules/ci.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index a47dbe61..244de1a0 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -108,10 +108,12 @@ let name=str(new_step), command=[ "${pkgs.writeDash "build-stepper.sh" '' - set -efu + set -xefu profile=${shell.escape profileRoot}/$build_name result=$("$build_script") - ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + if [ -n "$result" ]; then + ${pkgs.nix}/bin/nix-env -p "$profile" --set "$result" + fi ''}" ], env={ -- cgit v1.2.3 From a224e77dfbb8dc88119891c492651458cfacd39a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 21:41:58 +0200 Subject: lass paste: add p.krebsco.de --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index a3b8cab3..a2548d6c 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -38,6 +38,7 @@ in { io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + p 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; -- cgit v1.2.3 From 4ac7399b75e57bb33a10ed647c34ed64c7bc3877 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 21:54:15 +0200 Subject: bepasty-server: use python2 again --- krebs/3modules/bepasty-server.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 0f00cd38..94a50952 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -2,10 +2,10 @@ with import ; let - gunicorn = pkgs.python3Packages.gunicorn; - bepasty = pkgs.bepasty; - gevent = pkgs.python3Packages.gevent; - python = pkgs.python3Packages.python; + gunicorn = pkgs.python27Packages.gunicorn; + bepasty = pkgs.bepasty.override { python3Packages = pkgs.python27Packages; }; + gevent = pkgs.python27Packages.gevent; + python = pkgs.python27Packages.python; cfg = config.krebs.bepasty; out = { -- cgit v1.2.3 From d0883b3d3e44051fa569f4bc205abc557b0466e2 Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 22:05:48 +0200 Subject: lass: move p from lassul.us to krebsco.de --- krebs/3modules/lass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index a2548d6c..3396c280 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -20,6 +20,7 @@ in { extraZones = { "krebsco.de" = '' cache IN A ${nets.internet.ip4.addr} + p IN A ${nets.internet.ip4.addr} paste IN A ${nets.internet.ip4.addr} prism IN A ${nets.internet.ip4.addr} ''; @@ -38,7 +39,6 @@ in { io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - p 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; -- cgit v1.2.3 From 8058af6c74fca7725393750f3a6653512db6c72e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 14:16:53 +0200 Subject: realwallpaper: reduce log noise --- krebs/3modules/realwallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index cb940efe..a0c00c20 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -78,7 +78,7 @@ let serviceConfig = { Type = "simple"; ExecStart = pkgs.writeDash "generate-wallpaper" '' - set -xeuf + set -euf # usage: getimg FILENAME URL fetch() { -- cgit v1.2.3 From 40f83f1140d9d4cd669d692d594f232be434e654 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:37:28 +0200 Subject: external: add ada.r --- krebs/3modules/external/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index c9715cb8..9bfc920a 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -429,6 +429,17 @@ in { }; }; }; + ada = { + owner = config.krebs.users.filly; + nets = { + wiregrill = { + aliases = [ "ada.w" ]; + wireguard = { + pubkey = "+t0j9j7TZqvSFPzgunnON/ArXVGpMS/L3DldpanLoUk="; + }; + }; + }; + }; }; users = { ciko = { @@ -464,6 +475,8 @@ in { }; miaoski = { }; + filly = { + }; }; } -- cgit v1.2.3 From c4af929d398e9e8bcb9a67644814018451c87d45 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:38:15 +0200 Subject: l shodan.r: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3396c280..1daaffbf 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -240,6 +240,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C"; + syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6"; }; icarus = { cores = 2; -- cgit v1.2.3 From d61f9654f294f4e491e6ff8bb04f34c916d7cf67 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:38:57 +0200 Subject: l daedalus.r: add ublock origin --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1daaffbf..41f3852b 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -39,6 +39,7 @@ in { io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; -- cgit v1.2.3 From 84ad0b0a93eccdef0e4ca05fd4091f014cb1ac25 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 17 Apr 2019 20:45:33 +0200 Subject: krebs.permown: init Derived from lass/3modules/ensure-permissions.nix --- krebs/3modules/default.nix | 1 + krebs/3modules/permown.nix | 74 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 krebs/3modules/permown.nix (limited to 'krebs/3modules') diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 567c077e..4d40f385 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -39,6 +39,7 @@ let ./nixpkgs.nix ./on-failure.nix ./os-release.nix + ./permown.nix ./per-user.nix ./power-action.nix ./Reaktor.nix diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix new file mode 100644 index 00000000..7a86013e --- /dev/null +++ b/krebs/3modules/permown.nix @@ -0,0 +1,74 @@ +with import ; +{ config, pkgs, ... }: { + + options.krebs.permown = mkOption { + default = []; + type = types.listOf (types.submodule { + options = { + directory-mode = mkOption { + default = "=rwx"; + type = types.str; # TODO + }; + file-mode = mkOption { + default = "=rw"; + type = types.str; # TODO + }; + group = mkOption { + apply = x: if x == null then "" else x; + default = null; + type = types.nullOr types.groupname; + }; + owner = mkOption { + type = types.username; + }; + path = mkOption { + type = types.absolute-pathname; + }; + umask = mkOption { + default = "0027"; + type = types.file-mode; + }; + }; + }); + }; + + config.systemd.services = genAttrs' config.krebs.permown (plan: { + name = "permown.${replaceStrings ["/"] ["_"] plan.path}"; + value = { + environment = { + DIR_MODE = plan.directory-mode; + FILE_MODE = plan.file-mode; + OWNER_GROUP = "${plan.owner}:${plan.group}"; + ROOT_PATH = plan.path; + }; + path = [ + pkgs.coreutils + pkgs.findutils + pkgs.inotifyTools + ]; + serviceConfig = { + ExecStart = pkgs.writeDash "permown" '' + set -efu + + find "$ROOT_PATH" -exec chown "$OWNER_GROUP" {} + + find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + + find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + + + inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" | + while read -r path; do + if test -d "$path"; then + exec "$0" "$@" + fi + chown "$OWNER_GROUP" "$path" + chmod "$FILE_MODE" "$path" + done + ''; + Restart = "always"; + RestartSec = 10; + UMask = plan.umask; + }; + wantedBy = [ "multi-user.target" ]; + }; + }); + +} -- cgit v1.2.3 From 520c9ef692d07672aa61c9e69bf34065f5abfbe1 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Apr 2019 01:23:12 +0200 Subject: krebs.permown: listOf -> attrsOf --- krebs/3modules/permown.nix | 83 +++++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 38 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index 7a86013e..1e6471ed 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -2,8 +2,8 @@ with import ; { config, pkgs, ... }: { options.krebs.permown = mkOption { - default = []; - type = types.listOf (types.submodule { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { options = { directory-mode = mkOption { default = "=rwx"; @@ -22,6 +22,7 @@ with import ; type = types.username; }; path = mkOption { + default = config._module.args.name; type = types.absolute-pathname; }; umask = mkOption { @@ -29,46 +30,52 @@ with import ; type = types.file-mode; }; }; - }); + })); }; - config.systemd.services = genAttrs' config.krebs.permown (plan: { - name = "permown.${replaceStrings ["/"] ["_"] plan.path}"; - value = { - environment = { - DIR_MODE = plan.directory-mode; - FILE_MODE = plan.file-mode; - OWNER_GROUP = "${plan.owner}:${plan.group}"; - ROOT_PATH = plan.path; - }; - path = [ - pkgs.coreutils - pkgs.findutils - pkgs.inotifyTools - ]; - serviceConfig = { - ExecStart = pkgs.writeDash "permown" '' - set -efu + config = let + plans = attrValues config.krebs.permown; + in mkIf (plans != []) { + + systemd.services = genAttrs' plans (plan: { + name = "permown.${replaceStrings ["/"] ["_"] plan.path}"; + value = { + environment = { + DIR_MODE = plan.directory-mode; + FILE_MODE = plan.file-mode; + OWNER_GROUP = "${plan.owner}:${plan.group}"; + ROOT_PATH = plan.path; + }; + path = [ + pkgs.coreutils + pkgs.findutils + pkgs.inotifyTools + ]; + serviceConfig = { + ExecStart = pkgs.writeDash "permown" '' + set -efu - find "$ROOT_PATH" -exec chown "$OWNER_GROUP" {} + - find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + - find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + + find "$ROOT_PATH" -exec chown "$OWNER_GROUP" {} + + find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + + find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + - inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" | - while read -r path; do - if test -d "$path"; then - exec "$0" "$@" - fi - chown "$OWNER_GROUP" "$path" - chmod "$FILE_MODE" "$path" - done - ''; - Restart = "always"; - RestartSec = 10; - UMask = plan.umask; + inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" | + while read -r path; do + if test -d "$path"; then + exec "$0" "$@" + fi + chown "$OWNER_GROUP" "$path" + chmod "$FILE_MODE" "$path" + done + ''; + Restart = "always"; + RestartSec = 10; + UMask = plan.umask; + }; + wantedBy = [ "multi-user.target" ]; }; - wantedBy = [ "multi-user.target" ]; - }; - }); + }); + + }; } -- cgit v1.2.3 From bc200e51552207a6d32caca8e57d6d39b06fe3c9 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Apr 2019 01:23:55 +0200 Subject: krebs.permown: mkdirs on activation --- krebs/3modules/permown.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'krebs/3modules') diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index 1e6471ed..f190bf86 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -37,6 +37,12 @@ with import ; plans = attrValues config.krebs.permown; in mkIf (plans != []) { + system.activationScripts.permown = let + mkdir = plan: /* sh */ '' + ${pkgs.coreutils}/bin/mkdir -p ${shell.escape plan.path} + ''; + in concatMapStrings mkdir plans; + systemd.services = genAttrs' plans (plan: { name = "permown.${replaceStrings ["/"] ["_"] plan.path}"; value = { -- cgit v1.2.3 From 87937a5394c15afced7f92dfce31a756bb7a4ae9 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Apr 2019 09:53:31 +0200 Subject: krebs.permown: [] -> {} --- krebs/3modules/permown.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index f190bf86..a3b49b30 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -35,7 +35,7 @@ with import ; config = let plans = attrValues config.krebs.permown; - in mkIf (plans != []) { + in mkIf (plans != {}) { system.activationScripts.permown = let mkdir = plan: /* sh */ '' -- cgit v1.2.3 From 3adcf3a74c00b5e88b8c8c15d6aeb9ab3f9304db Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Apr 2019 10:14:18 +0200 Subject: syncthing: listOf -> attrsOf --- krebs/3modules/syncthing.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix index bfbac1db..897ba1e7 100644 --- a/krebs/3modules/syncthing.nix +++ b/krebs/3modules/syncthing.nix @@ -10,7 +10,7 @@ let addresses = peer.addresses; }) cfg.peers; - folders = map (folder: { + folders = mapAttrsToList ( _: folder: { inherit (folder) path id type; devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers; rescanIntervalS = folder.rescanInterval; @@ -81,17 +81,18 @@ in }; folders = mkOption { - default = []; - type = types.listOf (types.submodule ({ config, ... }: { + default = {}; + type = types.attrsOf (types.submodule ({ config, ... }: { options = { path = mkOption { type = types.absolute-pathname; + default = config._module.args.name; }; id = mkOption { type = types.str; - default = config.path; + default = config._module.args.name; }; peers = mkOption { -- cgit v1.2.3 From 64d6955e5a238016a1c6119516cb07caec4da4e5 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Apr 2019 10:19:10 +0200 Subject: Revert "krebs.permown: [] -> {}" This reverts commit 87937a5394c15afced7f92dfce31a756bb7a4ae9. Thanks for reviewing... --- krebs/3modules/permown.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index a3b49b30..f190bf86 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -35,7 +35,7 @@ with import ; config = let plans = attrValues config.krebs.permown; - in mkIf (plans != {}) { + in mkIf (plans != []) { system.activationScripts.permown = let mkdir = plan: /* sh */ '' -- cgit v1.2.3 From 1bbd53c4599fd1148bdb864f981b6fd4563fb476 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Apr 2019 11:00:56 +0200 Subject: krebs.permown: admit symlinks --- krebs/3modules/permown.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index f190bf86..0f2ba86c 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -61,7 +61,7 @@ with import ; ExecStart = pkgs.writeDash "permown" '' set -efu - find "$ROOT_PATH" -exec chown "$OWNER_GROUP" {} + + find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} + find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + @@ -70,8 +70,10 @@ with import ; if test -d "$path"; then exec "$0" "$@" fi - chown "$OWNER_GROUP" "$path" - chmod "$FILE_MODE" "$path" + chown -h "$OWNER_GROUP" "$path" + if test -f "$path"; then + chmod "$FILE_MODE" "$path" + fi done ''; Restart = "always"; -- cgit v1.2.3 From c082c8d62be63c7acf31de37c4b87a5b5d8118fa Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 18 Apr 2019 11:31:19 +0200 Subject: krebs.permown: use named pipe This commit fixes following issues: 1. reexecution causes stray inotifywait processes 2. errors in the while part renderes the service defunct --- krebs/3modules/permown.nix | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/permown.nix b/krebs/3modules/permown.nix index 0f2ba86c..63adb223 100644 --- a/krebs/3modules/permown.nix +++ b/krebs/3modules/permown.nix @@ -65,17 +65,30 @@ with import ; find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + - inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" | + paths=/tmp/paths + rm -f "$paths" + mkfifo "$paths" + + inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" & + inotifywaitpid=$! + + trap cleanup EXIT + cleanup() { + kill "$inotifywaitpid" + } + while read -r path; do if test -d "$path"; then + cleanup exec "$0" "$@" fi chown -h "$OWNER_GROUP" "$path" if test -f "$path"; then chmod "$FILE_MODE" "$path" fi - done + done < "$paths" ''; + PrivateTemp = true; Restart = "always"; RestartSec = 10; UMask = plan.umask; -- cgit v1.2.3