blob: 36edc1127e4b21abf981146d123e7539ca983907 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
{ config, pkgs, ... }: with import <stockholm/lib>;
let
cfg = config.lass.ensure-permissions;
in
{
options.lass.ensure-permissions = mkOption {
default = [];
type = types.listOf (types.submodule ({
options = {
folder = mkOption {
type = types.absolute-pathname;
};
owner = mkOption {
# TODO user type
type = types.str;
default = "root";
};
group = mkOption {
# TODO group type
type = types.str;
default = "root";
};
permission = mkOption {
# TODO permission type
type = types.str;
default = "u+rw,g+rw";
};
};
}));
};
config = mkIf (cfg != []) {
system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
'') cfg;
systemd.services =
listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Restart = "always";
RestartSec = 10;
ExecStart = pkgs.writeDash "ensure-perms" ''
${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
| while IFS= read -r FILE; do
${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
done
'';
};
}) cfg)
;
};
}
|