nixos-config/modules/system/permown.nix

{ config, pkgs, lib, ... }:
with lib;
let
  cfg = config.system.permown;
in {

  options.system.permown = mkOption {
    default = {};
    type = with types; attrsOf (submodule ({ config, ... }: {
      options = {
        directory-mode = mkOption {
          default = "=rwx";
          type = types.str; # TODO
        };
        file-mode = mkOption {
          default = "=rw";
          type = types.str; # TODO
        };
        group = mkOption {
          apply = x: if x == null then "" else x;
          default = null;
          type = types.nullOr types.str;
        };
        owner = mkOption {
          type = types.str;
        };
        path = mkOption {
          default = config._module.args.name;
          type = types.path;
        };
        umask = mkOption {
          default = "0027";
          type = types.str;
        };
      };
    }));
  };

  config =
    let
      plans = lib.attrValues cfg;
    in
    mkIf (plans != []) {

    system.activationScripts.permown = let
      mkdir = plan: /* sh */ ''
        ${pkgs.coreutils}/bin/mkdir -p ${plan.path}
      '';
    in
    concatMapStrings mkdir plans;


    # genAttrs' = names: f: listToAttrs (map f names);

    systemd.services = listToAttrs (flip map plans (plan: {
      name = "permown.${replaceStrings ["/"] ["_"] plan.path}";
      value = {
        environment = {
          DIR_MODE = plan.directory-mode;
          FILE_MODE = plan.file-mode;
          OWNER_GROUP = "${plan.owner}:${plan.group}";
          ROOT_PATH = plan.path;
        };
        path = [
          pkgs.coreutils
          pkgs.findutils
          pkgs.inotifyTools
        ];
        serviceConfig = {
          ExecStart = pkgs.writers.writeDash "permown" ''
            set -efu

            find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +
            find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +
            find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +

            paths=/tmp/paths
            rm -f "$paths"
            mkfifo "$paths"

            inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" &
            inotifywaitpid=$!

            trap cleanup EXIT
            cleanup() {
              kill "$inotifywaitpid"
            }

            while read -r path; do
              if test -d "$path"; then
                cleanup
                exec "$0" "$@"
              fi
              chown -h "$OWNER_GROUP" "$path"
              if test -f "$path"; then
                chmod "$FILE_MODE" "$path"
              fi
            done < "$paths"
          '';
          PrivateTmp = true;
          Restart = "always";
          RestartSec = 10;
          UMask = plan.umask;
        };
        wantedBy = [ "multi-user.target" ];
      };
    }));

  };

}
init 2019-10-24 02:20:38 +02:00			`{ config, pkgs, lib, ... }:`
			`with lib;`
			`let`
			`cfg = config.system.permown;`
			`in {`

			`options.system.permown = mkOption {`
			`default = {};`
			`type = with types; attrsOf (submodule ({ config, ... }: {`
			`options = {`
			`directory-mode = mkOption {`
			`default = "=rwx";`
			`type = types.str; # TODO`
			`};`
			`file-mode = mkOption {`
			`default = "=rw";`
			`type = types.str; # TODO`
			`};`
			`group = mkOption {`
			`apply = x: if x == null then "" else x;`
			`default = null;`
			`type = types.nullOr types.str;`
			`};`
			`owner = mkOption {`
			`type = types.str;`
			`};`
			`path = mkOption {`
			`default = config._module.args.name;`
			`type = types.path;`
			`};`
			`umask = mkOption {`
			`default = "0027";`
			`type = types.str;`
			`};`
			`};`
			`}));`
			`};`

			`config =`
			`let`
			`plans = lib.attrValues cfg;`
			`in`
			`mkIf (plans != []) {`

			`system.activationScripts.permown = let`
			`mkdir = plan: /* sh */ ''`
			`${pkgs.coreutils}/bin/mkdir -p ${plan.path}`
			`'';`
			`in`
			`concatMapStrings mkdir plans;`


			`# genAttrs' = names: f: listToAttrs (map f names);`

			`systemd.services = listToAttrs (flip map plans (plan: {`
			`name = "permown.${replaceStrings ["/"] ["_"] plan.path}";`
			`value = {`
			`environment = {`
			`DIR_MODE = plan.directory-mode;`
			`FILE_MODE = plan.file-mode;`
			`OWNER_GROUP = "${plan.owner}:${plan.group}";`
			`ROOT_PATH = plan.path;`
			`};`
			`path = [`
			`pkgs.coreutils`
			`pkgs.findutils`
			`pkgs.inotifyTools`
			`];`
			`serviceConfig = {`
			`ExecStart = pkgs.writers.writeDash "permown" ''`
			`set -efu`

			`find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +`
			`find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +`
			`find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +`

			`paths=/tmp/paths`
			`rm -f "$paths"`
			`mkfifo "$paths"`

			`inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" &`
			`inotifywaitpid=$!`

			`trap cleanup EXIT`
			`cleanup() {`
			`kill "$inotifywaitpid"`
			`}`

			`while read -r path; do`
			`if test -d "$path"; then`
			`cleanup`
			`exec "$0" "$@"`
			`fi`
			`chown -h "$OWNER_GROUP" "$path"`
			`if test -f "$path"; then`
			`chmod "$FILE_MODE" "$path"`
			`fi`
			`done < "$paths"`
			`'';`
			`PrivateTmp = true;`
			`Restart = "always";`
			`RestartSec = 10;`
			`UMask = plan.umask;`
			`};`
			`wantedBy = [ "multi-user.target" ];`
			`};`
			`}));`

			`};`

			`}`