update permown

This commit is contained in:
Ingolf Wagner 2022-10-18 08:42:24 +02:00
parent f05aa81847
commit 48a22d3999
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B

View file

@ -3,8 +3,9 @@
with lib; with lib;
let let
cfg = config.system.permown; cfg = config.system.permown;
nameGenerator = path: "permown.${replaceStrings [ "/" ] [ "_" ] path}";
in in
{ {
@ -27,6 +28,15 @@ in
default = null; default = null;
type = types.nullOr types.str; type = types.nullOr types.str;
}; };
keepGoing = mkOption {
default = false;
type = types.bool;
description = ''
Whether to keep going when chowning or chmodding fails.
If set to false, then errors will cause the service to restart
instead.
'';
};
owner = mkOption { type = types.str; }; owner = mkOption { type = types.str; };
path = mkOption { path = mkOption {
default = config._module.args.name; default = config._module.args.name;
@ -47,52 +57,91 @@ in
}; };
config = config =
let plans = lib.attrValues cfg; let
plans = attrValues cfg;
in mkIf (plans != [ ]) { in
mkIf (plans != [ ]) {
system.activationScripts.permown = system.activationScripts.permown =
let let
mkdir = { path, ... }: '' mkdir = { path, ... }: ''
${pkgs.coreutils}/bin/mkdir -p ${path} ${pkgs.coreutils}/bin/mkdir -p "${path}"
''; '';
in in
concatMapStrings mkdir plans; concatMapStrings mkdir plans;
systemd.services = listToAttrs (flip map plans systemd.services =
({ path, directory-mode, file-mode, owner, group, umask, ... }: { let
name = nameGenerator path; nameGenerator = { path, ... }:
value = { "permown.${replaceStrings [ "/" ] [ "_" ] path}";
serviceDefinition =
{ path, directory-mode, file-mode, owner, group, umask, keepGoing, ... }:
{
environment = { environment = {
DIR_MODE = directory-mode; DIR_MODE = directory-mode;
FILE_MODE = file-mode; FILE_MODE = file-mode;
OWNER_GROUP = "${owner}:${group}"; OWNER_GROUP = "${owner}:${group}";
ROOT_PATH = path; ROOT_PATH = path;
}; };
path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ]; path = [
pkgs.coreutils
pkgs.findutils
pkgs.inotifyTools
];
serviceConfig = { serviceConfig = {
ExecStart = pkgs.writers.writeDash "permown" '' ExecStart =
let
continuable = command:
if keepGoing
then "{ ${command}; } || :"
else command;
in
pkgs.writers.writeDash "permown" ''
set -efu set -efu
find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} + find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +
find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
paths=/tmp/paths
rm -f "$paths"
mkfifo "$paths"
inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" &
inotifywaitpid=$!
trap cleanup EXIT
cleanup() {
kill "$inotifywaitpid"
}
while read -r path
do
if test -d "$path"; then
cleanup
exec "$0" "$@"
fi
${continuable ''chown -h "$OWNER_GROUP" "$path"''}
if test -f "$path"; then
${continuable ''chmod "$FILE_MODE" "$path"''}
fi
done < "$paths"
''; '';
PrivateTmp = true; PrivateTmp = true;
#Restart = "always"; Restart = "always";
#RestartSec = 10; RestartSec = 10;
UMask = umask; UMask = umask;
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
})); in
listToAttrs (map
(plan:
{
name = nameGenerator plan;
value = serviceDefinition plan;
})
plans);
systemd.timers = listToAttrs (flip map plans ({ path, timer, ... }: {
name = nameGenerator path;
value = {
wantedBy = [ "multi-user.target" ];
timerConfig.OnCalendar = timer;
};
}));
}; };