permown: simplify and fixed issues

This commit is contained in:
Ingolf Wagner 2020-09-08 21:45:42 +02:00
parent 9117901c5e
commit e78edef007
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
6 changed files with 72 additions and 80 deletions

View file

@ -81,16 +81,14 @@
}; };
}; };
# todo not working properly system.permown."/media/syncthing" = {
#systemd.services."permown._media_syncthing" = { owner = "syncthing";
# bindsTo = [ "media.mount" ]; group = "syncthing";
# after = [ "media.mount" ]; };
#}; systemd.services."permown._media_syncthing" = {
#system.permown."/media/syncthing" = { bindsTo = [ "media.mount" ];
# owner = "syncthing"; after = [ "media.mount" ];
# group = "syncthing"; };
# umask = "0003";
#};
systemd.services."syncthing" = { systemd.services."syncthing" = {
bindsTo = [ "media.mount" ]; bindsTo = [ "media.mount" ];
after = [ "media.mount" ]; after = [ "media.mount" ];

View file

@ -42,14 +42,13 @@
}; };
}; };
systemd.services."permown._media" = {
bindsTo = [ "media.mount" ];
after = [ "media.mount" ];
};
system.permown."/media" = { system.permown."/media" = {
owner = "syncthing"; owner = "syncthing";
group = "syncthing"; group = "syncthing";
umask = "0007"; };
systemd.services."permown._media" = {
bindsTo = [ "media.mount" ];
after = [ "media.mount" ];
}; };
systemd.services."syncthing" = { systemd.services."syncthing" = {
bindsTo = [ "media.mount" ]; bindsTo = [ "media.mount" ];

View file

@ -65,4 +65,9 @@
}; };
}; };
}; };
system.permown."/home/palo/music-library" = {
owner = "palo";
group = "users";
};
} }

View file

@ -5,7 +5,6 @@
quota = "100G"; quota = "100G";
allowSubRepos = true; allowSubRepos = true;
authorizedKeys = [ authorizedKeys = [
# todo rename
(lib.fileContents <common_secrets/backup/ssh_rsa.pub>) (lib.fileContents <common_secrets/backup/ssh_rsa.pub>)
(lib.fileContents <assets/ssh/card_rsa.pub>) (lib.fileContents <assets/ssh/card_rsa.pub>)
]; ];

View file

@ -100,17 +100,14 @@
}; };
}; };
# todo now working properly system.permown."/media/syncthing" = {
# ------------------------- owner = "syncthing";
#systemd.services."permown._media_syncthing" = { group = "syncthing";
# bindsTo = [ "media.mount" ]; };
# after = [ "media.mount" ]; systemd.services."permown._media_syncthing" = {
#}; bindsTo = [ "media.mount" ];
#system.permown."/media/syncthing" = { after = [ "media.mount" ];
# owner = "syncthing"; };
# group = "syncthing";
# umask = "0002";
#};
systemd.services."syncthing" = { systemd.services."syncthing" = {
bindsTo = [ "media.mount" ]; bindsTo = [ "media.mount" ];
after = [ "media.mount" ]; after = [ "media.mount" ];

View file

@ -1,6 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
let cfg = config.system.permown;
let
cfg = config.system.permown;
nameGenerator = path: "permown.${replaceStrings [ "/" ] [ "_" ] path}";
in { in {
options.system.permown = mkOption { options.system.permown = mkOption {
@ -10,11 +15,11 @@ in {
options = { options = {
directory-mode = mkOption { directory-mode = mkOption {
default = "=rwx"; default = "=rwx";
type = types.str; # TODO type = types.str;
}; };
file-mode = mkOption { file-mode = mkOption {
default = "=rw"; default = "=rw";
type = types.str; # TODO type = types.str;
}; };
group = mkOption { group = mkOption {
apply = x: if x == null then "" else x; apply = x: if x == null then "" else x;
@ -30,69 +35,58 @@ in {
default = "0027"; default = "0027";
type = types.str; type = types.str;
}; };
timer = mkOption {
default = "hourly";
type = types.str;
description =
"OnCalendar string on how frequent should this command run";
};
}; };
})); }));
}; };
config = let plans = lib.attrValues cfg; config = let plans = lib.attrValues cfg;
in mkIf (plans != [ ]) { in mkIf (plans != [ ]) {
system.activationScripts.permown = let system.activationScripts.permown = let
mkdir = plan: # sh mkdir = { path, ... }: ''
'' ${pkgs.coreutils}/bin/mkdir -p ${path}
${pkgs.coreutils}/bin/mkdir -p ${plan.path} '';
'';
in concatMapStrings mkdir plans; in concatMapStrings mkdir plans;
# genAttrs' = names: f: listToAttrs (map f names); systemd.services = listToAttrs (flip map plans
({ path, directory-mode, file-mode, owner, group, umask, ... }: {
name = nameGenerator path;
value = {
environment = {
DIR_MODE = directory-mode;
FILE_MODE = file-mode;
OWNER_GROUP = "${owner}:${group}";
ROOT_PATH = path;
};
path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ];
serviceConfig = {
ExecStart = pkgs.writers.writeDash "permown" ''
set -efu
find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +
find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
'';
PrivateTmp = true;
Restart = "always";
RestartSec = 10;
UMask = umask;
};
wantedBy = [ "multi-user.target" ];
};
}));
systemd.services = listToAttrs (flip map plans (plan: { systemd.timers = listToAttrs (flip map plans ({ path, timer, ... }: {
name = "permown.${replaceStrings [ "/" ] [ "_" ] plan.path}"; name = nameGenerator path;
value = { value = {
environment = {
DIR_MODE = plan.directory-mode;
FILE_MODE = plan.file-mode;
OWNER_GROUP = "${plan.owner}:${plan.group}";
ROOT_PATH = plan.path;
};
path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ];
serviceConfig = {
ExecStart = pkgs.writers.writeDash "permown" ''
set -efu
find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +
find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
paths=/tmp/paths
rm -f "$paths"
mkfifo "$paths"
inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" &
inotifywaitpid=$!
trap cleanup EXIT
cleanup() {
kill "$inotifywaitpid"
}
while read -r path; do
if test -d "$path"; then
cleanup
exec "$0" "$@"
fi
chown -h "$OWNER_GROUP" "$path"
if test -f "$path"; then
chmod "$FILE_MODE" "$path"
fi
done < "$paths"
'';
PrivateTmp = true;
Restart = "always";
RestartSec = 10;
UMask = plan.umask;
};
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
timerConfig.OnCalendar = timer;
}; };
})); }));