diff --git a/flake.lock b/flake.lock index 6aa56cf..a6d9335 100644 --- a/flake.lock +++ b/flake.lock @@ -378,21 +378,6 @@ } }, "flake-utils_5": { - "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { "locked": { "lastModified": 1637014545, "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", @@ -407,7 +392,7 @@ "type": "github" } }, - "flake-utils_7": { + "flake-utils_6": { "locked": { "lastModified": 1631561581, "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", @@ -501,30 +486,9 @@ "type": "github" } }, - "krops": { - "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1644957911, - "narHash": "sha256-ggie/j7pdBqzDs4W7OiPmhqH9IGbXAbJxGqBdVxA8jA=", - "owner": "Mic92", - "repo": "krops", - "rev": "86fb3d2ee94fd8306231853b323ed8804edf26ec", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "krops", - "type": "github" - } - }, "landingpage": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": "nixpkgs_2" }, "locked": { @@ -617,7 +581,7 @@ "nixpkgs-fmt": { "inputs": { "fenix": "fenix", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] @@ -793,6 +757,26 @@ "type": "github" } }, + "permown": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1671378217, + "narHash": "sha256-9wls3Nw42vc30iumyEhFVpUdsUpJKNv52hXgreQ+sH0=", + "owner": "mrVanDalo", + "repo": "nixos-module-permown", + "rev": "4c00415d0275a8dc836bc56045cfb80b07188dbe", + "type": "github" + }, + "original": { + "owner": "mrVanDalo", + "repo": "nixos-module-permown", + "type": "github" + } + }, "php-extras": { "flake": false, "locked": { @@ -811,7 +795,7 @@ }, "polygon-art": { "inputs": { - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_6", "nixpkgs": "nixpkgs_4" }, "locked": { @@ -886,11 +870,11 @@ "grocy-scanner": "grocy-scanner", "home-manager": "home-manager", "home-manager-utils": "home-manager-utils", - "krops": "krops", "landingpage": "landingpage", "nixpkgs": "nixpkgs_3", "nixpkgs-fmt": "nixpkgs-fmt", "nixpkgs-unstable": "nixpkgs-unstable", + "permown": "permown", "polygon-art": "polygon-art", "private_assets": "private_assets", "retiolum": "retiolum", diff --git a/flake.nix b/flake.nix index 599f885..494d46d 100644 --- a/flake.nix +++ b/flake.nix @@ -8,10 +8,6 @@ flake = false; }; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05"; - krops = { - url = "github:Mic92/krops"; - inputs.nixpkgs.follows = "nixpkgs"; - }; # colmena # ------- colmena = { @@ -51,6 +47,11 @@ url = "github:mrVanDalo/grocy-scanner"; inputs.nixpkgs.follows = "nixpkgs"; }; + permown = { + url = "github:mrVanDalo/nixos-module-permown"; + #url = "git+file:///home/palo/dev/nixos/permown"; + inputs.nixpkgs.follows = "nixpkgs"; + }; private_assets = { url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; flake = false; @@ -74,12 +75,12 @@ , grocy-scanner , home-manager , home-manager-utils - , krops , nixpkgs , nixpkgs-fmt , nixpkgs-unstable , polygon-art , private_assets + , permown , secrets , sops-nix , retiolum @@ -88,7 +89,6 @@ let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; - writeCommand = krops.packages.${system}.writeCommand; pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" '' # collect all network configurations and save them in the store @@ -163,6 +163,7 @@ cluster-module.nixosModules.tinc (sopsModule name) home-manager.nixosModules.home-manager + permown.nixosModules.permown ]; home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; @@ -209,7 +210,8 @@ robi = { name, nodes, pkgs, ... }: { deployment.targetHost = "${name}.private"; deployment.tags = [ "server" "online" "private" ]; - imports = [ ]; + imports = [ + ]; }; bobi = { name, nodes, pkgs, ... }: { diff --git a/nixos/machines/bobi/syncthing.nix b/nixos/machines/bobi/syncthing.nix index b65be7e..adc5255 100644 --- a/nixos/machines/bobi/syncthing.nix +++ b/nixos/machines/bobi/syncthing.nix @@ -35,7 +35,7 @@ }; }; - system.permown."/home/palo/music-library" = { + services.permown."/home/palo/music-library" = { owner = "palo"; group = "users"; }; diff --git a/nixos/machines/mobi/syncthing.nix b/nixos/machines/mobi/syncthing.nix index b65be7e..55acd61 100644 --- a/nixos/machines/mobi/syncthing.nix +++ b/nixos/machines/mobi/syncthing.nix @@ -35,7 +35,7 @@ }; }; - system.permown."/home/palo/music-library" = { + serivces.permown."/home/palo/music-library" = { owner = "palo"; group = "users"; }; diff --git a/nixos/machines/pepe/syncthing.nix b/nixos/machines/pepe/syncthing.nix index e945851..4713a85 100644 --- a/nixos/machines/pepe/syncthing.nix +++ b/nixos/machines/pepe/syncthing.nix @@ -108,11 +108,11 @@ }; }; - system.permown."/home/syncthing" = { + services.permown."/home/syncthing" = { owner = "syncthing"; group = "syncthing"; }; - system.permown."/media/syncthing" = { + serivces.permown."/media/syncthing" = { owner = "syncthing"; group = "syncthing"; }; diff --git a/nixos/machines/robi/syncthing.nix b/nixos/machines/robi/syncthing.nix index aa679b3..cc0a17e 100644 --- a/nixos/machines/robi/syncthing.nix +++ b/nixos/machines/robi/syncthing.nix @@ -74,7 +74,7 @@ }; }; - system.permown."/media/syncthing" = { + services.permown."/media/syncthing" = { owner = "syncthing"; group = "syncthing"; umask = "0002"; diff --git a/nixos/machines/sterni/syncthing.nix b/nixos/machines/sterni/syncthing.nix index 6b4267c..e9bcf2a 100644 --- a/nixos/machines/sterni/syncthing.nix +++ b/nixos/machines/sterni/syncthing.nix @@ -54,12 +54,12 @@ }; }; - system.permown."/home/palo/music-library" = { + services.permown."/home/palo/music-library" = { owner = "palo"; group = "users"; }; - system.permown."/home/palo/finance" = { + services.permown."/home/palo/finance" = { owner = "palo"; group = "syncthing"; }; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 104fdb4..cb9dbd1 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -35,7 +35,6 @@ ./system/bluetooth.nix ./system/font.nix ./system/mainUser.nix - ./system/permown.nix ./system/wifi.nix ./system/x11.nix ./system/on-failure.nix diff --git a/nixos/modules/system/permown.nix b/nixos/modules/system/permown.nix index ab63ef5..88d8a3b 100644 --- a/nixos/modules/system/permown.nix +++ b/nixos/modules/system/permown.nix @@ -1,148 +1,3 @@ -{ config, pkgs, lib, ... }: +{ config, lib, pkgs, ... }: -with lib; - -let - - cfg = config.system.permown; - - -in -{ - - options.system.permown = mkOption { - default = { }; - type = with types; - attrsOf (submodule ({ config, ... }: { - options = { - directory-mode = mkOption { - default = "=rwx"; - type = types.str; - }; - file-mode = mkOption { - default = "=rw"; - type = types.str; - }; - group = mkOption { - apply = x: if x == null then "" else x; - default = null; - type = types.nullOr types.str; - }; - keepGoing = mkOption { - default = false; - type = types.bool; - description = '' - Whether to keep going when chowning or chmodding fails. - If set to false, then errors will cause the service to restart - instead. - ''; - }; - owner = mkOption { type = types.str; }; - path = mkOption { - default = config._module.args.name; - type = types.path; - }; - umask = mkOption { - default = "0027"; - type = types.str; - }; - timer = mkOption { - default = "hourly"; - type = types.str; - description = - "OnCalendar string on how frequent should this command run"; - }; - }; - })); - }; - - config = - let - plans = attrValues cfg; - in - mkIf (plans != [ ]) { - system.activationScripts.permown = - let - mkdir = { path, ... }: '' - ${pkgs.coreutils}/bin/mkdir -p "${path}" - ''; - in - concatMapStrings mkdir plans; - - systemd.services = - let - nameGenerator = { path, ... }: - "permown.${replaceStrings [ "/" ] [ "_" ] path}"; - serviceDefinition = - { path, directory-mode, file-mode, owner, group, umask, keepGoing, ... }: - { - environment = { - DIR_MODE = directory-mode; - FILE_MODE = file-mode; - OWNER_GROUP = "${owner}:${group}"; - ROOT_PATH = path; - }; - path = [ - pkgs.coreutils - pkgs.findutils - pkgs.inotifyTools - ]; - serviceConfig = { - ExecStart = - let - continuable = command: - if keepGoing - then "{ ${command}; } || :" - else command; - in - pkgs.writers.writeDash "permown" '' - set -efu - - find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} + - find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + - find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + - - paths=/tmp/paths - rm -f "$paths" - mkfifo "$paths" - - inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" & - inotifywaitpid=$! - - trap cleanup EXIT - cleanup() { - kill "$inotifywaitpid" - } - - while read -r path - do - if test -d "$path"; then - cleanup - exec "$0" "$@" - fi - ${continuable ''chown -h "$OWNER_GROUP" "$path"''} - if test -f "$path"; then - ${continuable ''chmod "$FILE_MODE" "$path"''} - fi - done < "$paths" - ''; - PrivateTmp = true; - Restart = "always"; - RestartSec = 10; - UMask = umask; - }; - wantedBy = [ "multi-user.target" ]; - }; - in - listToAttrs (map - (plan: - { - name = nameGenerator plan; - value = serviceDefinition plan; - }) - plans); - - - }; - -} +{ }