palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move permown to a separate module

Browse source
This commit is contained in:
Ingolf Wagner 2022-12-18 16:46:20 +01:00
parent 78a1979db5
commit ef775e206b
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
9 changed files with 43 additions and 203 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
flake.lock
View file

@ -378,21 +378,6 @@
} }
}, },
"flake-utils_5": { "flake-utils_5": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"locked": { "locked": {
"lastModified": 1637014545, "lastModified": 1637014545,
"narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=",
@ -407,7 +392,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_7": { "flake-utils_6": {
"locked": { "locked": {
"lastModified": 1631561581, "lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
@ -501,30 +486,9 @@
"type": "github" "type": "github"
} }
}, },
"krops": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1644957911,
"narHash": "sha256-ggie/j7pdBqzDs4W7OiPmhqH9IGbXAbJxGqBdVxA8jA=",
"owner": "Mic92",
"repo": "krops",
"rev": "86fb3d2ee94fd8306231853b323ed8804edf26ec",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "krops",
"type": "github"
}
},
"landingpage": { "landingpage": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
@ -617,7 +581,7 @@
"nixpkgs-fmt": { "nixpkgs-fmt": {
"inputs": { "inputs": {
"fenix": "fenix", "fenix": "fenix",
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_5",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -793,6 +757,26 @@
"type": "github" "type": "github"
} }
}, },
"permown": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1671378217,
"narHash": "sha256-9wls3Nw42vc30iumyEhFVpUdsUpJKNv52hXgreQ+sH0=",
"owner": "mrVanDalo",
"repo": "nixos-module-permown",
"rev": "4c00415d0275a8dc836bc56045cfb80b07188dbe",
"type": "github"
},
"original": {
"owner": "mrVanDalo",
"repo": "nixos-module-permown",
"type": "github"
}
},
"php-extras": { "php-extras": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -811,7 +795,7 @@
}, },
"polygon-art": { "polygon-art": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
@ -886,11 +870,11 @@
"grocy-scanner": "grocy-scanner", "grocy-scanner": "grocy-scanner",
"home-manager": "home-manager", "home-manager": "home-manager",
"home-manager-utils": "home-manager-utils", "home-manager-utils": "home-manager-utils",
"krops": "krops",
"landingpage": "landingpage", "landingpage": "landingpage",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-fmt": "nixpkgs-fmt", "nixpkgs-fmt": "nixpkgs-fmt",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"permown": "permown",
"polygon-art": "polygon-art", "polygon-art": "polygon-art",
"private_assets": "private_assets", "private_assets": "private_assets",
"retiolum": "retiolum", "retiolum": "retiolum",

16
flake.nix
View file

@ -8,10 +8,6 @@
flake = false; flake = false;
}; };
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
krops = {
url = "github:Mic92/krops";
inputs.nixpkgs.follows = "nixpkgs";
};
# colmena # colmena
# ------- # -------
colmena = { colmena = {
@ -51,6 +47,11 @@
url = "github:mrVanDalo/grocy-scanner"; url = "github:mrVanDalo/grocy-scanner";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
permown = {
url = "github:mrVanDalo/nixos-module-permown";
#url = "git+file:///home/palo/dev/nixos/permown";
inputs.nixpkgs.follows = "nixpkgs";
};
private_assets = { private_assets = {
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = false; flake = false;
@ -74,12 +75,12 @@
, grocy-scanner , grocy-scanner
, home-manager , home-manager
, home-manager-utils , home-manager-utils
, krops
, nixpkgs , nixpkgs
, nixpkgs-fmt , nixpkgs-fmt
, nixpkgs-unstable , nixpkgs-unstable
, polygon-art , polygon-art
, private_assets , private_assets
, permown
, secrets , secrets
, sops-nix , sops-nix
, retiolum , retiolum
@ -88,7 +89,6 @@
let let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
writeCommand = krops.packages.${system}.writeCommand;
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" '' pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
# collect all network configurations and save them in the store # collect all network configurations and save them in the store
@ -163,6 +163,7 @@
cluster-module.nixosModules.tinc cluster-module.nixosModules.tinc
(sopsModule name) (sopsModule name)
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
permown.nixosModules.permown
]; ];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
@ -209,7 +210,8 @@
robi = { name, nodes, pkgs, ... }: { robi = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.private"; deployment.targetHost = "${name}.private";
deployment.tags = [ "server" "online" "private" ]; deployment.tags = [ "server" "online" "private" ];
imports = [ ]; imports = [
];
}; };
bobi = { name, nodes, pkgs, ... }: { bobi = { name, nodes, pkgs, ... }: {

2
nixos/machines/bobi/syncthing.nix
View file

@ -35,7 +35,7 @@
}; };
}; };
system.permown."/home/palo/music-library" = { services.permown."/home/palo/music-library" = {
owner = "palo"; owner = "palo";
group = "users"; group = "users";
}; };

2
nixos/machines/mobi/syncthing.nix
View file

@ -35,7 +35,7 @@
}; };
}; };
system.permown."/home/palo/music-library" = { serivces.permown."/home/palo/music-library" = {
owner = "palo"; owner = "palo";
group = "users"; group = "users";
}; };

4
nixos/machines/pepe/syncthing.nix
View file

@ -108,11 +108,11 @@
}; };
}; };
system.permown."/home/syncthing" = { services.permown."/home/syncthing" = {
owner = "syncthing"; owner = "syncthing";
group = "syncthing"; group = "syncthing";
}; };
system.permown."/media/syncthing" = { serivces.permown."/media/syncthing" = {
owner = "syncthing"; owner = "syncthing";
group = "syncthing"; group = "syncthing";
}; };

2
nixos/machines/robi/syncthing.nix
View file

@ -74,7 +74,7 @@
}; };
}; };
system.permown."/media/syncthing" = { services.permown."/media/syncthing" = {
owner = "syncthing"; owner = "syncthing";
group = "syncthing"; group = "syncthing";
umask = "0002"; umask = "0002";

4
nixos/machines/sterni/syncthing.nix
View file

@ -54,12 +54,12 @@
}; };
}; };
system.permown."/home/palo/music-library" = { services.permown."/home/palo/music-library" = {
owner = "palo"; owner = "palo";
group = "users"; group = "users";
}; };
system.permown."/home/palo/finance" = { services.permown."/home/palo/finance" = {
owner = "palo"; owner = "palo";
group = "syncthing"; group = "syncthing";
}; };

1
nixos/modules/default.nix
View file

@ -35,7 +35,6 @@
./system/bluetooth.nix ./system/bluetooth.nix
./system/font.nix ./system/font.nix
./system/mainUser.nix ./system/mainUser.nix
./system/permown.nix
./system/wifi.nix ./system/wifi.nix
./system/x11.nix ./system/x11.nix
./system/on-failure.nix ./system/on-failure.nix

149
nixos/modules/system/permown.nix
View file

@ -1,148 +1,3 @@
{ config, pkgs, lib, ... }: { config, lib, pkgs, ... }:
with lib; { }
let
cfg = config.system.permown;
in
{
options.system.permown = mkOption {
default = { };
type = with types;
attrsOf (submodule ({ config, ... }: {
options = {
directory-mode = mkOption {
default = "=rwx";
type = types.str;
};
file-mode = mkOption {
default = "=rw";
type = types.str;
};
group = mkOption {
apply = x: if x == null then "" else x;
default = null;
type = types.nullOr types.str;
};
keepGoing = mkOption {
default = false;
type = types.bool;
description = ''
Whether to keep going when chowning or chmodding fails.
If set to false, then errors will cause the service to restart
instead.
'';
};
owner = mkOption { type = types.str; };
path = mkOption {
default = config._module.args.name;
type = types.path;
};
umask = mkOption {
default = "0027";
type = types.str;
};
timer = mkOption {
default = "hourly";
type = types.str;
description =
"OnCalendar string on how frequent should this command run";
};
};
}));
};
config =
let
plans = attrValues cfg;
in
mkIf (plans != [ ]) {
system.activationScripts.permown =
let
mkdir = { path, ... }: ''
${pkgs.coreutils}/bin/mkdir -p "${path}"
'';
in
concatMapStrings mkdir plans;
systemd.services =
let
nameGenerator = { path, ... }:
"permown.${replaceStrings [ "/" ] [ "_" ] path}";
serviceDefinition =
{ path, directory-mode, file-mode, owner, group, umask, keepGoing, ... }:
{
environment = {
DIR_MODE = directory-mode;
FILE_MODE = file-mode;
OWNER_GROUP = "${owner}:${group}";
ROOT_PATH = path;
};
path = [
pkgs.coreutils
pkgs.findutils
pkgs.inotifyTools
];
serviceConfig = {
ExecStart =
let
continuable = command:
if keepGoing
then "{ ${command}; } || :"
else command;
in
pkgs.writers.writeDash "permown" ''
set -efu
find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +
find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
paths=/tmp/paths
rm -f "$paths"
mkfifo "$paths"
inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" &
inotifywaitpid=$!
trap cleanup EXIT
cleanup() {
kill "$inotifywaitpid"
}
while read -r path
do
if test -d "$path"; then
cleanup
exec "$0" "$@"
fi
${continuable ''chown -h "$OWNER_GROUP" "$path"''}
if test -f "$path"; then
${continuable ''chmod "$FILE_MODE" "$path"''}
fi
done < "$paths"
'';
PrivateTmp = true;
Restart = "always";
RestartSec = 10;
UMask = umask;
};
wantedBy = [ "multi-user.target" ];
};
in
listToAttrs (map
(plan:
{
name = nameGenerator plan;
value = serviceDefinition plan;
})
plans);
};
}