{ config, pkgs, lib, ... }: with lib; let cfg = config.system.permown; nameGenerator = path: "permown.${replaceStrings [ "/" ] [ "_" ] path}"; in { options.system.permown = mkOption { default = { }; type = with types; attrsOf (submodule ({ config, ... }: { options = { directory-mode = mkOption { default = "=rwx"; type = types.str; }; file-mode = mkOption { default = "=rw"; type = types.str; }; group = mkOption { apply = x: if x == null then "" else x; default = null; type = types.nullOr types.str; }; owner = mkOption { type = types.str; }; path = mkOption { default = config._module.args.name; type = types.path; }; umask = mkOption { default = "0027"; type = types.str; }; timer = mkOption { default = "hourly"; type = types.str; description = "OnCalendar string on how frequent should this command run"; }; }; })); }; config = let plans = lib.attrValues cfg; in mkIf (plans != [ ]) { system.activationScripts.permown = let mkdir = { path, ... }: '' ${pkgs.coreutils}/bin/mkdir -p ${path} ''; in concatMapStrings mkdir plans; systemd.services = listToAttrs (flip map plans ({ path, directory-mode, file-mode, owner, group, umask, ... }: { name = nameGenerator path; value = { environment = { DIR_MODE = directory-mode; FILE_MODE = file-mode; OWNER_GROUP = "${owner}:${group}"; ROOT_PATH = path; }; path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ]; serviceConfig = { ExecStart = pkgs.writers.writeDash "permown" '' set -efu find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} + find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + ''; PrivateTmp = true; Restart = "always"; RestartSec = 10; UMask = umask; }; wantedBy = [ "multi-user.target" ]; }; })); systemd.timers = listToAttrs (flip map plans ({ path, timer, ... }: { name = nameGenerator path; value = { wantedBy = [ "multi-user.target" ]; timerConfig.OnCalendar = timer; }; })); }; }