nixos-config/nixos/modules/system/permown.nix

{ config, pkgs, lib, ... }:

with lib;

let
  cfg = config.system.permown;
  nameGenerator = path: "permown.${replaceStrings [ "/" ] [ "_" ] path}";

in {

  options.system.permown = mkOption {
    default = { };
    type = with types;
      attrsOf (submodule ({ config, ... }: {
        options = {
          directory-mode = mkOption {
            default = "=rwx";
            type = types.str;
          };
          file-mode = mkOption {
            default = "=rw";
            type = types.str;
          };
          group = mkOption {
            apply = x: if x == null then "" else x;
            default = null;
            type = types.nullOr types.str;
          };
          owner = mkOption { type = types.str; };
          path = mkOption {
            default = config._module.args.name;
            type = types.path;
          };
          umask = mkOption {
            default = "0027";
            type = types.str;
          };
          timer = mkOption {
            default = "hourly";
            type = types.str;
            description =
              "OnCalendar string on how frequent should this command run";
          };
        };
      }));
  };

  config = let plans = lib.attrValues cfg;

  in mkIf (plans != [ ]) {

    system.activationScripts.permown = let
      mkdir = { path, ... }: ''
        ${pkgs.coreutils}/bin/mkdir -p ${path}
      '';
    in concatMapStrings mkdir plans;

    systemd.services = listToAttrs (flip map plans
      ({ path, directory-mode, file-mode, owner, group, umask, ... }: {
        name = nameGenerator path;
        value = {
          environment = {
            DIR_MODE = directory-mode;
            FILE_MODE = file-mode;
            OWNER_GROUP = "${owner}:${group}";
            ROOT_PATH = path;
          };
          path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ];
          serviceConfig = {
            ExecStart = pkgs.writers.writeDash "permown" ''
              set -efu
              find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +
              find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +
              find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
            '';
            PrivateTmp = true;
            Restart = "always";
            RestartSec = 10;
            UMask = umask;
          };
          wantedBy = [ "multi-user.target" ];
        };
      }));

    systemd.timers = listToAttrs (flip map plans ({ path, timer, ... }: {
      name = nameGenerator path;
      value = {
        wantedBy = [ "multi-user.target" ];
        timerConfig.OnCalendar = timer;
      };
    }));

  };

}