nixos-config/modules/system/permown.nix
2019-12-20 17:54:26 +13:00

101 lines
2.7 KiB
Nix

{ config, pkgs, lib, ... }:
with lib;
let cfg = config.system.permown;
in {
options.system.permown = mkOption {
default = { };
type = with types;
attrsOf (submodule ({ config, ... }: {
options = {
directory-mode = mkOption {
default = "=rwx";
type = types.str; # TODO
};
file-mode = mkOption {
default = "=rw";
type = types.str; # TODO
};
group = mkOption {
apply = x: if x == null then "" else x;
default = null;
type = types.nullOr types.str;
};
owner = mkOption { type = types.str; };
path = mkOption {
default = config._module.args.name;
type = types.path;
};
umask = mkOption {
default = "0027";
type = types.str;
};
};
}));
};
config = let plans = lib.attrValues cfg;
in mkIf (plans != [ ]) {
system.activationScripts.permown = let
mkdir = plan: # sh
''
${pkgs.coreutils}/bin/mkdir -p ${plan.path}
'';
in concatMapStrings mkdir plans;
# genAttrs' = names: f: listToAttrs (map f names);
systemd.services = listToAttrs (flip map plans (plan: {
name = "permown.${replaceStrings [ "/" ] [ "_" ] plan.path}";
value = {
environment = {
DIR_MODE = plan.directory-mode;
FILE_MODE = plan.file-mode;
OWNER_GROUP = "${plan.owner}:${plan.group}";
ROOT_PATH = plan.path;
};
path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ];
serviceConfig = {
ExecStart = pkgs.writers.writeDash "permown" ''
set -efu
find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} +
find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} +
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
paths=/tmp/paths
rm -f "$paths"
mkfifo "$paths"
inotifywait -mrq -e CREATE --format %w%f "$ROOT_PATH" > "$paths" &
inotifywaitpid=$!
trap cleanup EXIT
cleanup() {
kill "$inotifywaitpid"
}
while read -r path; do
if test -d "$path"; then
cleanup
exec "$0" "$@"
fi
chown -h "$OWNER_GROUP" "$path"
if test -f "$path"; then
chmod "$FILE_MODE" "$path"
fi
done < "$paths"
'';
PrivateTmp = true;
Restart = "always";
RestartSec = 10;
UMask = plan.umask;
};
wantedBy = [ "multi-user.target" ];
};
}));
};
}