stockholm/lass/3modules/ensure-permissions.nix

{ config, pkgs, ... }: with import <stockholm/lib>;

let

  cfg = config.lass.ensure-permissions;

in

{
  options.lass.ensure-permissions = mkOption {
    default = [];
    type = types.listOf (types.submodule ({
      options = {

        folder = mkOption {
          type = types.absolute-pathname;
        };

        owner = mkOption {
          # TODO user type
          type = types.str;
          default = "root";
        };

        group = mkOption {
          # TODO group type
          type = types.str;
          default = "root";
        };

        permission = mkOption {
          # TODO permission type
          type = types.str;
          default = "u+rw,g+rw";
        };

      };
    }));
  };

  config = mkIf (cfg != []) {

  system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
    ${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
    ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
    ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
  '') cfg;
    systemd.services =
      listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          Restart = "always";
          RestartSec = 10;
          ExecStart = pkgs.writeDash "ensure-perms" ''
            ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
              | while IFS= read -r FILE; do
                ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
                ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
              done
          '';
        };
      }) cfg)
    ;

  };
}
l: add ensure-permissions module 2019-04-07 17:26:45 +00:00			`{ config, pkgs, ... }: with import <stockholm/lib>;`

			`let`

			`cfg = config.lass.ensure-permissions;`

			`in`

			`{`
			`options.lass.ensure-permissions = mkOption {`
			`default = [];`
			`type = types.listOf (types.submodule ({`
			`options = {`

			`folder = mkOption {`
			`type = types.absolute-pathname;`
			`};`

			`owner = mkOption {`
			`# TODO user type`
			`type = types.str;`
			`default = "root";`
			`};`

			`group = mkOption {`
			`# TODO group type`
			`type = types.str;`
			`default = "root";`
			`};`

			`permission = mkOption {`
			`# TODO permission type`
			`type = types.str;`
			`default = "u+rw,g+rw";`
			`};`

			`};`
			`}));`
			`};`

			`config = mkIf (cfg != []) {`

			`system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''`
			`${pkgs.coreutils}/bin/mkdir -p ${plan.folder}`
			`${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}`
			`${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}`
			`'') cfg;`
			`systemd.services =`
			`listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig = {`
			`Restart = "always";`
			`RestartSec = 10;`
			`ExecStart = pkgs.writeDash "ensure-perms" ''`
			`${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \`
			`\| while IFS= read -r FILE; do`
			`${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null`
			`${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null`
			`done`
			`'';`
			`};`
			`}) cfg)`
			`;`

			`};`
			`}`