63 lines
2.1 KiB
Nix
63 lines
2.1 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
service = "ensure_perms";
|
|
cfg = config.holocron.${service};
|
|
|
|
# define variables for paths
|
|
archives_path = "/holocron/archives";
|
|
media_path = "/holocron/media";
|
|
users_path = "/holocron/users";
|
|
in {
|
|
options.holocron.ensure_perms = {
|
|
enable = lib.mkEnableOption "enables perms ensurence script";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
# service to run periodically to reset the perms on all zpools
|
|
# everything works fine without this, just for peace of mind
|
|
# and to clean up the ownership from the arr stack in /holocron/media
|
|
systemd.services.${service} = {
|
|
description = "ensure file permissions for archives, media and user folders";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = pkgs.writeShellScript "ensure_perms" ''
|
|
|
|
# Fix ownership for archives directory
|
|
echo "starting ${archives_path}"
|
|
find "${archives_path}" -type d -exec sh -c 'chown root:archives "$@" chmod 770 "$@"' _ {} +
|
|
find "${archives_path}" -type f -exec sh -c 'chown root:archives "$@" chmod 660 "$@"' _ {} +
|
|
|
|
# Fix ownership for media directory
|
|
echo "starting ${media_path}"
|
|
find "${media_path}" -type d -exec sh -c 'chown root:media "$@" chmod 770 "$@"' _ {} +
|
|
find "${media_path}" -type f -exec sh -c 'chown root:media "$@" chmod 660 "$@"' _ {} +
|
|
|
|
# Fix user directories
|
|
for user_dir in ${users_path}/*; do
|
|
if [ -d "$user_dir" ]; then
|
|
user=$(basename "$user_dir")
|
|
echo "starting $user_dir"
|
|
find "$user_dir" -type d -exec sh -c 'chown $user:$user "$@" chmod 770 "$@"' _ {} +
|
|
find "$user_dir" -type f -exec sh -c 'chown $user:$user "$@" chmod 660 "$@"' _ {} +
|
|
fi
|
|
done
|
|
echo "fin"
|
|
'';
|
|
};
|
|
};
|
|
|
|
systemd.timers.${service} = {
|
|
description = "run script to ensure_perms daily";
|
|
wantedBy = ["timers.target"];
|
|
timerConfig = {
|
|
OnCalendar = "03:30";
|
|
Persistent = true;
|
|
};
|
|
};
|
|
};
|
|
}
|