57 lines
1.6 KiB
Nix
57 lines
1.6 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: let
|
|
service = "ensure_perms";
|
|
cfg = config.holocron.${service};
|
|
|
|
# define variables for paths
|
|
archives_path = "/holocron/archives";
|
|
media_path = "/holocron/media";
|
|
users_path = "/holocron/users";
|
|
in {
|
|
options.holocron.ensure_perms = {
|
|
enable = lib.mkEnableOption "enables perms ensurence script";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
# service to run periodically to reset the perms on all zpools
|
|
# everything works fine without this, just for peace of mind
|
|
# and to clean up the ownership from the arr stack in /holocron/media
|
|
systemd.services.${service} = {
|
|
description = "ensure file permissions for archives, media and user folders";
|
|
serviceConfig.ExecStart = ''
|
|
#!/bin/bash
|
|
|
|
# Fix ownership for archives directory
|
|
chown -R root:archives ${archives_path}
|
|
chmod -R 2770 ${archives_path}
|
|
|
|
# Fix ownership for media directory
|
|
chown -R root:media ${media_path}
|
|
chmod -R 2770 ${media_path}
|
|
|
|
# Fix user directories
|
|
for user_dir in ${users_path}/*; do
|
|
if [ -d "$user_dir" ]; then
|
|
user=$(basename "$user_dir")
|
|
chown -R "$user:$user" "$user_dir"
|
|
chmod -R 700 "$user_dir"
|
|
fi
|
|
done
|
|
'';
|
|
wantedBy = ["multi-user.target"];
|
|
type = "oneshot";
|
|
};
|
|
|
|
# timer to run the service periodically (e.g., daily)
|
|
systemd.timers.${service} = {
|
|
description = "run script to ensure_perms daily";
|
|
timerConfig.OnCalendar = "daily"; # Can be adjusted to hourly, weekly, etc.
|
|
unit = "${service}.service";
|
|
};
|
|
};
|
|
}
|