diff options
author | lassulus <lassulus@lassul.us> | 2022-01-29 19:14:21 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2022-01-29 19:14:21 +0100 |
commit | 57341fa82f22806032e5411261a7bba6d0c5384f (patch) | |
tree | 6470b613e5d391f126cb8c437643ac25665c6234 /lass/3modules/acl.nix | |
parent | 6f92ab188ea4da4a39456758dca03463a6449494 (diff) |
l acl: use a simple unit per path
Diffstat (limited to 'lass/3modules/acl.nix')
-rw-r--r-- | lass/3modules/acl.nix | 29 |
1 files changed, 10 insertions, 19 deletions
diff --git a/lass/3modules/acl.nix b/lass/3modules/acl.nix index b87ca2e08..81eeae920 100644 --- a/lass/3modules/acl.nix +++ b/lass/3modules/acl.nix @@ -1,19 +1,4 @@ { config, lib, pkgs, ... }: let - generateACLs = attrs: - lib.mapAttrsToList (path: rules: pkgs.writeDash "acl-${builtins.baseNameOf path}" '' - mkdir -p "${path}" - ${generateRules rules path} - '') attrs; - - generateRules = rules: path: - lib.concatStrings ( - lib.mapAttrsToList (_: rule: '' - setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} - ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} - ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} - '') rules - ); - parents = dir: if dir == "/" then [ dir ] @@ -48,17 +33,23 @@ in { default = {}; }; config = lib.mkIf (config.lass.acl != {}) { - systemd.services.set_acl = { + systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" { wantedBy = [ "multi-user.target" ]; path = [ pkgs.acl pkgs.coreutils ]; serviceConfig = { - ExecStart = generateACLs config.lass.acl; + ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings ( + lib.mapAttrsToList (_: rule: '' + setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path} + ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"} + ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))} + '') rules + )); RemainAfterExit = true; - Type = "oneshot"; + Type = "simple"; }; - }; + }) config.lass.acl; }; } |