summaryrefslogtreecommitdiffstats
path: root/lass/3modules/acl.nix
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2022-01-29 19:14:21 +0100
committerlassulus <lassulus@lassul.us>2022-01-29 19:14:21 +0100
commit57341fa82f22806032e5411261a7bba6d0c5384f (patch)
tree6470b613e5d391f126cb8c437643ac25665c6234 /lass/3modules/acl.nix
parent6f92ab188ea4da4a39456758dca03463a6449494 (diff)
l acl: use a simple unit per path
Diffstat (limited to 'lass/3modules/acl.nix')
-rw-r--r--lass/3modules/acl.nix29
1 files changed, 10 insertions, 19 deletions
diff --git a/lass/3modules/acl.nix b/lass/3modules/acl.nix
index b87ca2e08..81eeae920 100644
--- a/lass/3modules/acl.nix
+++ b/lass/3modules/acl.nix
@@ -1,19 +1,4 @@
{ config, lib, pkgs, ... }: let
- generateACLs = attrs:
- lib.mapAttrsToList (path: rules: pkgs.writeDash "acl-${builtins.baseNameOf path}" ''
- mkdir -p "${path}"
- ${generateRules rules path}
- '') attrs;
-
- generateRules = rules: path:
- lib.concatStrings (
- lib.mapAttrsToList (_: rule: ''
- setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
- ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
- ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))}
- '') rules
- );
-
parents = dir:
if dir == "/" then
[ dir ]
@@ -48,17 +33,23 @@ in {
default = {};
};
config = lib.mkIf (config.lass.acl != {}) {
- systemd.services.set_acl = {
+ systemd.services = lib.mapAttrs' (path: rules: lib.nameValuePair "acl-${lib.replaceChars ["/"] ["_"] path}" {
wantedBy = [ "multi-user.target" ];
path = [
pkgs.acl
pkgs.coreutils
];
serviceConfig = {
- ExecStart = generateACLs config.lass.acl;
+ ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings (
+ lib.mapAttrsToList (_: rule: ''
+ setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
+ ${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
+ ${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))}
+ '') rules
+ ));
RemainAfterExit = true;
- Type = "oneshot";
+ Type = "simple";
};
- };
+ }) config.lass.acl;
};
}