summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/mors/config.nix15
-rw-r--r--lass/2configs/green-host.nix13
-rw-r--r--lass/2configs/radio.nix15
-rw-r--r--lass/2configs/sync/decsync.nix15
-rw-r--r--lass/2configs/sync/weechat.nix12
-rw-r--r--lass/2configs/syncthing.nix20
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lass/3modules/ensure-permissions.nix66
8 files changed, 49 insertions, 108 deletions
diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix
index 7e183f40f..f911b79d6 100644
--- a/lass/1systems/mors/config.nix
+++ b/lass/1systems/mors/config.nix
@@ -49,12 +49,15 @@ with import <stockholm/lib>;
];
}
{
- krebs.syncthing.folders = [
- { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders."the_playlist" = {
+ path = "/home/lass/tmp/the_playlist";
+ peers = [ "mors" "phone" "prism" ];
+ };
+ krebs.permown."/home/lass/tmp/the_playlist" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
{
lass.umts = {
diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix
index 860d7c113..1421eede7 100644
--- a/lass/2configs/green-host.nix
+++ b/lass/2configs/green-host.nix
@@ -20,13 +20,12 @@ with import <stockholm/lib>;
}
];
- lass.ensure-permissions = [
- { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; }
- ];
-
- krebs.syncthing.folders = [
- { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; }
- ];
+ krebs.syncthing.folders."/var/lib/sync-containers".peers = [ "icarus" "skynet" "littleT" "shodan" ];
+ krebs.permown."/var/lib/sync-containers" = {
+ owner = "root";
+ group = "syncthing";
+ umask = "0007";
+ };
system.activationScripts.containerPermissions = ''
mkdir -p /var/lib/containers
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index d67d970f8..521b3c050 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -248,10 +248,13 @@ in {
alias ${html};
'';
};
- krebs.syncthing.folders = [
- { id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders."the_playlist" = {
+ path = "/home/radio/music/the_playlist";
+ peers = [ "mors" "phone" "prism" ];
+ };
+ krebs.permown."/home/radio/music/the_playlist" = {
+ owner = "radio";
+ group = "syncthing";
+ umask = "0007";
+ };
}
diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix
index 94569c94d..c3f6511c2 100644
--- a/lass/2configs/sync/decsync.nix
+++ b/lass/2configs/sync/decsync.nix
@@ -1,8 +1,11 @@
{
- krebs.syncthing.folders = [
- { id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders.decsync = {
+ path = "/home/lass/decsync";
+ peers = [ "mors" "blue" "green" "phone" ];
+ };
+ krebs.permown."/home/lass/decsync" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix
index d10177b1d..30c7b262b 100644
--- a/lass/2configs/sync/weechat.nix
+++ b/lass/2configs/sync/weechat.nix
@@ -1,8 +1,8 @@
{
- krebs.syncthing.folders = [
- { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; }
- ];
- lass.ensure-permissions = [
- { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.syncthing.folders."/home/lass/.weechat".peers = [ "blue" "green" "mors" ];
+ krebs.permown."/home/lass/.weechat" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index fc10b2cb4..48f2625c1 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -1,6 +1,6 @@
-{ config, pkgs, ... }:
-with import <stockholm/lib>;
-{
+{ config, pkgs, ... }: with import <stockholm/lib>; let
+ peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
+in {
services.syncthing = {
enable = true;
group = "syncthing";
@@ -14,17 +14,17 @@ with import <stockholm/lib>;
enable = true;
cert = toString <secrets/syncthing.cert>;
key = toString <secrets/syncthing.key>;
- peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
- folders = [
- { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; }
- ];
+ peers = peers;
+ folders."/home/lass/sync".peers = attrNames peers;
};
system.activationScripts.syncthing-home = ''
${pkgs.coreutils}/bin/chmod a+x /home/lass
'';
- lass.ensure-permissions = [
- { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
- ];
+ krebs.permown."/home/lass/sync" = {
+ owner = "lass";
+ group = "syncthing";
+ umask = "0007";
+ };
}
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix
index 59043aeb1..613c7c8ac 100644
--- a/lass/3modules/default.nix
+++ b/lass/3modules/default.nix
@@ -3,7 +3,6 @@ _:
imports = [
./dnsmasq.nix
./ejabberd
- ./ensure-permissions.nix
./folderPerms.nix
./hosts.nix
./mysql-backup.nix
diff --git a/lass/3modules/ensure-permissions.nix b/lass/3modules/ensure-permissions.nix
deleted file mode 100644
index 36edc1127..000000000
--- a/lass/3modules/ensure-permissions.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ config, pkgs, ... }: with import <stockholm/lib>;
-
-let
-
- cfg = config.lass.ensure-permissions;
-
-in
-
-{
- options.lass.ensure-permissions = mkOption {
- default = [];
- type = types.listOf (types.submodule ({
- options = {
-
- folder = mkOption {
- type = types.absolute-pathname;
- };
-
- owner = mkOption {
- # TODO user type
- type = types.str;
- default = "root";
- };
-
- group = mkOption {
- # TODO group type
- type = types.str;
- default = "root";
- };
-
- permission = mkOption {
- # TODO permission type
- type = types.str;
- default = "u+rw,g+rw";
- };
-
- };
- }));
- };
-
- config = mkIf (cfg != []) {
-
- system.activationScripts.ensure-permissions = concatMapStringsSep "\n" (plan: ''
- ${pkgs.coreutils}/bin/mkdir -p ${plan.folder}
- ${pkgs.coreutils}/bin/chmod -R ${plan.permission} ${plan.folder}
- ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} ${plan.folder}
- '') cfg;
- systemd.services =
- listToAttrs (map (plan: nameValuePair "ensure-permisson.${replaceStrings ["/"] ["_"] plan.folder}" {
- wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- Restart = "always";
- RestartSec = 10;
- ExecStart = pkgs.writeDash "ensure-perms" ''
- ${pkgs.inotifyTools}/bin/inotifywait -mrq -e CREATE --format %w%f ${plan.folder} \
- | while IFS= read -r FILE; do
- ${pkgs.coreutils}/bin/chmod -R ${plan.permission} "$FILE" 2>/dev/null
- ${pkgs.coreutils}/bin/chown -R ${plan.owner}:${plan.group} "$FILE" 2>/dev/null
- done
- '';
- };
- }) cfg)
- ;
-
- };
-}