From 20f8a481df0091b469b87684dbe2e1559ef37ae1 Mon Sep 17 00:00:00 2001 From: shimun Date: Thu, 31 Dec 2020 21:32:41 +0100 Subject: [PATCH] move chown into service unit --- mod.nix | 64 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 33 deletions(-) diff --git a/mod.nix b/mod.nix index 32e38c0..4d0dbbf 100644 --- a/mod.nix +++ b/mod.nix @@ -6,14 +6,7 @@ let package = pkgs.callPackage ./. { inherit pkgs; src = ./.; }; keyDir = pkgs.runCommand "brownpaper-keys" { } '' mkdir -p $out - ${concatStringsSep " && " (builtins.map (key: "ln -s ${key} $out") cfg.pgpKeys)} - ''; - keyScript = pkgs.writeScript "brownpaper-keyscript" '' - #!${pkgs.bash}/bin/bash - DATADIR='${toString cfg.dataDir}' - ([ ! -s "$DATADIR/keys" ] && [ -d "$DATADIR/keys" ]) && mv "$DATADIR/keys" "$DATADIR/keys.bak" - [ -s "$DATADIR/keys" ] && rm "$DATADIR/keys" - ln -s ${keyDir} "$DATADIR/keys" + ${concatStringsSep " && " (builtins.map (key: "cp ${key} $out/") cfg.pgpKeys)} ''; in { @@ -67,33 +60,38 @@ in }; config = { users.users = mkIf cfg.enable { ${cfg.user} = { }; }; - system.activationScripts.brownpaper = mkIf cfg.enable { - text = '' - mkdir -p ${toString cfg.dataDir} - chown ${toString cfg.user} -R ${toString cfg.dataDir} - ${optionalString (cfg.pgpKeys != [ ]) "${keyScript}"} - ''; - deps = [ ]; - }; - systemd.services.brownpaper = mkIf cfg.enable { - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - path = [ pkgs.coreutils ]; - environment.BROWNPAPER_STORAGE_DIR = "${toString cfg.dataDir}"; - confinement = { - enable = true; - packages = with pkgs;[ bash coreutils findutils tzdata keyDir ]; - }; - serviceConfig = - { - BindPaths = [ cfg.dataDir ]; - ExecStart = "${package.server}/bin/brownpaper ${cfg.listen}:${toString cfg.port}"; + systemd.services = mkIf cfg.enable { + brownpaper-init.script = '' + mkdir -p '${cfg.dataDir}' + chown ${cfg.user} -R '${cfg.dataDir}' + '' + (optionalString (cfg.pgpKeys != [ ]) '' + DATADIR='${toString cfg.dataDir}' + ([ ! -s "$DATADIR/keys" ] && [ -d "$DATADIR/keys" ]) && mv "$DATADIR/keys" "$DATADIR/keys.bak" + [ -s "$DATADIR/keys" ] && rm "$DATADIR/keys" + ln -s ${keyDir} "$DATADIR/keys" + ''); + brownpaper = { + wantedBy = [ "multi-user.target" ]; + wants = [ "brownpaper-init.service" ]; + after = [ "brownpaper-init.service" "network-online.target" ]; + path = [ pkgs.coreutils ]; + environment.BROWNPAPER_STORAGE_DIR = "${toString cfg.dataDir}"; + confinement = { + enable = true; + packages = with pkgs; [ bash coreutils findutils tzdata keyDir ]; + }; + script = '' + ${package.server}/bin/brownpaper ${cfg.listen}:${toString cfg.port} + ''; + serviceConfig = { + BindPaths = [ cfg.dataDir ] ++ (optional (cfg.pgpKeys != [ ]) keyDir); User = cfg.user; }; - }; - systemd.services.brownpaper-gc = mkIf (cfg.enable && cfg.gc.enable) { - startAt = cfg.gc.dates; - script = "${pkgs.findutils}/bin/find ${cfg.dataDir} -maxdepth 1 -type f -mmin +${toString cfg.gc.maxAge} -delete"; + }; + brownpaper-gc = mkIf cfg.gc.enable { + startAt = cfg.gc.dates; + script = "${pkgs.findutils}/bin/find ${cfg.dataDir} -maxdepth 1 -type f -mmin +${toString cfg.gc.maxAge} -delete"; + }; }; environment.systemPackages = optionals cfgc.enable [ (pkgs.writeShellScriptBin "brownpaper" ''