shimun/brownpaper
1
0
Fork 0
Code Issues Pull Requests Releases Activity

move chown into service unit

Browse Source
This commit is contained in:
shimun 2020-12-31 21:32:41 +01:00
parent 0d04c61cdd
commit 20f8a481df
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
1 changed files with 31 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
mod.nix
View File

@ -6,14 +6,7 @@ let
package = pkgs.callPackage ./. { inherit pkgs; src = ./.; }; package = pkgs.callPackage ./. { inherit pkgs; src = ./.; };
keyDir = pkgs.runCommand "brownpaper-keys" { } '' keyDir = pkgs.runCommand "brownpaper-keys" { } ''
mkdir -p $out mkdir -p $out
${concatStringsSep " && " (builtins.map (key: "ln -s ${key} $out") cfg.pgpKeys)} ${concatStringsSep " && " (builtins.map (key: "cp ${key} $out/") cfg.pgpKeys)}
'';
keyScript = pkgs.writeScript "brownpaper-keyscript" ''
#!${pkgs.bash}/bin/bash
DATADIR='${toString cfg.dataDir}'
([ ! -s "$DATADIR/keys" ] && [ -d "$DATADIR/keys" ]) && mv "$DATADIR/keys" "$DATADIR/keys.bak"
[ -s "$DATADIR/keys" ] && rm "$DATADIR/keys"
ln -s ${keyDir} "$DATADIR/keys"
''; '';
in in
{ {
@ -67,34 +60,39 @@ in
}; };
config = { config = {
users.users = mkIf cfg.enable { ${cfg.user} = { }; }; users.users = mkIf cfg.enable { ${cfg.user} = { }; };
system.activationScripts.brownpaper = mkIf cfg.enable { systemd.services = mkIf cfg.enable {
text = '' brownpaper-init.script = ''
mkdir -p ${toString cfg.dataDir} mkdir -p '${cfg.dataDir}'
chown ${toString cfg.user} -R ${toString cfg.dataDir} chown ${cfg.user} -R '${cfg.dataDir}'
${optionalString (cfg.pgpKeys != [ ]) "${keyScript}"} '' + (optionalString (cfg.pgpKeys != [ ]) ''
''; DATADIR='${toString cfg.dataDir}'
deps = [ ]; ([ ! -s "$DATADIR/keys" ] && [ -d "$DATADIR/keys" ]) && mv "$DATADIR/keys" "$DATADIR/keys.bak"
}; [ -s "$DATADIR/keys" ] && rm "$DATADIR/keys"
systemd.services.brownpaper = mkIf cfg.enable { ln -s ${keyDir} "$DATADIR/keys"
'');
brownpaper = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ]; wants = [ "brownpaper-init.service" ];
after = [ "brownpaper-init.service" "network-online.target" ];
path = [ pkgs.coreutils ]; path = [ pkgs.coreutils ];
environment.BROWNPAPER_STORAGE_DIR = "${toString cfg.dataDir}"; environment.BROWNPAPER_STORAGE_DIR = "${toString cfg.dataDir}";
confinement = { confinement = {
enable = true; enable = true;
packages = with pkgs;[ bash coreutils findutils tzdata keyDir ]; packages = with pkgs; [ bash coreutils findutils tzdata keyDir ];
}; };
serviceConfig = script = ''
{ ${package.server}/bin/brownpaper ${cfg.listen}:${toString cfg.port}
BindPaths = [ cfg.dataDir ]; '';
ExecStart = "${package.server}/bin/brownpaper ${cfg.listen}:${toString cfg.port}"; serviceConfig = {
BindPaths = [ cfg.dataDir ] ++ (optional (cfg.pgpKeys != [ ]) keyDir);
User = cfg.user; User = cfg.user;
}; };
}; };
systemd.services.brownpaper-gc = mkIf (cfg.enable && cfg.gc.enable) { brownpaper-gc = mkIf cfg.gc.enable {
startAt = cfg.gc.dates; startAt = cfg.gc.dates;
script = "${pkgs.findutils}/bin/find ${cfg.dataDir} -maxdepth 1 -type f -mmin +${toString cfg.gc.maxAge} -delete"; script = "${pkgs.findutils}/bin/find ${cfg.dataDir} -maxdepth 1 -type f -mmin +${toString cfg.gc.maxAge} -delete";
}; };
};
environment.systemPackages = optionals cfgc.enable [ environment.systemPackages = optionals cfgc.enable [
(pkgs.writeShellScriptBin "brownpaper" '' (pkgs.writeShellScriptBin "brownpaper" ''
BROWNPAPER_ENDPOINT='${cfgc.endpoint}' ${package.client}/bin/brownpaper "$@" BROWNPAPER_ENDPOINT='${cfgc.endpoint}' ${package.client}/bin/brownpaper "$@"