fs: fix mode of deployed files; simplify

2023-01-04 07:14:01 +00:00 · 2023-01-04 07:14:01 +00:00 · 2c48e61854
commit 2c48e61854
parent f89f756489
3 changed files with 22 additions and 21 deletions
--- a/modules/fs/default.nix
+++ b/modules/fs/default.nix
@ -60,6 +60,8 @@ let
        (lib.mkIf (config.dir != null) config.dir.reverseDepends)
        (lib.mkIf (config.symlink != null) config.symlink.reverseDepends)
      ];
+
+      # actually generate the item
      generated.script = lib.mkMerge [
        (lib.mkIf (config.dir != null) (ensureDirScript name config.dir))
        (lib.mkIf (config.symlink != null) (ensureSymlinkScript name config.symlink))
@ -80,9 +82,9 @@ let
    };
  });

-  # sane.fs."<path>".dir sub-options
-  dirEntry = types.submodule {
-    # TODO: options should just be `propagatedGenerateOptions`
+  # options which can be set in dir/symlink generated items,
+  # with intention that they just propagate down
+  propagatedGenerateMod = {
    options = {
      acl = mkOption {
        type = sane-types.aclOverride;
@ -90,26 +92,25 @@ let
      };
      reverseDepends = mkOption {
        type = types.listOf types.str;
-        description = "list of systemd units which should be made to depend on this unit (controls `wantedBy` and `before`)";
+        description = "list of systemd units which should be made to depend on this item (controls `wantedBy` and `before`)";
        default = [];
      };
    };
  };

+  # sane.fs."<path>".dir sub-options
+  # takes no special options
+  dirEntry = types.submodule propagatedGenerateMod;
+
  symlinkEntry = types.submodule {
    options = {
+      inherit (propagatedGenerateMod.options) acl;
      target = mkOption {
        type = types.str;
        description = "fs path to link to";
      };
-      acl = mkOption {
-        type = sane-types.aclOverride;
-        default = {};
-      };
-      reverseDepends = mkOption {
-        type = types.listOf types.str;
-        description = "list of systemd units which should be made to depend on this unit (controls `wantedBy` and `before`)";
-        # symlinks are assumed to be terminals, so create them on start by default
+      reverseDepends = propagatedGenerateMod.options.reverseDepends // {
+        # symlinks are terminal, so by default create them during startup
        default = [ "multi-user.target" ];
      };
    };
@ -117,6 +118,9 @@ let

  generatedEntry = types.submodule {
    options = {
+      # we use a stricter acl type here, so don't inherit that.
+      inherit (propagatedGenerateMod.options) reverseDepends;
+
      acl = mkOption {
        type = sane-types.acl;
      };
@ -127,11 +131,6 @@ let
        '';
        default = [];
      };
-      reverseDepends = mkOption {
-        type = types.listOf types.str;
-        description = "list of systemd units which should be made to depend on this unit (controls `wantedBy` and `before`)";
-        default = [];
-      };
      script.script = mkOption {
        type = types.lines;
      };
@ -242,7 +241,9 @@ let

      # ensure any things created by the user script have the desired mode.
      # chmod doesn't work on symlinks, so we *have* to use this umask approach.
-      umask $(( 777 - "$aclmode" ))
+      decmask=$(( 0777 - "$aclmode" ))
+      octmask=$(printf "%o" "$decmask")
+      umask "$octmask"

      # try to chmod/chown the result even if the user script errors
      _status=0
@ -251,7 +252,7 @@ let
      ${gen-opt.script.script}

      # claim ownership of the new thing (DON'T traverse symlinks)
-      chown --no-derefence "$acluser:$aclgroup" "$fspath"
+      chown --no-dereference "$acluser:$aclgroup" "$fspath"
      exit "$_status"
    '';
    scriptArgs = [ path gen-opt.acl.user gen-opt.acl.group gen-opt.acl.mode ] ++ gen-opt.script.scriptArgs;
--- a/modules/impermanence/default.nix
+++ b/modules/impermanence/default.nix
@ -174,7 +174,7 @@ in
          # ensure the backing path has same perms as the mount point.
          # TODO: maybe we want to do this, crawling all the way up to the store base?
          # that would simplify (remove) the code in stores/default.nix
-          dir.acl = config.sane.fs."${opt.directory}".dir.acl;
+          dir.acl = config.sane.fs."${opt.directory}".generated.acl;
        };
      };
  in mkIf cfg.enable {
--- a/modules/impermanence/stores/default.nix
+++ b/modules/impermanence/stores/default.nix
@ -22,7 +22,7 @@ in
    # TODO: just add assertions that sane.fs."${backing}/${dest}".dir == sane.fs."${dest}" for each mount point?
    sane.fs = lib.mapAttrs' (_name: store: {
      name = "${store.mountpt}/home/colin";
-      value.dir.acl = config.sane.fs."/home/colin".dir.acl;
+      value.dir.acl = config.sane.fs."/home/colin".generated.acl;
    }) cfg.stores;
  };
 }