colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

impermanence: fix up circular dependencies and permissions

Browse Source 
this is now a proof of concept. still has some rough edges.
This commit is contained in:
colin
2022-12-29 18:03:38 +00:00
parent d00f9b15d7
commit af92a2250e
1 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
modules/impermanence/default.nix
View File

@@ -242,12 +242,16 @@ in
parent-mount-service = cleanName (parentDir opt.directory); parent-mount-service = cleanName (parentDir opt.directory);
parent-perms-service = "impermanence-perms-${parent-mount-service}"; parent-perms-service = "impermanence-perms-${parent-mount-service}";
is-mount = opt ? store; is-mount = opt ? store;
backing-path = if is-mount then
concatPaths [ opt.store.device opt.directory ]
else
opt.directory;
in { in {
fileSystems."${opt.directory}" = lib.mkIf is-mount { fileSystems."${opt.directory}" = lib.mkIf is-mount {
device = concatPaths [ opt.store.device opt.directory ]; device = concatPaths [ opt.store.device opt.directory ];
options = [ options = [
"bind" "bind"
"x-systemd.requires=${backing-mount}.mount" # this should be implicit # "x-systemd.requires=${backing-mount}.mount" # this should be implicit
"x-systemd.after=${perms-service}.service" "x-systemd.after=${perms-service}.service"
# `wants` doesn't seem to make it to the service file here :-( # `wants` doesn't seem to make it to the service file here :-(
"x-systemd.wants=${perms-service}.service" "x-systemd.wants=${perms-service}.service"
@@ -259,20 +263,35 @@ in
# create services which ensure the source directories exist and have correct ownership/perms before mounting # create services which ensure the source directories exist and have correct ownership/perms before mounting
systemd.services."${perms-service}" = let systemd.services."${perms-service}" = let
perms-script = pkgs.writeShellScript "impermanence-prepare-perms" '' perms-script = pkgs.writeShellScript "impermanence-prepare-perms" ''
path="$1" backing="$1"
user="$2" path="$2"
group="$3" user="$3"
mode="$4" group="$4"
mode="$5"
mkdir "$path" || test -d "$path" mkdir "$path" || test -d "$path"
chmod "$mode" "$path" chmod "$mode" "$path"
chown "$user:$group" "$path" chown "$user:$group" "$path"
# XXX: fix up the permissions of the origin, otherwise it overwrites the mountpoint with defaults.
# TODO: apply to the full $backing path? like, construct it entirely in parallel?
if [ "$backing" != "$path" ]
then
mkdir -p "$backing"
chmod "$mode" "$backing"
chown "$user:$group" "$backing"
fi
''; '';
in { in {
description = "prepare permissions for ${opt.directory}"; description = "prepare permissions for ${opt.directory}";
serviceConfig = { serviceConfig = {
ExecStart = ''${perms-script} ${opt.directory} ${opt.user} ${opt.group} ${opt.mode}''; ExecStart = ''${perms-script} ${backing-path} ${opt.directory} ${opt.user} ${opt.group} ${opt.mode}'';
Type = "oneshot"; Type = "oneshot";
}; };
unitConfig = {
# prevent systemd making this unit implicitly dependent on sysinit.target.
# see: <https://www.freedesktop.org/software/systemd/man/systemd.special.html>
DefaultDependencies = "no";
};
wantedBy = lib.mkIf is-mount [ "${mount-service}.mount" ]; wantedBy = lib.mkIf is-mount [ "${mount-service}.mount" ];
after = lib.mkIf (opt.directory != "/") [ "${parent-perms-service}.service" ]; after = lib.mkIf (opt.directory != "/") [ "${parent-perms-service}.service" ];
wants = lib.mkIf (opt.directory != "/") [ "${parent-perms-service}.service" ]; wants = lib.mkIf (opt.directory != "/") [ "${parent-perms-service}.service" ];