schmittlauch/nixos-seafile-overlay
1
0
Fork 0
Code Issues 7 Pull requests Releases Wiki Activity

fix path and directory permissions by letting systemd-tmpfiles manage the directories

Browse source
This commit is contained in:
Trolli Schmittlauch 2019-10-15 20:09:37 +02:00
parent 7b9be832b7
commit 9133d58418
1 changed files with 23 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
mod-seafile-server.nix
View file

@ -84,18 +84,26 @@ in
directoriesToManage = [ cfg.storagePath ];
in
lib.mkIf cfg.enable {
systemd.services.seafile-server = {
systemd = {
# state directory permissions managed by systemd
tmpfiles.rules = [
"d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -"
];
services.seafile-server = {
script = ''
${pkgs.seafile-server.ccnet-server}/bin/ccnet-init
'';
serviceConfig = {
ExecStartPre = "+${pkgs.writeScript "seafile-server-preStart" ''
#!${pkgs.runtimeShell}
#set -ex
for DIR in ${escapeShellArgs directoriesToManage}; do
mkdir -p "$DIR"
chown ${cfg.user}:${cfg.group} "$DIR"
done;
''}";
ExecStart = "${pkgs.seafile-server}/seafile-core/bin/seaf-server-init";
ExecStartPre = [
("+${pkgs.writeScript "seafile-server-preStart-privileged" ''
#!${pkgs.runtimeShell}
# stuff run as root
''}")
("${pkgs.writeShellScript "seafile-server-preStart-unprivileged" ''
# stuff run as seafile user
''}")
];
User = cfg.user;
Group = cfg.group;
Type = "oneshot";
@ -104,11 +112,14 @@ in
enable = cfg.autorun;
wantedBy = [ "multi-user.target" ];
};
};
users.users.${cfg.user} = {
home = cfg.storagePath;
home = "${cfg.storagePath}/home";
group = cfg.group;
createHome = true;
# don't make NixOS create the home directory as otherwise the permissions for /srv might be 0700,
# making it impossible to cd into the storagePath
createHome = false;
isNormalUser = false;
};
users.groups.${cfg.group}.members = [ cfg.user ];