schmittlauch/nixos-seafile-overlay
1
0
Fork 0
Code Issues 7 Pull requests Releases Wiki Activity

fix path and directory permissions by letting systemd-tmpfiles manage the directories

Browse source
This commit is contained in:
Trolli Schmittlauch 2019-10-15 20:09:37 +02:00
parent 7b9be832b7
commit 9133d58418
1 changed files with 23 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
mod-seafile-server.nix
View file

@ -84,18 +84,26 @@ in
directoriesToManage = [ cfg.storagePath ]; directoriesToManage = [ cfg.storagePath ];
in in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
systemd.services.seafile-server = { systemd = {
# state directory permissions managed by systemd
tmpfiles.rules = [
"d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -"
];
services.seafile-server = {
script = ''
${pkgs.seafile-server.ccnet-server}/bin/ccnet-init
'';
serviceConfig = { serviceConfig = {
ExecStartPre = "+${pkgs.writeScript "seafile-server-preStart" '' ExecStartPre = [
#!${pkgs.runtimeShell} ("+${pkgs.writeScript "seafile-server-preStart-privileged" ''
#set -ex #!${pkgs.runtimeShell}
for DIR in ${escapeShellArgs directoriesToManage}; do # stuff run as root
mkdir -p "$DIR" ''}")
chown ${cfg.user}:${cfg.group} "$DIR" ("${pkgs.writeShellScript "seafile-server-preStart-unprivileged" ''
done; # stuff run as seafile user
''}"; ''}")
ExecStart = "${pkgs.seafile-server}/seafile-core/bin/seaf-server-init"; ];
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
Type = "oneshot"; Type = "oneshot";
@ -104,11 +112,14 @@ in
enable = cfg.autorun; enable = cfg.autorun;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
};
users.users.${cfg.user} = { users.users.${cfg.user} = {
home = cfg.storagePath; home = "${cfg.storagePath}/home";
group = cfg.group; group = cfg.group;
createHome = true; # don't make NixOS create the home directory as otherwise the permissions for /srv might be 0700,
# making it impossible to cd into the storagePath
createHome = false;
isNormalUser = false; isNormalUser = false;
}; };
users.groups.${cfg.group}.members = [ cfg.user ]; users.groups.${cfg.group}.members = [ cfg.user ];