hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

allow to set owner and permission of out of band config

Browse source
This commit is contained in:
ibizaman 2024-08-23 22:43:32 +02:00
parent f998689e9b
commit 36a2041bb2
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/default.nix
View file

@ -9,7 +9,7 @@ rec {
# - resultPath is the location the config file should have on the filesystem. # - resultPath is the location the config file should have on the filesystem.
# - generator is a function taking two arguments name and value and returning path in the nix # - generator is a function taking two arguments name and value and returning path in the nix
# nix store where the # nix store where the
replaceSecrets = { userConfig, resultPath, generator }: replaceSecrets = { userConfig, resultPath, generator, user ? "root", permissions ? "u=r,g=r,o=" }:
let let
configWithTemplates = withReplacements userConfig; configWithTemplates = withReplacements userConfig;
@ -20,6 +20,7 @@ rec {
replaceSecretsScript { replaceSecretsScript {
file = nonSecretConfigFile; file = nonSecretConfigFile;
inherit resultPath replacements; inherit resultPath replacements;
inherit user permissions;
}; };
replaceSecretsFormatAdapter = format: format.generate; replaceSecretsFormatAdapter = format: format.generate;
@ -30,7 +31,7 @@ rec {
resultPath = newPath; resultPath = newPath;
}; };
replaceSecretsScript = { file, resultPath, replacements }: replaceSecretsScript = { file, resultPath, replacements, user ? "root", permissions ? "u=r,g=r,o=" }:
let let
templatePath = resultPath + ".template"; templatePath = resultPath + ".template";
sedPatterns = lib.strings.concatStringsSep " " (lib.attrsets.mapAttrsToList (from: to: "-e \"s|${from}|${to}|\"") replacements); sedPatterns = lib.strings.concatStringsSep " " (lib.attrsets.mapAttrsToList (from: to: "-e \"s|${from}|${to}|\"") replacements);
@ -44,6 +45,9 @@ rec {
mkdir -p $(dirname ${templatePath}) mkdir -p $(dirname ${templatePath})
ln -fs ${file} ${templatePath} ln -fs ${file} ${templatePath}
rm -f ${resultPath} rm -f ${resultPath}
touch ${resultPath}
chown ${user} ${resultPath}
chmod ${permissions} ${resultPath}
${sedCmd} ${templatePath} > ${resultPath} ${sedCmd} ${templatePath} > ${resultPath}
''; '';
@ -237,13 +241,14 @@ rec {
pkgs.runCommand "nix-flake-tests-success" { } "echo > $out"; pkgs.runCommand "nix-flake-tests-success" { } "echo > $out";
genConfigOutOfBandSystemd = { config, configLocation, generator }: genConfigOutOfBandSystemd = { config, configLocation, generator, user ? "root", permissions ? "u=r,g=r,o=" }:
{ {
loadCredentials = getLoadCredentials "source" config; loadCredentials = getLoadCredentials "source" config;
preStart = lib.mkBefore (replaceSecrets { preStart = lib.mkBefore (replaceSecrets {
userConfig = updateToLoadCredentials "source" "$CREDENTIALS_DIRECTORY" config; userConfig = updateToLoadCredentials "source" "$CREDENTIALS_DIRECTORY" config;
resultPath = configLocation; resultPath = configLocation;
inherit generator; inherit generator;
inherit user permissions;
}); });
}; };