framework changes

2024-06-30 19:21:57 +02:00
parent 20f1c33d5a
commit 6eb1763e7c
5 changed files with 285 additions and 381 deletions
--- a/nixos/celestia/configuration.nix
+++ b/nixos/celestia/configuration.nix
@@ -100,10 +100,6 @@ in {
    };
  };

-  systemd.services.dnscrypt-proxy2.serviceConfig = {
-    StateDirectory = "dnscrypt-proxy";
-  };
-
  security.acme = {
    acceptTerms = true;
    defaults = {
@@ -124,9 +120,9 @@ in {
      openFirewall = true;
      useRoutingFeatures = "both";
      extraUpFlags = ["--advertise-routes=192.168.1.11/32"];
-      authKeyFile = config.sops.secrets."tailscale-auth-key".path;  
+      authKeyFile = config.sops.secrets."tailscale-auth-key".path;
    };
-    
+
    dnscrypt-proxy2 = {
      enable = true;
      settings = {
@@ -413,4 +409,27 @@ in {
    enable = true;
    powerUpCommands = lib.strings.concatMapStringsSep "\n" (disk: "${pkgs.hdparm}/sbin/hdparm -S 241 " + disk) disks;
  };
+
+  systemd.services = let
+    ensure-perms = path: user: group: {
+      enable = true;
+      description = "Ensures permissionsions and ownership of files in ${path}";
+      wantedBy = ["multi-user.target"];
+
+      script = ''
+        while read -r evt file; do
+          ${pkgs.coreutils}/bin/chown ${user}:${group} "$file"
+          ${pkgs.coreutils}/bin/chmod 755 "$file"
+        done < <(${pkgs.inotify-tools}/bin/inotifywait -e create,move -m -r --format '%e %w%f' ${path})
+      '';
+    };
+  in {
+    dnscrypt-proxy2.serviceConfig = {
+      StateDirectory = "dnscrypt-proxy";
+    };
+
+    ensure-radarr-perms = ensure-perms "/tank/video/movie" "radarr" "nas";
+    ensure-sonarr-perms = ensure-perms "/tank/video/series" "sonarr" "nas";
+    ensure-lidarr-perms = ensure-perms "/tank/audio" "lidarr" "nas";
+  };
 }