From 9e346a84068cebab681ed5ab72b29ccdaf7383b9 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Thu, 12 Feb 2026 13:33:50 -0500
Subject: [PATCH] feat(tmpfiles): implement serviceFilePerms lib function
 (GREEN phase)

---
 modules/lib.nix | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/modules/lib.nix b/modules/lib.nix
index 9497534..a248041 100644
--- a/modules/lib.nix
+++ b/modules/lib.nix
@@ -155,5 +155,28 @@ inputs.nixpkgs.lib.extend (
         #  }
         #];
       };
+
+    serviceFilePerms =
+      serviceName: tmpfilesRules:
+      { pkgs, ... }:
+      let
+        confFile = pkgs.writeText "${serviceName}-file-perms.conf" (lib.concatStringsSep "\n" tmpfilesRules);
+      in
+      {
+        systemd.services."${serviceName}-file-perms" = {
+          after = [ "${serviceName}-mounts.service" ];
+          before = [ "${serviceName}.service" ];
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = true;
+            ExecStart = "${pkgs.systemd}/bin/systemd-tmpfiles --create ${confFile}";
+          };
+        };
+
+        systemd.services.${serviceName} = {
+          wants = [ "${serviceName}-file-perms.service" ];
+          after = [ "${serviceName}-file-perms.service" ];
+        };
+      };
   }
 )