feat(tmpfiles): implement serviceFilePerms lib function (GREEN phase)

2026-02-12 13:33:50 -05:00
parent 2cb83f85c9
commit 9e346a8406
1 changed files with 23 additions and 0 deletions
--- a/modules/lib.nix
+++ b/modules/lib.nix
@@ -155,5 +155,28 @@ inputs.nixpkgs.lib.extend (
        #  }
        #];
      };
    serviceFilePerms =
      serviceName: tmpfilesRules:
      { pkgs, ... }:
      let
        confFile = pkgs.writeText "${serviceName}-file-perms.conf" (lib.concatStringsSep "\n" tmpfilesRules);
      in
      {
        systemd.services."${serviceName}-file-perms" = {
          after = [ "${serviceName}-mounts.service" ];
          before = [ "${serviceName}.service" ];
          serviceConfig = {
            Type = "oneshot";
            RemainAfterExit = true;
            ExecStart = "${pkgs.systemd}/bin/systemd-tmpfiles --create ${confFile}";
          };
        };
        systemd.services.${serviceName} = {
          wants = [ "${serviceName}-file-perms.service" ];
          after = [ "${serviceName}-file-perms.service" ];
        };
      };
  }
 )