diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix index 0488973..d1f3779 100644 --- a/modules/services/gitea.nix +++ b/modules/services/gitea.nix @@ -24,7 +24,9 @@ helper.mkPodmanService { DB_PASSWORD = "xkcdpass -n 8 -d -"; }; dirPermissions = [ - "100999:users ${cfg.configDir}" + "100999:100 ${cfg.configDir}/data" + "100999:100 ${cfg.configDir}/config" + "100999:100 ${cfg.configDir}/database" ]; composeText = '' diff --git a/modules/services/home-assistant.nix b/modules/services/home-assistant.nix index 9e05d56..b5d906d 100644 --- a/modules/services/home-assistant.nix +++ b/modules/services/home-assistant.nix @@ -23,8 +23,8 @@ helper.mkPodmanService { HOME_ASSISTANT_MQTT_PASSWORD = "xkcdpass -n 8 -d -"; }; dirPermissions = [ - "numbus-admin:users ${cfg.configDir}/home-assistant" - "100999:users ${cfg.configDir}/mqtt" + "1000:100 ${cfg.configDir}/config" + "100999:100 ${cfg.configDir}/mqtt" ]; # Compose file good @@ -39,7 +39,7 @@ helper.mkPodmanService { ports: - "${cfg.port}:8123/tcp" volumes: - - ${cfg.configDir}/home-assistant:/config + - ${cfg.configDir}/config:/config - /etc/localtime:/etc/localtime:ro - /run/dbus:/run/dbus:ro ${lib.optionalString (cfg.devices != []) '' @@ -95,13 +95,20 @@ ${lib.concatStringsSep "\n" (map (d: " - \"${d}\"") cfg.devices)} }; script = '' mkdir -p /var/lib/numbus-server/${name} - if [[ -e /var/lib/numbus-server/${name}/quirk-1.true ]]; then - exit 0 + if [[ -e ${cfg.configDir}/config/configuration.yaml ]]; then + if grep -qF "${config.numbus.networking.ipAddress}/24" ${cfg.configDir}/config/configuration.yaml; then + exit 0 + elif grep -qF "use_x_forwarded_for" ${cfg.configDir}/config/configuration.yaml && ! grep -qF "${config.numbus.networking.ipAddress}/24" ${cfg.configDir}/config/configuration.yaml + tmp=$(mktemp) + head -n -4 ${cfg.configDir}/config/configuration.yaml > "$tmp" + mv "$tmp" ${cfg.configDir}/config/configuration.yaml + fi fi - until [[ -e ${cfg.configDir}/home-assistant/configuration.yaml ]]; do + + until [[ -e ${cfg.configDir}/config/configuration.yaml ]]; do sleep 15 done - cat << 'EOF' >> ${cfg.configDir}/home-assistant/configuration.yaml + cat << 'EOF' >> ${cfg.configDir}/config/configuration.yaml http: use_x_forwarded_for: true @@ -110,7 +117,6 @@ http: zha: EOF systemctl restart ${name}.service - touch /var/lib/numbus-server/${name}/quirk-1.true ''; }; }; @@ -129,10 +135,17 @@ EOF RemainAfterExit = true; }; script = '' - mkdir -p /var/lib/numbus-server/${name} - if [[ -e /var/lib/numbus-server/${name}/quirk-2.true ]]; then - exit 0 + if [[ -e ${cfg.configDir}/mqtt/mosquitto.conf && ${cfg.configDir}/mqtt/password.txt ]]; then + if grep -qF "listener 1883" ${cfg.configDir}/mqtt/mosquitto.conf; then + exit 0 + else + rm ${cfg.configDir}/mqtt/mosquitto.conf + rm ${cfg.configDir}/mqtt/password.txt + touch ${cfg.configDir}/mqtt/mosquitto.conf + touch ${cfg.configDir}/mqtt/password.txt + fi fi + cat << EOF >> ${cfg.configDir}/mqtt/mosquitto.conf persistence true persistence_location /mosquitto/data/ @@ -145,7 +158,6 @@ EOF source /var/lib/numbus-server/${name}/.env mosquitto_passwd -b ${cfg.configDir}/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD" chmod 600 ${cfg.configDir}/mqtt/password.txt - touch /var/lib/numbus-server/${name}/quirk-2.true ''; }; } diff --git a/modules/services/immich.nix b/modules/services/immich.nix index 7b94965..6824255 100644 --- a/modules/services/immich.nix +++ b/modules/services/immich.nix @@ -31,8 +31,11 @@ helper.mkPodmanService { TZ = "${config.time.timeZone}"; }; dirPermissions = [ - "100999:users ${cfg.dataDir}" - "100999:users ${cfg.configDir}" + "100999:100 ${cfg.configDir}/model-cache" + "100999:100 ${cfg.configDir}/machine-learning-config" + "100999:100 ${cfg.configDir}/machine-learning-cache" + "100999:100 ${cfg.configDir}/database" + "100999:100 ${cfg.dataDir}" ]; # Compose file good diff --git a/modules/services/lib.nix b/modules/services/lib.nix index c6bee01..9ba97ad 100644 --- a/modules/services/lib.nix +++ b/modules/services/lib.nix @@ -139,12 +139,19 @@ ${concatStringsSep "\n" (map (m: " - ${m}") middlewares)} mkdir -p /var/lib/numbus-server/${name} ${concatStringsSep "\n" (map (perm: '' set -- ${perm} - MARKER="/var/lib/numbus-server/${name}/.perm-fixed-$(echo "$1:$2" | md5sum | cut -d' ' -f1)" - if [ ! -f "$MARKER" ]; then - rm -f /var/lib/numbus-server/${name}/.perm-fixed-* - mkdir -p "$2" - chown -R "$1" "$2" - touch "$MARKER" + WANTED_PERMISSIONS=$1 + FOLDER_PATH=$2 + ACTUAL_PERMISSIONS=$(stat -c '%u:%g' "$FOLDER_PATH") + + if [[ ! -e "$FOLDER_PATH" ]]; then + mkdir -p "$FOLDER_PATH" + elif [[ ! -d "$FOLDER_PATH" ]]; then + rm "$FOLDER_PATH" + mkdir -p "$FOLDER_PATH" + fi + + if [[ "$ACTUAL_PERMISSIONS" != "$WANTED_PERMISSIONS" ]]; then + chown -R "$WANTED_PERMISSIONS" "$FOLDER_PATH" fi '') dirPermissions)} exit 0 diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index f28cec6..22d0553 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -30,11 +30,11 @@ helper.mkPodmanService { SMTP_PASSWORD = "cat ${config.numbus.mail.smtpPasswordPath}"; }; dirPermissions = [ - "100032:users ${cfg.configDir}/web" - "100999:users ${cfg.configDir}/redis" - "100999:users ${cfg.configDir}/database" - "100999:users ${cfg.configDir}/onlyoffice" - "100032:users ${cfg.dataDir}" + "100032:100 ${cfg.configDir}/web" + "100999:100 ${cfg.configDir}/redis" + "100999:100 ${cfg.configDir}/database" + "100999:100 ${cfg.configDir}/onlyoffice" + "100032:100 ${cfg.dataDir}" ]; # Compose file good diff --git a/modules/services/passbolt.nix b/modules/services/passbolt.nix index 62c523f..afe9cd9 100644 --- a/modules/services/passbolt.nix +++ b/modules/services/passbolt.nix @@ -26,9 +26,9 @@ helper.mkPodmanService { SMTP_PASSWORD = "cat ${config.numbus.mail.smtpPasswordPath}"; }; dirPermissions = [ - "100032:users ${cfg.configDir}/gpg" - "100032:users ${cfg.configDir}/jwt" - "100999:users ${cfg.configDir}/database" + "100032:100 ${cfg.configDir}/gpg" + "100032:100 ${cfg.configDir}/jwt" + "100999:100 ${cfg.configDir}/database" ]; # Compose file good diff --git a/modules/services/pi-hole.nix b/modules/services/pi-hole.nix index 8121351..4b62f7d 100644 --- a/modules/services/pi-hole.nix +++ b/modules/services/pi-hole.nix @@ -25,7 +25,7 @@ helper.mkPodmanService { PIHOLE_PASSWORD = "xkcdpass -n 10 -d -"; }; dirPermissions = [ - "numbus-admin:users ${cfg.configDir}" + "100999:100 ${cfg.configDir}" ]; # Compose file good diff --git a/modules/services/traefik.nix b/modules/services/traefik.nix index 84ed526..78ed001 100644 --- a/modules/services/traefik.nix +++ b/modules/services/traefik.nix @@ -24,9 +24,9 @@ helper.mkPodmanService { CLOUDFLARE_DNS_API_TOKEN = "cat ${config.sops.secrets."cloudflareDnsApiToken".path}"; }; dirPermissions = [ - "100999:users ${cfg.configDir}" - "100999:users ${cfg.configDir}/rules" - "100999:users ${cfg.configDir}/certs" + "100999:100 ${cfg.configDir}" + "100999:100 ${cfg.configDir}/rules" + "100999:100 ${cfg.configDir}/certs" ]; # Compose file good