I need to set (at least) the owner or the permissions of the directories which are created by using environment.etc because the crowdsec module needs to create some files in some of its directories.

Example

I created a little [reproduction step]/[example] of what I mean.
Here’s the nix code:

    environment.etc = {
      "dir1/lmao.txt" = {
        text = "hello there";
        mode = "lmao";
        user = "tornax";
        group = "tornax";
      };
    };

Now if I do ls -l /etc/dir1 then I’m getting the following output:

total 4
---------- 1 tornax root 11 21. Dez 17:26 lmao.txt

which is fine (except that the group of the file is still root? ).
But if I do ls -l /etc | grep dir1 then I’m getting the following output:

drwxr-xr-x 1 root root         16 21. Dez 17:26 dir1

which means that I can’t do touch /etc/dir1/some_grass.txt:

touch: cannot touch '/etc/dir1/some_grass.txt': Permission denied

Thoughts

• should I fix that by using systemd.tmpfiles?
• or by adding a little “prescript” which gets executed and does a sudo chown -R tornax:tornax /etc/dir1?

What would you suggest?

Ok, half-answer found (I think): How to change permission of a folder in etc - #2 by Sandro

Software-mutable files should really not go in /etc, especially on NixOS. Can you point your software to a systemd StateDirectory instead?

A bit ugly, but I think you can do something like

environment.etc.“dir1” = { source = pkgs.runCommand “dir1” {} “mkdir -p $out; echo “hello there” > $out/lmao.txt”; mode = “lmao”; user = “tornax”; group = “tornax”; };

Ok, this doesn’t work because the uid isn’t generated yet somehow if I try to access the uid through config.