Switch from ensure-directories to tmpfiles

lib/fudo/jabber.nix

@@ -19,6 +19,8 @@ let
     };
   };
 
+  config-dir = dirOf cfg.config-file;
+
   concatMapAttrs = f: attrs:
     foldr (a: b: a // b) {} (mapAttrs f attrs);
 
@@ -185,14 +187,7 @@ in {
           };
         }) cfg.sites;
 
-      system = let
+      system = {
-        config-dir = dirOf cfg.config-file;
-      in {
-        ensure-directories.${config-dir} = {
-          user = cfg.user;
-          perms = "0700";
-        };
-
         services.ejabberd-config-generator = let
           config-generator =
             enter-secrets config-file-template cfg.secret-files cfg.config-file;
@@ -212,7 +207,7 @@ in {
 
     systemd = {
       tmpfiles.rules = [
-        "D '${dirOf cfg.config-file}' 0550 ${cfg.user} ${cfg.group} - -"
+        "d '${config-dir}' 0700 ${cfg.user} ${cfg.group} - -'"
       ];
       
       services = {

lib/fudo/kdc.nix

@@ -373,15 +373,11 @@ in {
       # };
     };
 
-    fudo.system = {
+    systemd.tmpfiles.rules = [
-      ensure-directories = {
+      "d ${state-directory} 0740 ${cfg.user} ${cfg.group} - -"
-        "${state-directory}" = {
+    ];
-          user = cfg.user;
-          group = cfg.group;
-          perms = "0740";
-        };
-      };
 
+    fudo.system = {
       services = if master-server then {
 
         heimdal-kdc = let

lib/fudo/system.nix

@@ -387,10 +387,6 @@ in {
       timerConfig = { OnCalendar = opts.onCalendar; };
     }) (filterAttrs (name: opts: opts.onCalendar != null) cfg.services);
 
-    systemd.tmpfiles.rules = mapAttrsToList
-      (path: opts: "d ${path} ${opts.perms} ${opts.user} ${opts.group} - -")
-      cfg.ensure-directories;
-
     systemd.targets.fudo-init = { wantedBy = [ "multi-user.target" ]; };
 
     systemd.services = mapAttrs (name: opts: {