Fix phpfpm on roundcube for NixOS 19.09

This commit is contained in:
Daniel Frank 2019-10-11 22:36:07 +02:00
parent dacef180c5
commit baa1c1f5fe
Signed by: tokudan
GPG key ID: 063CCCAD04182D32
3 changed files with 12 additions and 4 deletions

View file

@ -84,8 +84,8 @@ in
services.phpfpm.pools."${phppoolName}" = {
listen = phpfpmHostPort;
user = "${pfaUser}";
group = "${pfaGroup}";
extraConfig = ''
user = ${pfaUser}
pm = dynamic
pm.max_children = 75
pm.min_spare_servers = 5

View file

@ -93,12 +93,12 @@ in
wantedBy = [ "multi-user.target" ];
script = ''
mkdir -p ${config.variables.roundcubeDataDir}/temp ${config.variables.roundcubeDataDir}/logs
chown -Rc ${config.variables.roundcubeUser} ${config.variables.roundcubeDataDir}
chown -Rc ${config.variables.roundcubeUser}:${config.variables.roundcubeGroup} ${config.variables.roundcubeDataDir}
chmod -c 700 ${config.variables.roundcubeDataDir}
# Regenerate the key every now and then. This invalidates all sessions, but during reboot should be good enough.
[ -f "${config.variables.roundcubeDataDir}/des_key" ] && ${pkgs.coreutils}/bin/shred "${config.variables.roundcubeDataDir}/des_key"
${pkgs.coreutils}/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | ${pkgs.coreutils}/bin/base64 > "${config.variables.roundcubeDataDir}/des_key"
chown -c "${config.variables.roundcubeUser}":root "${config.variables.roundcubeDataDir}/des_key"
chown -c "${config.variables.roundcubeUser}":${config.variables.roundcubeGroup} "${config.variables.roundcubeDataDir}/des_key"
chmod -c 400 "${config.variables.roundcubeDataDir}/des_key"
if [ -s "${config.variables.roundcubeDataDir}/roundcube.sqlite" ]; then
# Just go ahead and remove the sessions, the key to decrypt them has just been destroyed anyway.
@ -109,8 +109,8 @@ in
services.phpfpm.pools."${poolName}" = {
listen = config.variables.roundcubePhpfpmHostPort;
user = "${config.variables.roundcubeUser}";
group = "${config.variables.roundcubeUser}";
extraConfig = ''
user = ${config.variables.roundcubeUser}
pm = dynamic
pm.max_children = 75
pm.min_spare_servers = 5
@ -120,4 +120,11 @@ in
'';
};
users.extraUsers."${config.variables.roundcubeUser}" = { };
users.extraGroups."${config.variables.roundcubeUser}" = { };
users.groups."${config.variables.roundcubeGroup}" = { };
users.users."${config.variables.roundcubeUser}" = {
isSystemUser = true;
group = "${config.variables.roundcubeGroup}";
description = "PHP User for roundcube";
};
}

View file

@ -23,6 +23,7 @@
roundcubeDataDir = "/var/lib/roundcube";
roundcubePhpfpmHostPort = "127.0.0.1:9001";
roundcubeUser = "roundcube";
roundcubeGroup = "roundcube";
useSSL = false;
vmailBaseDir = "/srv/vmail";
vmailGID = 10000;