From baa1c1f5fe3ee0f2f4ca44556c797700f3cec4be Mon Sep 17 00:00:00 2001 From: Daniel Frank Date: Fri, 11 Oct 2019 22:36:07 +0200 Subject: [PATCH] Fix phpfpm on roundcube for NixOS 19.09 --- postfixadmin.nix | 2 +- roundcube.nix | 13 ++++++++++--- variables.nix | 1 + 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/postfixadmin.nix b/postfixadmin.nix index c92016f..8b4b331 100644 --- a/postfixadmin.nix +++ b/postfixadmin.nix @@ -84,8 +84,8 @@ in services.phpfpm.pools."${phppoolName}" = { listen = phpfpmHostPort; user = "${pfaUser}"; + group = "${pfaGroup}"; extraConfig = '' - user = ${pfaUser} pm = dynamic pm.max_children = 75 pm.min_spare_servers = 5 diff --git a/roundcube.nix b/roundcube.nix index f8e6514..4256d2e 100644 --- a/roundcube.nix +++ b/roundcube.nix @@ -93,12 +93,12 @@ in wantedBy = [ "multi-user.target" ]; script = '' mkdir -p ${config.variables.roundcubeDataDir}/temp ${config.variables.roundcubeDataDir}/logs - chown -Rc ${config.variables.roundcubeUser} ${config.variables.roundcubeDataDir} + chown -Rc ${config.variables.roundcubeUser}:${config.variables.roundcubeGroup} ${config.variables.roundcubeDataDir} chmod -c 700 ${config.variables.roundcubeDataDir} # Regenerate the key every now and then. This invalidates all sessions, but during reboot should be good enough. [ -f "${config.variables.roundcubeDataDir}/des_key" ] && ${pkgs.coreutils}/bin/shred "${config.variables.roundcubeDataDir}/des_key" ${pkgs.coreutils}/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | ${pkgs.coreutils}/bin/base64 > "${config.variables.roundcubeDataDir}/des_key" - chown -c "${config.variables.roundcubeUser}":root "${config.variables.roundcubeDataDir}/des_key" + chown -c "${config.variables.roundcubeUser}":${config.variables.roundcubeGroup} "${config.variables.roundcubeDataDir}/des_key" chmod -c 400 "${config.variables.roundcubeDataDir}/des_key" if [ -s "${config.variables.roundcubeDataDir}/roundcube.sqlite" ]; then # Just go ahead and remove the sessions, the key to decrypt them has just been destroyed anyway. @@ -109,8 +109,8 @@ in services.phpfpm.pools."${poolName}" = { listen = config.variables.roundcubePhpfpmHostPort; user = "${config.variables.roundcubeUser}"; + group = "${config.variables.roundcubeUser}"; extraConfig = '' - user = ${config.variables.roundcubeUser} pm = dynamic pm.max_children = 75 pm.min_spare_servers = 5 @@ -120,4 +120,11 @@ in ''; }; users.extraUsers."${config.variables.roundcubeUser}" = { }; + users.extraGroups."${config.variables.roundcubeUser}" = { }; + users.groups."${config.variables.roundcubeGroup}" = { }; + users.users."${config.variables.roundcubeUser}" = { + isSystemUser = true; + group = "${config.variables.roundcubeGroup}"; + description = "PHP User for roundcube"; + }; } diff --git a/variables.nix b/variables.nix index 18cede2..d442b13 100644 --- a/variables.nix +++ b/variables.nix @@ -23,6 +23,7 @@ roundcubeDataDir = "/var/lib/roundcube"; roundcubePhpfpmHostPort = "127.0.0.1:9001"; roundcubeUser = "roundcube"; + roundcubeGroup = "roundcube"; useSSL = false; vmailBaseDir = "/srv/vmail"; vmailGID = 10000;