freifunk/mail2-nixos-config
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix phpfpm on roundcube for NixOS 19.09

Browse source
This commit is contained in:
Daniel Frank 2019-10-11 22:36:07 +02:00
parent dacef180c5
commit baa1c1f5fe
Signed by: tokudan
GPG key ID: 063CCCAD04182D32
3 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
postfixadmin.nix
View file

@ -84,8 +84,8 @@ in
services.phpfpm.pools."${phppoolName}" = { services.phpfpm.pools."${phppoolName}" = {
listen = phpfpmHostPort; listen = phpfpmHostPort;
user = "${pfaUser}"; user = "${pfaUser}";
group = "${pfaGroup}";
extraConfig = '' extraConfig = ''
user = ${pfaUser}
pm = dynamic pm = dynamic
pm.max_children = 75 pm.max_children = 75
pm.min_spare_servers = 5 pm.min_spare_servers = 5

13
roundcube.nix
View file

@ -93,12 +93,12 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
script = '' script = ''
mkdir -p ${config.variables.roundcubeDataDir}/temp ${config.variables.roundcubeDataDir}/logs mkdir -p ${config.variables.roundcubeDataDir}/temp ${config.variables.roundcubeDataDir}/logs
chown -Rc ${config.variables.roundcubeUser} ${config.variables.roundcubeDataDir} chown -Rc ${config.variables.roundcubeUser}:${config.variables.roundcubeGroup} ${config.variables.roundcubeDataDir}
chmod -c 700 ${config.variables.roundcubeDataDir} chmod -c 700 ${config.variables.roundcubeDataDir}
# Regenerate the key every now and then. This invalidates all sessions, but during reboot should be good enough. # Regenerate the key every now and then. This invalidates all sessions, but during reboot should be good enough.
[ -f "${config.variables.roundcubeDataDir}/des_key" ] && ${pkgs.coreutils}/bin/shred "${config.variables.roundcubeDataDir}/des_key" [ -f "${config.variables.roundcubeDataDir}/des_key" ] && ${pkgs.coreutils}/bin/shred "${config.variables.roundcubeDataDir}/des_key"
${pkgs.coreutils}/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | ${pkgs.coreutils}/bin/base64 > "${config.variables.roundcubeDataDir}/des_key" ${pkgs.coreutils}/bin/dd if=/dev/urandom bs=32 count=1 2>/dev/null | ${pkgs.coreutils}/bin/base64 > "${config.variables.roundcubeDataDir}/des_key"
chown -c "${config.variables.roundcubeUser}":root "${config.variables.roundcubeDataDir}/des_key" chown -c "${config.variables.roundcubeUser}":${config.variables.roundcubeGroup} "${config.variables.roundcubeDataDir}/des_key"
chmod -c 400 "${config.variables.roundcubeDataDir}/des_key" chmod -c 400 "${config.variables.roundcubeDataDir}/des_key"
if [ -s "${config.variables.roundcubeDataDir}/roundcube.sqlite" ]; then if [ -s "${config.variables.roundcubeDataDir}/roundcube.sqlite" ]; then
# Just go ahead and remove the sessions, the key to decrypt them has just been destroyed anyway. # Just go ahead and remove the sessions, the key to decrypt them has just been destroyed anyway.
@ -109,8 +109,8 @@ in
services.phpfpm.pools."${poolName}" = { services.phpfpm.pools."${poolName}" = {
listen = config.variables.roundcubePhpfpmHostPort; listen = config.variables.roundcubePhpfpmHostPort;
user = "${config.variables.roundcubeUser}"; user = "${config.variables.roundcubeUser}";
group = "${config.variables.roundcubeUser}";
extraConfig = '' extraConfig = ''
user = ${config.variables.roundcubeUser}
pm = dynamic pm = dynamic
pm.max_children = 75 pm.max_children = 75
pm.min_spare_servers = 5 pm.min_spare_servers = 5
@ -120,4 +120,11 @@ in
''; '';
}; };
users.extraUsers."${config.variables.roundcubeUser}" = { }; users.extraUsers."${config.variables.roundcubeUser}" = { };
users.extraGroups."${config.variables.roundcubeUser}" = { };
users.groups."${config.variables.roundcubeGroup}" = { };
users.users."${config.variables.roundcubeUser}" = {
isSystemUser = true;
group = "${config.variables.roundcubeGroup}";
description = "PHP User for roundcube";
};
} }

1
variables.nix
View file

@ -23,6 +23,7 @@
roundcubeDataDir = "/var/lib/roundcube"; roundcubeDataDir = "/var/lib/roundcube";
roundcubePhpfpmHostPort = "127.0.0.1:9001"; roundcubePhpfpmHostPort = "127.0.0.1:9001";
roundcubeUser = "roundcube"; roundcubeUser = "roundcube";
roundcubeGroup = "roundcube";
useSSL = false; useSSL = false;
vmailBaseDir = "/srv/vmail"; vmailBaseDir = "/srv/vmail";
vmailGID = 10000; vmailGID = 10000;