From a4b146c6a364572fd38117c7f9cd41d4e3117774 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= Date: Sat, 26 Nov 2022 21:54:48 +0000 Subject: [PATCH] prep directories for the container --- nixos/boxes/vpsfree1/mastodon.nix | 33 ++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/nixos/boxes/vpsfree1/mastodon.nix b/nixos/boxes/vpsfree1/mastodon.nix index fd156501..5e8fdfb7 100644 --- a/nixos/boxes/vpsfree1/mastodon.nix +++ b/nixos/boxes/vpsfree1/mastodon.nix @@ -25,6 +25,11 @@ let members = [ "${systemUserName}" "nginx" ]; }; }; + secretSettings = { + owner = systemUserName; + group = systemGroupName; + }; + publicPath = "${path}/public-system/"; package = inputs.nixpkgs-nixos-unstable.legacyPackages."${pkgs.system}".mastodon; in { @@ -38,7 +43,7 @@ in { root = "${package}/public/"; locations."/" = { tryFiles = "$uri @proxy"; }; - locations."/system/".alias = "${path}/public-system/"; + locations."/system/".alias = "${publicPath}"; locations."@proxy" = { proxyPass = "http://127.0.0.1:" + toString webPort; @@ -55,18 +60,32 @@ in { sops.secrets."${mailgunSmtpSecretName}" = { sopsFile = ./mailgun.sops.yaml; path = mailgunSmtpPasswordPath; - owner = systemUserName; - group = systemGroupName; - }; + } // secretSettings; sops.secrets."${mastodonDbSecretName}" = { sopsFile = ./mastodon-db.sops.yaml; path = mastodonDbSecretPath; - owner = systemUserName; - group = systemGroupName; - }; + } // secretSettings; inherit users; + systemd.services.mastodon-make-path = { + script = '' + mkdir -p ${path} + chown -R ${systemUserName}:${systemGroupName} ${path} + mkdir -p ${publicPath} + chmod -R o-rwx ${publicPath} + chmod -R g-rwx ${publicPath} + chmod -R g+X ${publicPath} + chmod -R g+r ${publicPath} + ''; + serviceConfig = { + Type = "oneshot"; + ProtectSystem = "strict"; + ReadWritePaths = path; + }; + before = [ "container@mastodon.service" ]; + }; + containers.mastodon = { autoStart = true; forwardPorts = [