diff options
| -rw-r--r-- | secrets/secret-envrc.sh | bin | 4233 -> 4308 bytes | |||
| -rw-r--r-- | vps-configuration.env.nix | 19 |
2 files changed, 14 insertions, 5 deletions
diff --git a/secrets/secret-envrc.sh b/secrets/secret-envrc.sh Binary files differindex 27332b9..b14f20a 100644 --- a/secrets/secret-envrc.sh +++ b/secrets/secret-envrc.sh diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index d66bd38..6967845 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -13,12 +13,13 @@ let authorizedKey = "$AUTHORIZED_KEY"; userPassword = "$USER_PASSWORD"; userName = "$USER_NAME"; + staticRoot = "$STATIC_ROOT"; + dataRoot = "$DATA_ROOT"; nextcloudDatabaseUser = "$NEXTCLOUD_DATABASE_USER"; nextcloudDatabasePassword = "$NEXTCLOUD_DATABASE_PASSWORD"; nextcloudAdminUser = "$NEXTCLOUD_ADMIN_USER"; nextcloudAdminPassword = "$NEXTCLOUD_ADMIN_PASSWORD"; nextcloudTablePrefix = "$NEXTCLOUD_TABLE_PREFIX"; - gitRoot = "$GIT_ROOT"; gitPort = "$GIT_PORT"; systemStateVersion = "$SYSTEM_STATE_VERSION"; prosodyAdminUser = "$PROSODY_ADMIN_USER"; @@ -123,7 +124,7 @@ in { "${envsubstConfiguration.songbooksDocumentationTLD}" = { forceSSL = true; enableACME = true; - root = "/home/${envsubstConfiguration.userName}/songbooks/"; + root = "${envsubstConfiguration.staticRoot}/songbooks/"; }; "${envsubstConfiguration.prosodyTLD}" = { forceSSL = true; @@ -249,12 +250,20 @@ in { }; "lighttpd-cgit-install" = { enable = true; - description = "Setup folders and permissions for lighttpd and cgit"; + description = "Setup data folders and permissions"; wantedBy = [ "multi-user.target" ]; script = '' + mkdir -p ${envsubstConfiguration.dataRoot} + chown -R ${envsubstConfiguration.userName}:users ${envsubstConfiguration.dataRoot} + chmod -R 755 ${envsubstConfiguration.dataRoot} + + mkdir -p ${envsubstConfiguration.staticRoot} + chown -R ${envsubstConfiguration.userName}:users ${envsubstConfiguration.staticRoot} + chmod -R 755 ${envsubstConfiguration.staticRoot} + mkdir -p ${envsubstConfiguration.gitRoot} - chown -R ${envsubstConfiguration.userName}:lighttpd ${envsubstConfiguration.gitRoot} - chmod -R 770 ${envsubstConfiguration.gitRoot} + chown -R ${envsubstConfiguration.userName}:users ${envsubstConfiguration.gitRoot} + chmod -R 755 ${envsubstConfiguration.gitRoot} ''; serviceConfig = { Type = "oneshot"; }; }; |