From 066d230a2eee05fa9489e33c6a9af385bc0068ba Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Sat, 22 Aug 2020 21:53:23 -0300
Subject: Fix DATA_ROOT permissions

---
 secrets/secret-envrc.sh   | Bin 4233 -> 4308 bytes
 vps-configuration.env.nix |  19 ++++++++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/secrets/secret-envrc.sh b/secrets/secret-envrc.sh
index 27332b9..b14f20a 100644
Binary files a/secrets/secret-envrc.sh and b/secrets/secret-envrc.sh differ
diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix
index d66bd38..6967845 100644
--- a/vps-configuration.env.nix
+++ b/vps-configuration.env.nix
@@ -13,12 +13,13 @@ let
     authorizedKey = "$AUTHORIZED_KEY";
     userPassword = "$USER_PASSWORD";
     userName = "$USER_NAME";
+    staticRoot = "$STATIC_ROOT";
+    dataRoot = "$DATA_ROOT";
     nextcloudDatabaseUser = "$NEXTCLOUD_DATABASE_USER";
     nextcloudDatabasePassword = "$NEXTCLOUD_DATABASE_PASSWORD";
     nextcloudAdminUser = "$NEXTCLOUD_ADMIN_USER";
     nextcloudAdminPassword = "$NEXTCLOUD_ADMIN_PASSWORD";
     nextcloudTablePrefix = "$NEXTCLOUD_TABLE_PREFIX";
-    gitRoot = "$GIT_ROOT";
     gitPort = "$GIT_PORT";
     systemStateVersion = "$SYSTEM_STATE_VERSION";
     prosodyAdminUser = "$PROSODY_ADMIN_USER";
@@ -123,7 +124,7 @@ in {
         "${envsubstConfiguration.songbooksDocumentationTLD}" = {
           forceSSL = true;
           enableACME = true;
-          root = "/home/${envsubstConfiguration.userName}/songbooks/";
+          root = "${envsubstConfiguration.staticRoot}/songbooks/";
         };
         "${envsubstConfiguration.prosodyTLD}" = {
           forceSSL = true;
@@ -249,12 +250,20 @@ in {
     };
     "lighttpd-cgit-install" = {
       enable = true;
-      description = "Setup folders and permissions for lighttpd and cgit";
+      description = "Setup data folders and permissions";
       wantedBy = [ "multi-user.target" ];
       script = ''
+        mkdir -p ${envsubstConfiguration.dataRoot}
+        chown -R ${envsubstConfiguration.userName}:users ${envsubstConfiguration.dataRoot}
+        chmod -R 755 ${envsubstConfiguration.dataRoot}
+
+        mkdir -p ${envsubstConfiguration.staticRoot}
+        chown -R ${envsubstConfiguration.userName}:users ${envsubstConfiguration.staticRoot}
+        chmod -R 755 ${envsubstConfiguration.staticRoot}
+
         mkdir -p ${envsubstConfiguration.gitRoot}
-        chown -R ${envsubstConfiguration.userName}:lighttpd ${envsubstConfiguration.gitRoot}
-        chmod -R 770 ${envsubstConfiguration.gitRoot}
+        chown -R ${envsubstConfiguration.userName}:users ${envsubstConfiguration.gitRoot}
+        chmod -R 755 ${envsubstConfiguration.gitRoot}
       '';
       serviceConfig = { Type = "oneshot"; };
     };
-- 
cgit v1.2.3