Merge pull request #43 from fsr/userdir

Serve public_html directory
This commit is contained in:
Tassilo Tanneberger 2023-07-08 18:47:37 +02:00 committed by GitHub
commit 69cf4211a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 0 deletions

View file

@ -29,6 +29,7 @@
./modules/mail.nix ./modules/mail.nix
./modules/mailman.nix ./modules/mailman.nix
./modules/nginx.nix ./modules/nginx.nix
./modules/userdir.nix
./modules/hedgedoc.nix ./modules/hedgedoc.nix
./modules/wiki.nix ./modules/wiki.nix
./modules/ftp.nix ./modules/ftp.nix

53
modules/userdir.nix Normal file
View file

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
let
domain = "users.${config.fsr.domain}";
port = 8083;
apacheUser = config.services.httpd.user;
in
{
# home directory setup
systemd.tmpfiles.rules = [
"d /etc/skel"
];
environment.extraInit = /*sh*/ ''
if [[ "$HOME" != "/" && "$UID" != 0 ]]; then
umask 002
# home dir: apache may traverse only, creation mode is rw(x)------
setfacl -m u:${apacheUser}:x,d:u::rwx,d:g::-,d:o::- $HOME
mkdir -p $HOME/public_html
# public_html dir: apache and $USER have rwx on everything inside
setfacl -m u:${apacheUser}:rwx,d:u:${apacheUser}:rwx,d:u:$USER:rwx $HOME/public_html
fi
'';
services.httpd = {
enable = true;
enablePHP = true;
virtualHosts.${domain} = {
enableUserDir = true;
extraConfig = ''
<Directory "/home/*/public_html">
Options -Indexes
DirectoryIndex index.php index.html
AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes
</Directory>
'';
listen = [{
ip = "127.0.0.1";
inherit port;
}];
};
};
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
};
};
}