forked from mirrors/nixpkgs
Merge pull request #133133 from symphorien/tt-rss-read-only
nixos/tt-rss: make all php files read only
This commit is contained in:
commit
c988c752bb
|
@ -6,10 +6,6 @@ let
|
|||
|
||||
configVersion = 26;
|
||||
|
||||
cacheDir = "cache";
|
||||
lockDir = "lock";
|
||||
feedIconsDir = "feed-icons";
|
||||
|
||||
dbPort = if cfg.database.port == null
|
||||
then (if cfg.database.type == "pgsql" then 5432 else 3306)
|
||||
else cfg.database.port;
|
||||
|
@ -32,10 +28,10 @@ let
|
|||
<?php
|
||||
putenv('TTRSS_PHP_EXECUTABLE=${pkgs.php}/bin/php');
|
||||
|
||||
putenv('TTRSS_LOCK_DIRECTORY=${lockDir}');
|
||||
putenv('TTRSS_CACHE_DIR=${cacheDir}');
|
||||
putenv('TTRSS_ICONS_DIR=${feedIconsDir}');
|
||||
putenv('TTRSS_ICONS_URL=${feedIconsDir}');
|
||||
putenv('TTRSS_LOCK_DIRECTORY=${cfg.root}/lock');
|
||||
putenv('TTRSS_CACHE_DIR=${cfg.root}/cache');
|
||||
putenv('TTRSS_ICONS_DIR=${cfg.root}/feed-icons');
|
||||
putenv('TTRSS_ICONS_URL=feed-icons');
|
||||
putenv('TTRSS_SELF_URL_PATH=${cfg.selfUrlPath}');
|
||||
|
||||
putenv('TTRSS_MYSQL_CHARSET=UTF8');
|
||||
|
@ -101,6 +97,22 @@ let
|
|||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
# tt-rss and plugins and themes and config.php
|
||||
servedRoot = pkgs.runCommand "tt-rss-served-root" {} ''
|
||||
cp --no-preserve=mode -r ${pkgs.tt-rss} $out
|
||||
cp ${tt-rss-config} $out/config.php
|
||||
${optionalString (cfg.pluginPackages != []) ''
|
||||
for plugin in ${concatStringsSep " " cfg.pluginPackages}; do
|
||||
cp -r "$plugin"/* "$out/plugins.local/"
|
||||
done
|
||||
''}
|
||||
${optionalString (cfg.themePackages != []) ''
|
||||
for theme in ${concatStringsSep " " cfg.themePackages}; do
|
||||
cp -r "$theme"/* "$out/themes.local/"
|
||||
done
|
||||
''}
|
||||
'';
|
||||
|
||||
in {
|
||||
|
||||
###### interface
|
||||
|
@ -544,12 +556,16 @@ let
|
|||
enable = true;
|
||||
virtualHosts = {
|
||||
${cfg.virtualHost} = {
|
||||
root = "${cfg.root}";
|
||||
root = "${cfg.root}/www";
|
||||
|
||||
locations."/" = {
|
||||
index = "index.php";
|
||||
};
|
||||
|
||||
locations."^~ /feed-icons" = {
|
||||
root = "${cfg.root}";
|
||||
};
|
||||
|
||||
locations."~ \\.php$" = {
|
||||
extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
|
@ -562,13 +578,19 @@ let
|
|||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.root}' 0755 ${cfg.user} tt_rss - -"
|
||||
"Z '${cfg.root}' 0755 ${cfg.user} tt_rss - -"
|
||||
"d '${cfg.root}' 0555 ${cfg.user} tt_rss - -"
|
||||
"d '${cfg.root}/lock' 0755 ${cfg.user} tt_rss - -"
|
||||
"d '${cfg.root}/cache' 0755 ${cfg.user} tt_rss - -"
|
||||
"d '${cfg.root}/cache/upload' 0755 ${cfg.user} tt_rss - -"
|
||||
"d '${cfg.root}/cache/images' 0755 ${cfg.user} tt_rss - -"
|
||||
"d '${cfg.root}/cache/export' 0755 ${cfg.user} tt_rss - -"
|
||||
"d '${cfg.root}/feed-icons' 0755 ${cfg.user} tt_rss - -"
|
||||
"L+ '${cfg.root}/www' - - - - ${servedRoot}"
|
||||
];
|
||||
|
||||
systemd.services = {
|
||||
phpfpm-tt-rss = mkIf (cfg.pool == "${poolName}") {
|
||||
restartTriggers = [ tt-rss-config pkgs.tt-rss ];
|
||||
restartTriggers = [ servedRoot ];
|
||||
};
|
||||
|
||||
tt-rss = {
|
||||
|
@ -594,27 +616,7 @@ let
|
|||
|
||||
else "";
|
||||
|
||||
in ''
|
||||
rm -rf "${cfg.root}/*"
|
||||
cp -r "${pkgs.tt-rss}/"* "${cfg.root}"
|
||||
${optionalString (cfg.pluginPackages != []) ''
|
||||
for plugin in ${concatStringsSep " " cfg.pluginPackages}; do
|
||||
cp -r "$plugin"/* "${cfg.root}/plugins.local/"
|
||||
done
|
||||
''}
|
||||
${optionalString (cfg.themePackages != []) ''
|
||||
for theme in ${concatStringsSep " " cfg.themePackages}; do
|
||||
cp -r "$theme"/* "${cfg.root}/themes.local/"
|
||||
done
|
||||
''}
|
||||
ln -sf "${tt-rss-config}" "${cfg.root}/config.php"
|
||||
chmod -R 755 "${cfg.root}"
|
||||
chmod -R ug+rwX "${cfg.root}/${lockDir}"
|
||||
chmod -R ug+rwX "${cfg.root}/${cacheDir}"
|
||||
chmod -R ug+rwX "${cfg.root}/${feedIconsDir}"
|
||||
''
|
||||
|
||||
+ (optionalString (cfg.database.type == "pgsql") ''
|
||||
in (optionalString (cfg.database.type == "pgsql") ''
|
||||
exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \
|
||||
| tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//')
|
||||
|
||||
|
@ -639,7 +641,7 @@ let
|
|||
serviceConfig = {
|
||||
User = "${cfg.user}";
|
||||
Group = "tt_rss";
|
||||
ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon --quiet";
|
||||
ExecStart = "${pkgs.php}/bin/php ${cfg.root}/www/update.php --daemon --quiet";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "60";
|
||||
SyslogIdentifier = "tt-rss";
|
||||
|
|
Loading…
Reference in a new issue