From 26529e4c9153cb56f6c278c39e6ae1f51f931bc3 Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Sun, 29 Jan 2023 23:31:51 +0100
Subject: [PATCH] Fix tor on debian + use unix sockets for tor<=>nginx

---
 mkosi.extra/etc/nginx/sites/niver.test.conf | 30 ---------------------
 mkosi.postinst                              |  3 ++-
 mkosi.skeleton/etc/tmpfiles.d/knot.conf     |  1 +
 3 files changed, 3 insertions(+), 31 deletions(-)
 delete mode 100644 mkosi.extra/etc/nginx/sites/niver.test.conf

diff --git a/mkosi.extra/etc/nginx/sites/niver.test.conf b/mkosi.extra/etc/nginx/sites/niver.test.conf
deleted file mode 100644
index c51687b..0000000
--- a/mkosi.extra/etc/nginx/sites/niver.test.conf
+++ /dev/null
@@ -1,30 +0,0 @@
-server {
-	listen [::1]:42443 ssl http2;
-	listen 127.0.0.1:42443 ssl http2;
-	server_name servnest.test;
-
-	root /srv/servnest/core;
-
-	include inc/tls.conf;
-	include inc/errors.conf;
-
-	more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
-
-	location / {
-		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		fastcgi_pass unix:/run/php-fpm/servnest.sock;
-		include inc/fastcgi.conf;
-		try_files /router.php =500;
-	}
-
-	location /css {
-		alias /srv/servnest/core/css;
-	}
-
-	location /docs {
-		alias /srv/servnest/docs;
-	}
-
-	ssl_certificate /etc/ssl/certs/servnest.crt;
-	ssl_certificate_key /etc/ssl/private/servnest.key;
-}
diff --git a/mkosi.postinst b/mkosi.postinst
index 0148a92..d7b66e5 100755
--- a/mkosi.postinst
+++ b/mkosi.postinst
@@ -75,10 +75,11 @@ EOF
 # Configure Tor
 
 if [[ $ID = "debian" ]]; then
+	mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/
 	sed -i 's/User tor/User debian-tor/' /etc/tor/torrc
 	sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest
 	sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest
-	sed -i 's/tor_service = "tor"/tor_service = "tor@default"/' /srv/servnest/core/config.ini
+	sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini
 	sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini
 fi
 
diff --git a/mkosi.skeleton/etc/tmpfiles.d/knot.conf b/mkosi.skeleton/etc/tmpfiles.d/knot.conf
index fd9192f..a16e4fa 100644
--- a/mkosi.skeleton/etc/tmpfiles.d/knot.conf
+++ b/mkosi.skeleton/etc/tmpfiles.d/knot.conf
@@ -1,2 +1,3 @@
+d /run/servnest   0555 root root - -
 d /run/knot       0755 knot knot - -
 d /var/lib/knot   0770 knot knot - -