From 6158bbb511e3ac110ee7b2db350f507f702283e8 Mon Sep 17 00:00:00 2001
From: Miraty <miraty@antopie.org>
Date: Tue, 31 May 2022 23:56:38 +0200
Subject: [PATCH] Generate SFTPGo fingerprints

---
 mkosi.extra/etc/nginx/inc/ht-onion.conf     | 2 +-
 mkosi.extra/etc/nginx/inc/ht-tls.conf       | 2 +-
 mkosi.extra/etc/nginx/sites/niver.test.conf | 1 -
 mkosi.postinst                              | 4 ++--
 mkosi.prepare                               | 7 +++++--
 mkosi.skeleton/srv/php/niver                | 2 +-
 6 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/mkosi.extra/etc/nginx/inc/ht-onion.conf b/mkosi.extra/etc/nginx/inc/ht-onion.conf
index 91a9c0c..2b01dcb 100644
--- a/mkosi.extra/etc/nginx/inc/ht-onion.conf
+++ b/mkosi.extra/etc/nginx/inc/ht-onion.conf
@@ -1,3 +1,3 @@
 more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inlinde' http: data:; img-src 'self' http: data:; font-src 'self' http: data:; media-src 'self' http: data:; frame-ancestors 'none'; form-action 'none';";
 
-include inc/ht.conf
+include inc/ht.conf;
diff --git a/mkosi.extra/etc/nginx/inc/ht-tls.conf b/mkosi.extra/etc/nginx/inc/ht-tls.conf
index 930d41c..6922921 100644
--- a/mkosi.extra/etc/nginx/inc/ht-tls.conf
+++ b/mkosi.extra/etc/nginx/inc/ht-tls.conf
@@ -1,4 +1,4 @@
 more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inlinde' https: data:; img-src 'self' https: data:; font-src 'self' https: data:; media-src 'self' https: data:; frame-ancestors 'none'; form-action 'none';";
 
-include inc/ht.conf
+include inc/ht.conf;
 include inc/tls.conf;
diff --git a/mkosi.extra/etc/nginx/sites/niver.test.conf b/mkosi.extra/etc/nginx/sites/niver.test.conf
index f1c7199..13c5623 100644
--- a/mkosi.extra/etc/nginx/sites/niver.test.conf
+++ b/mkosi.extra/etc/nginx/sites/niver.test.conf
@@ -10,7 +10,6 @@ server {
 	include inc/tls.conf;
 	include inc/errors.conf;
 
-	more_set_headers "Referrer-Policy : same-origin";
 	more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
 
 	location ~ \.php$ {
diff --git a/mkosi.postinst b/mkosi.postinst
index 3cb1830..f549597 100755
--- a/mkosi.postinst
+++ b/mkosi.postinst
@@ -22,7 +22,8 @@ chmod -R 770 /srv/ns
 chown -R php-niver:php-niver /etc/nginx/ht
 
 chown -R sftpgo:sftpgo /etc/sftpgo
-chmod -R u=rwX,g=,o= /etc/sftpgo
+chmod -R u=rX,g=rX,o=rX /etc/sftpgo
+chmod u=r,g=,o= /etc/sftpgo/ed25519
 
 chown -R php-niver:sftpgo /srv/ht
 chmod -R u=rwX,g=rwX,o=rX /srv/ht
@@ -41,7 +42,6 @@ chmod -R u=rX,g=rX,o= /srv/php/errors
 
 chown -R php-niver:nginx /srv/php/niver
 chmod -R u=rX,g=rX,o=X /srv/php/niver
-chmod -R u=rwX,g=rX,o= /srv/php/niver/public/css/
 chmod -R u=rwX,g=,o= /srv/php/niver/db /srv/php/niver/niver.log
 
 # Load configuration in Knot database
diff --git a/mkosi.prepare b/mkosi.prepare
index 96142a3..8fefa84 100755
--- a/mkosi.prepare
+++ b/mkosi.prepare
@@ -26,8 +26,11 @@ ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
 ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp
 
 # Generate SFTPGo key pair
-ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N ""
-ssh-keygen -lvf /etc/sftpgo/ed25519 > /etc/sftpgo/ed25519.fp
+ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C ""
+# Generate fingerprints
+fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519))
+echo ${fp[1]} > /etc/sftpgo/ed25519.fp
+ssh-keygen -lv -f /etc/sftpgo/ed25519 | tail -n +2 > /etc/sftpgo/ed25519.asciiart
 
 # Create database
 sqlite3 /srv/php/niver/db/niver.db < /srv/php/niver/db/source.sql
diff --git a/mkosi.skeleton/srv/php/niver b/mkosi.skeleton/srv/php/niver
index 7964b86..3a71e75 160000
--- a/mkosi.skeleton/srv/php/niver
+++ b/mkosi.skeleton/srv/php/niver
@@ -1 +1 @@
-Subproject commit 7964b86c70332ad2d5779cc0ab6a8ba476857aaa
+Subproject commit 3a71e759a40c21716d32e1d4d2bd1751c0574a79