From 74c04acadc6781f692d75c42eb96d10afc7d235a Mon Sep 17 00:00:00 2001
From: Miraty <miraty@antopie.org>
Date: Tue, 3 May 2022 19:18:09 +0200
Subject: [PATCH] Fix Knot permissions

---
 mkosi.postinst                              | 6 ++----
 mkosi.skeleton/etc/tmpfiles.d/knot.conf     | 2 ++
 mkosi.skeleton/var/lib/knot/confdb/data.mdb | 0
 mkosi.skeleton/var/lib/knot/confdb/lock.mdb | 0
 4 files changed, 4 insertions(+), 4 deletions(-)
 create mode 100644 mkosi.skeleton/etc/tmpfiles.d/knot.conf
 create mode 100644 mkosi.skeleton/var/lib/knot/confdb/data.mdb
 create mode 100644 mkosi.skeleton/var/lib/knot/confdb/lock.mdb

diff --git a/mkosi.postinst b/mkosi.postinst
index 9b1c32f..f691fae 100755
--- a/mkosi.postinst
+++ b/mkosi.postinst
@@ -9,8 +9,8 @@ useradd -U -r -s /usr/sbin/nologin sftpgo
 
 # Set proper permissions
 
-chmod 770 /var/lib/knot
-chmod -R g+w /var/lib/knot/confdb
+chown -R knot:knot /var/lib/knot/confdb
+chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb
 usermod -aG knot php-niver
 
 chown -R knot:knot /var/log/knot
@@ -43,9 +43,7 @@ chown sftpgo:sftpgo /srv/php/niver/auth.log
 chmod -R u=rw,g=rw,o= /srv/php/niver/auth.log
 
 # Load configuration in Knot database
-systemctl stop knot
 sudo -u knot knotc conf-import /etc/knot/knot.conf
-systemctl start knot
 
 export PHP_INI=/etc/php/php.ini
 
diff --git a/mkosi.skeleton/etc/tmpfiles.d/knot.conf b/mkosi.skeleton/etc/tmpfiles.d/knot.conf
new file mode 100644
index 0000000..fd9192f
--- /dev/null
+++ b/mkosi.skeleton/etc/tmpfiles.d/knot.conf
@@ -0,0 +1,2 @@
+d /run/knot       0755 knot knot - -
+d /var/lib/knot   0770 knot knot - -
diff --git a/mkosi.skeleton/var/lib/knot/confdb/data.mdb b/mkosi.skeleton/var/lib/knot/confdb/data.mdb
new file mode 100644
index 0000000..e69de29
diff --git a/mkosi.skeleton/var/lib/knot/confdb/lock.mdb b/mkosi.skeleton/var/lib/knot/confdb/lock.mdb
new file mode 100644
index 0000000..e69de29