servnest-mkosi/mkosi.postinst

#!/usr/bin/bash
source /etc/os-release

# Create system users
useradd -U -r -s /usr/sbin/nologin nginx
useradd -U -r -s /usr/sbin/nologin php-niver
useradd -U -r -s /usr/sbin/nologin php-errors
useradd -U -r -s /usr/sbin/nologin sftpgo

# Set proper permissions

chmod 770 /var/lib/knot
chmod -R g+w /var/lib/knot/confdb
usermod -aG knot php-niver

chown -R knot:knot /var/log/knot
chmod -R 700 /var/log/knot

chown -R php-niver:knot /srv/ns
chmod -R 770 /srv/ns

chown -R php-niver:php-niver /etc/nginx/ht

chown -R sftpgo:sftpgo /etc/sftpgo
chmod -R u=rwX,g=,o= /etc/sftpgo

chown -R sftpgo:php-niver /srv/ht
chmod -R u=rwX,g=rwX,o=rX /srv/ht

chmod 555 /srv/php

chown -R php-errors:nginx /srv/php/errors
chmod -R 550 /srv/php/errors

chown -R php-niver:nginx /srv/php/niver
chmod -R u=rX,g=rX,o=X /srv/php/niver
chmod -R 750 /srv/php/niver/public/css/
chmod -R 700 /srv/php/niver/db
chmod -R 600 /srv/php/niver/niver.log
chown sftpgo:sftpgo /srv/php/niver/sftpgo-auth.php
chmod -R u=rx,g=rx,o= /srv/php/niver/sftpgo-auth.php
chown sftpgo:sftpgo /srv/php/niver/auth.log
chmod -R u=rw,g=rw,o= /srv/php/niver/auth.log

# Load configuration in Knot database
systemctl stop knot
sudo -u knot knotc conf-import /etc/knot/knot.conf
systemctl start knot

export PHP_INI=/etc/php/php.ini

if [[ $ID = "debian" ]]; then
	rm /etc/php/7.4/fpm/php-fpm.conf
	ln -s /etc/php/php-fpm.conf /etc/php/7.4/fpm/php-fpm.conf
	ln -s /etc/php/php-fpm.d/ /etc/php/7.4/fpm/pool.d

	export PHP_INI=/etc/php/7.4/fpm/php.ini
fi

# Configure PHP-FPM properly

cat >> $PHP_INI << EOF
expose_php = Off
display_errors = On
extension = pdo_sqlite
EOF

systemctl enable sftpgo

if [[ $ID = "arch" ]]; then
	systemctl enable sshd
	systemctl enable knot
	systemctl enable nginx
	systemctl enable php-fpm
fi