From mboxrd@z Thu Jan 1 00:00:00 1970 From: nee Subject: Re: WIP gnu social package Date: Sun, 26 Nov 2017 21:18:47 +0100 Message-ID: References: <17b7428d-0a46-6aca-f184-b63890c94cf5@cock.li> <87h8vd4p38.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36434) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eJ3O4-00078s-Vs for guix-devel@gnu.org; Sun, 26 Nov 2017 15:18:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eJ3O0-0003NV-RC for guix-devel@gnu.org; Sun, 26 Nov 2017 15:18:48 -0500 In-Reply-To: <87h8vd4p38.fsf@gnu.org> Content-Language: en-GB List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= Cc: guix-devel@gnu.org Hey, I haven't done anything on this lately, but the php-fpm service is probably getting accepted soon, so I might start working on this again. Am 05.10.2017 um 17:00 schrieb Ludovic Court=C3=A8s: > For this particular case, I would do nothing: the first time, the > service wouldn=E2=80=99t start (I guess). Users would have to explicit= ly set > the passwords on the command line, and then run =E2=80=9Cherd start gnu= -social=E2=80=9D. >=20 The advantage of using a service is the easy setup with mysql and the gnu-social-cli-installer, otherwise people could just run nginx and clone gnu social to /srv/gnu-social/ and manually create the database like you would on Debian. I saw that NixOS has something called passwordFile. https://github.com/NixOS/nixpkgs/issues/24288 I haven't found any details about it, but it seems like a text file from which passwords can be read during `system reconfigure`. As a start I could add a password-file field to the configuration of gnu-social and read an alist of passwords from it during initialization. That could later be extended by generating it with randomized passwords if it doesn't exist to maximize the ease of installation. >> - The password of the database-user ends up in the config.php which is >> generated by mixed-text-file. This file can be read by everyone. Can= I >> somehow set the owner on it and remove the reading rights from other >> users? >=20 > No, the store is world-readable. If there are secrets, they should be > stored elsewhere, but there=E2=80=99s currently no standard way to do t= hat in > Guix. >=20 Could a function in guix/gexp.scm be modified to generate a file outside of the store?