From 3673ccf39b327ea1ca8c745b3d61fd3e0273dcda Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 8 Apr 2026 16:00:59 +0000 Subject: [PATCH 1/2] Initial plan From fb4c268b8e0b825fa49c1cf95510d7132543e131 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 8 Apr 2026 16:09:10 +0000 Subject: [PATCH 2/2] Fix /var/lib/domains ownership and WordPress ADMIN_EMAIL generation Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/755b414e-9b63-448b-a57c-41d0ca45b5eb Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com> --- app/sovran_systemsos_web/server.py | 28 +++++++++++++++++-- .../element-calling_haven.sh | 2 ++ modules/core/caddy.nix | 4 +++ modules/wordpress.nix | 6 +++- 4 files changed, 36 insertions(+), 4 deletions(-) diff --git a/app/sovran_systemsos_web/server.py b/app/sovran_systemsos_web/server.py index 176f301..0b5c2cf 100644 --- a/app/sovran_systemsos_web/server.py +++ b/app/sovran_systemsos_web/server.py @@ -2779,6 +2779,25 @@ class DomainSetRequest(BaseModel): _SAFE_NAME_RE = re.compile(r'^[a-zA-Z0-9_-]+$') +def _ensure_domains_dir() -> None: + """Create DOMAINS_DIR if needed and ensure it is owned by caddy:root.""" + os.makedirs(DOMAINS_DIR, exist_ok=True) + try: + pw = pwd.getpwnam("caddy") + os.chown(DOMAINS_DIR, pw.pw_uid, 0) + except KeyError: + pass + + +def _chown_to_caddy(path: str) -> None: + """Set the owner of a file to caddy:root (best-effort).""" + try: + pw = pwd.getpwnam("caddy") + os.chown(path, pw.pw_uid, 0) + except KeyError: + pass + + def _validate_safe_name(name: str) -> bool: """Return True if name contains only safe path characters (no separators).""" return bool(name) and _SAFE_NAME_RE.match(name) is not None @@ -2789,10 +2808,11 @@ async def api_domains_set(req: DomainSetRequest): """Save a domain and optionally register a DDNS URL.""" if not _validate_safe_name(req.domain_name): raise HTTPException(status_code=400, detail="Invalid domain_name") - os.makedirs(DOMAINS_DIR, exist_ok=True) + _ensure_domains_dir() domain_path = os.path.join(DOMAINS_DIR, req.domain_name) with open(domain_path, "w") as f: f.write(req.domain.strip()) + _chown_to_caddy(domain_path) if req.ddns_url: ddns_url = req.ddns_url.strip() @@ -2831,9 +2851,11 @@ class DomainSetEmailRequest(BaseModel): @app.post("/api/domains/set-email") async def api_domains_set_email(req: DomainSetEmailRequest): """Save the SSL certificate email address.""" - os.makedirs(DOMAINS_DIR, exist_ok=True) - with open(os.path.join(DOMAINS_DIR, "sslemail"), "w") as f: + _ensure_domains_dir() + email_path = os.path.join(DOMAINS_DIR, "sslemail") + with open(email_path, "w") as f: f.write(req.email.strip()) + _chown_to_caddy(email_path) return {"ok": True} diff --git a/file_fixes_and_new_services/element-calling_haven.sh b/file_fixes_and_new_services/element-calling_haven.sh index 331a693..bacfb57 100644 --- a/file_fixes_and_new_services/element-calling_haven.sh +++ b/file_fixes_and_new_services/element-calling_haven.sh @@ -34,8 +34,10 @@ FILE=/var/lib/beacons/file_fixes_and_new_services/element-calling_haven/complete #### MAIN SCRIPT #### + mkdir -p /var/lib/domains touch /var/lib/domains/haven touch /var/lib/domains/element-calling + chown -R caddy:root /var/lib/domains if [[ $? != 0 ]]; then diff --git a/modules/core/caddy.nix b/modules/core/caddy.nix index d97ede7..1736e6c 100755 --- a/modules/core/caddy.nix +++ b/modules/core/caddy.nix @@ -11,6 +11,10 @@ in group = "root"; }; + systemd.tmpfiles.rules = [ + "d /var/lib/domains 0755 caddy root -" + ]; + # Override ExecStart + ExecReload to point at the runtime-generated Caddyfile systemd.services.caddy.serviceConfig = { ExecStart = lib.mkForce [ diff --git a/modules/wordpress.nix b/modules/wordpress.nix index 9a745f9..af126bc 100755 --- a/modules/wordpress.nix +++ b/modules/wordpress.nix @@ -73,7 +73,11 @@ lib.mkIf config.sovran_systemsOS.services.wordpress { DB_HOST="localhost" ADMIN_USER=$(pwgen -s 16 1) ADMIN_PASS=$(pwgen -s 24 1) - ADMIN_EMAIL="$ADMIN_USER@''${DOMAIN#*.}" + EMAIL_DOMAIN="''${DOMAIN#*.}" + if ! echo "$EMAIL_DOMAIN" | grep -q '\.'; then + EMAIL_DOMAIN="$DOMAIN" + fi + ADMIN_EMAIL="$ADMIN_USER@$EMAIL_DOMAIN" echo "══════════════════════════════════════════════" echo " WordPress Automated Installation"