From 1ba17b61e7c955579c2317c85ea42a989c095c75 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Thu, 2 Dec 2021 18:16:16 +0300
Subject: [PATCH 1/5] Update API to properly support b2

---
 api/api-module.nix | 7 +++++++
 api/api.nix        | 1 +
 files.nix          | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/api/api-module.nix b/api/api-module.nix
index 6b01d37..bd65ad6 100644
--- a/api/api-module.nix
+++ b/api/api-module.nix
@@ -43,6 +43,12 @@ in
         B2 account key
       '';
     };
+    b2Bucket = mkOption {
+      type = types.str;
+      description = ''
+        B2 bucket
+      '';
+    };
     resticPassword = mkOption {
       type = types.str;
       description = ''
@@ -62,6 +68,7 @@ in
         ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
         B2_ACCOUNT_ID = cfg.b2AccountId;
         B2_ACCOUNT_KEY = cfg.b2AccountKey;
+        B2_BUCKET = cfg.b2Bucket;
         RESTIC_PASSWORD = cfg.resticPassword;
       } // config.networking.proxy.envVars;
       path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild pkgs.restic pkgs.mkpasswd ];
diff --git a/api/api.nix b/api/api.nix
index e503220..ff9c106 100644
--- a/api/api.nix
+++ b/api/api.nix
@@ -6,6 +6,7 @@
     enableSwagger = config.services.userdata.api.enableSwagger;
     b2AccountId = config.services.userdata.backblaze.accountId;
     b2AccountKey = config.services.userdata.backblaze.accountKey;
+    b2Bucket = config.services.userdata.backblaze.bucket;
     resticPassword = config.services.userdata.resticPassword;
   };
 
diff --git a/files.nix b/files.nix
index 238e29d..ee15e52 100644
--- a/files.nix
+++ b/files.nix
@@ -27,7 +27,7 @@ in
       (if cfg.pleroma.enable then "d /var/lib/pleroma 0600 pleroma pleroma - -" else "")
       "d /var/lib/restic 0600 restic - - -"
       "f /var/lib/restic/pass 0400 restic - - ${resticPass}"
-      "f /root/.config/rclone.conf 0400 root root - ${rcloneConfig}"
+      "f /root/.config/rclone/rclone.conf 0400 root root - ${rcloneConfig}"
       (if cfg.pleroma.enable then "f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
       "f /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
       (if cfg.nextcloud.enable then "f /var/lib/nextcloud/db-pass 0440 nextcloud nextcloud - ${nextcloudDBPass}" else "")

From bfd2f696a2066149a1bd7e03548c651c05d64ccb Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Thu, 2 Dec 2021 23:30:53 +0300
Subject: [PATCH 2/5] Make config files in /var rewritable by Nix

---
 files.nix | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/files.nix b/files.nix
index ee15e52..0083f70 100644
--- a/files.nix
+++ b/files.nix
@@ -26,12 +26,12 @@ in
       (if cfg.bitwarden.enable then "d /var/lib/bitwarden/backup 0777 bitwarden_rs bitwarden_rs -" else "")
       (if cfg.pleroma.enable then "d /var/lib/pleroma 0600 pleroma pleroma - -" else "")
       "d /var/lib/restic 0600 restic - - -"
-      "f /var/lib/restic/pass 0400 restic - - ${resticPass}"
-      "f /root/.config/rclone/rclone.conf 0400 root root - ${rcloneConfig}"
-      (if cfg.pleroma.enable then "f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
-      "f /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
-      (if cfg.nextcloud.enable then "f /var/lib/nextcloud/db-pass 0440 nextcloud nextcloud - ${nextcloudDBPass}" else "")
-      (if cfg.nextcloud.enable then "f /var/lib/nextcloud/admin-pass 0440 nextcloud nextcloud - ${nextcloudAdminPass}" else "")
-      "f /var/lib/cloudflare/Credentials.ini 0440 nginx acmerecievers - ${cloudflareCredentials}"
+      "f+ /var/lib/restic/pass 0400 restic - - ${resticPass}"
+      "f+ /root/.config/rclone/rclone.conf 0400 root root - ${rcloneConfig}"
+      (if cfg.pleroma.enable then "f+ /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
+      "f+ /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
+      (if cfg.nextcloud.enable then "f+ /var/lib/nextcloud/db-pass 0440 nextcloud nextcloud - ${nextcloudDBPass}" else "")
+      (if cfg.nextcloud.enable then "f+ /var/lib/nextcloud/admin-pass 0440 nextcloud nextcloud - ${nextcloudAdminPass}" else "")
+      "f+ /var/lib/cloudflare/Credentials.ini 0440 nginx acmerecievers - ${cloudflareCredentials}"
     ];
 }

From 0e60176b6e960df5c8335304fb40f1ff6f97a2a3 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Mon, 6 Dec 2021 10:43:24 +0300
Subject: [PATCH 3/5] Overwrite nextcloud protocol to https

---
 nextcloud/nextcloud.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud/nextcloud.nix b/nextcloud/nextcloud.nix
index e6a9a7a..2cacf85 100644
--- a/nextcloud/nextcloud.nix
+++ b/nextcloud/nextcloud.nix
@@ -18,7 +18,7 @@ in
 
     config = {
       # Further forces Nextcloud to use HTTPS
-      overwriteProtocol = "http";
+      overwriteProtocol = "https";
 
       # Nextcloud PostegreSQL database configuration, recommended over using SQLite
       dbtype = "sqlite";

From 63aaeec08cc603903e4fc4a4296fcef9a7d378b9 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Wed, 15 Dec 2021 17:42:47 +0300
Subject: [PATCH 4/5] Remove PAM from mailserver and remove catchall

---
 mailserver/system/mailserver.nix | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/mailserver/system/mailserver.nix b/mailserver/system/mailserver.nix
index 222e11c..bd269e0 100644
--- a/mailserver/system/mailserver.nix
+++ b/mailserver/system/mailserver.nix
@@ -13,11 +13,6 @@ in
     })
   ];
 
-  services.dovecot2 = {
-    enablePAM = lib.mkForce true;
-    showPAMFailure = lib.mkForce true;
-  };
-
   users.users = {
     virtualMail = {
       isNormalUser = false;
@@ -34,7 +29,6 @@ in
     loginAccounts = {
       "${cfg.username}@${cfg.domain}" = {
         hashedPassword = cfg.hashedMasterPassword;
-        catchAll = [ cfg.domain ];
         sieveScript = ''
           require ["fileinto", "mailbox"];
           if header :contains "Chat-Version" "1.0"
@@ -49,7 +43,6 @@ in
         name = "${user.username}@${cfg.domain}";
         value = {
           hashedPassword = user.hashedPassword;
-          catchAll = [ cfg.domain ];
           sieveScript = ''
             require ["fileinto", "mailbox"];
             if header :contains "Chat-Version" "1.0"

From 3f42ad5c68fb445f7f25286f63a4790af8938fb1 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Thu, 16 Dec 2021 13:27:11 +0300
Subject: [PATCH 5/5] Hotfix inability to build when custom user don't have ssh
 keys

---
 users.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users.nix b/users.nix
index acc5636..a3128b2 100644
--- a/users.nix
+++ b/users.nix
@@ -17,7 +17,7 @@ in
         value = {
           isNormalUser = true;
           hashedPassword = user.hashedPassword;
-          openssh.authorizedKeys.keys = user.sshKeys;
+          openssh.authorizedKeys.keys = (if user ? sshKeys then user.sshKeys else []);
         };
       })
       cfg.users);