WIP: temmie/userweb: use IPC to proxy sendmail requests out of sandbox

hosts/kommode/services/gitea/default.nix

@@ -134,6 +134,9 @@ in {
         ALLOW_FORK_INTO_SAME_OWNER = true;
       };
       picture = {
+        DISABLE_GRAVATAR = true;
+        ENABLE_FEDERATED_AVATAR = false;
+
         AVATAR_MAX_FILE_SIZE = 1024 * 1024 * 5;
         # NOTE: go any bigger than this, and gitea will freeze your gif >:(
         AVATAR_MAX_ORIGIN_SIZE = 1024 * 1024 * 2;

hosts/temmie/services/userweb/default.nix

@@ -4,13 +4,6 @@ let
 
   homeLetters = [ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ];
 
-  phpOptions = lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "${k} = ${v}"){
-    display_errors = "Off";
-    display_startup_errors = "Off";
-    post_max_size = "40M";
-    upload_max_filesize = "40M";
-  });
-
   # https://nixos.org/manual/nixpkgs/stable/#ssec-php-user-guide-installing-with-extensions
   phpEnv = pkgs.php.buildEnv {
     extensions = { all, ... }: with all; [
@@ -36,7 +29,11 @@ let
       pdo_sqlite
     ];
 
-    extraConfig = phpOptions;
+    extraConfig = ''
+      display_errors=0
+      post_max_size = 40M
+      upload_max_filesize = 40M
+    '';
   };
 
   perlEnv = pkgs.perl.withPackages (ps: with ps; [
@@ -73,9 +70,9 @@ let
     text = ''
       args=("$@")
 
-      if [[ -z "$USERDIR_USER" ]] && [[ "$USERDIR_USER" != "pvv" ]]; then
+      if [[ "''${PWD:-}" =~ ^/home/pvv/[^/]+/([^/]+) ]] && [[ "''${BASH_REMATCH[1]}" != "pvv" ]]; then
           # Prepend -fusername to the argument list, so bounces go to the user
-          args=("-f$USERDIR_USER" "''${args[@]}")
+          args=("-f''${BASH_REMATCH[1]}" "''${args[@]}")
       fi
 
       exec '${lib.getExe pkgs.system-sendmail}' "''${args[@]}"
@@ -176,7 +173,6 @@ in
 
     enablePHP = true;
     phpPackage = phpEnv;
-    inherit phpOptions;
 
     enablePerl = true;
 
@@ -213,7 +209,6 @@ in
         UserDir disabled root
         AddHandler cgi-script .cgi
         DirectoryIndex index.html index.html.var index.php index.php3 index.cgi index.phtml index.shtml meg.html
-        SetEnvIf Request_URI "^/~([^/]+)" USERDIR_USER=$1
 
         <Directory "/home/pvv/?/*/web-docs">
           Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI IncludesNoExec

hosts/temmie/services/userweb/mail.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 {
   services.postfix.enable = lib.mkForce false;
 
@@ -9,4 +9,26 @@
       remotes = "mail.pvv.ntnu.no smtp --port=25";
     };
   };
+
+  systemd.sockets.userweb-sendmail-sandbox-proxy = {
+    wantedBy = [ "sockets.target" ];
+    listenStreams = [ "/run/userweb-sendmail-sandbox-proxy.sock" ];
+    socketConfig = {
+      # Accept = true;
+      SocketUser = "httpd";
+      SocketGroup = "httpd"; # TODO: is wwwrun(54) in this group?
+      SocketMode = "0660";
+    };
+  };
+
+  systemd.services.userweb-sendmail-sandbox-proxy = {
+    serviceConfig = {
+      User = "root";
+      Group = "root";
+      Sockets = [
+        "userweb-sendmail-sandbox-proxy.socket"
+      ];
+      ExecStart = "${lib.getExe pkgs.hello}";
+    };
+  };
 }