Hey, I haven't done anything on this lately, but the php-fpm service is probably getting accepted soon, so I might start working on this again.
Am 05.10.2017 um 17:00 schrieb Ludovic Courtès: > For this particular case, I would do nothing: the first time, the > service wouldn’t start (I guess). Users would have to explicitly set > the passwords on the command line, and then run “herd start gnu-social”. > The advantage of using a service is the easy setup with mysql and the gnu-social-cli-installer, otherwise people could just run nginx and clone gnu social to /srv/gnu-social/ and manually create the database like you would on Debian. I saw that NixOS has something called passwordFile. https://github.com/NixOS/nixpkgs/issues/24288 I haven't found any details about it, but it seems like a text file from which passwords can be read during `system reconfigure`. As a start I could add a password-file field to the configuration of gnu-social and read an alist of passwords from it during initialization. That could later be extended by generating it with randomized passwords if it doesn't exist to maximize the ease of installation. >> - The password of the database-user ends up in the config.php which is >> generated by mixed-text-file. This file can be read by everyone. Can I >> somehow set the owner on it and remove the reading rights from other >> users? > > No, the store is world-readable. If there are secrets, they should be > stored elsewhere, but there’s currently no standard way to do that in > Guix. > Could a function in guix/gexp.scm be modified to generate a file outside of the store?