fix: vpn.add-participant writes to root-owned daemon config via sudo

The nvpn daemon config at /var/lib/archipelago/nostr-vpn/ is owned by
root, but the backend runs as archipelago. Direct write silently failed,
so adding a second phone's npub never reached the daemon — service
restarted with stale config. Now falls back to sudo cp for root-owned
paths, and first-boot sets ownership to archipelago.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-08 16:25:39 +02:00
parent aa2a13d510
commit eebdade0d4
3 changed files with 22 additions and 4 deletions

View File

@@ -137,11 +137,13 @@ if command -v nvpn >/dev/null 2>&1; then
# Sync config to daemon HOME so the service finds it
# (service runs with HOME=/var/lib/archipelago/nostr-vpn)
# Owned by archipelago so the backend can update participants without sudo
DAEMON_CONFIG_DIR="/var/lib/archipelago/nostr-vpn/.config/nvpn"
mkdir -p "$DAEMON_CONFIG_DIR"
if [ -f "$NVPN_CONFIG_DIR/config.toml" ]; then
cp "$NVPN_CONFIG_DIR/config.toml" "$DAEMON_CONFIG_DIR/config.toml"
fi
chown -R archipelago:archipelago /var/lib/archipelago/nostr-vpn
# Ensure env file exists for the service
mkdir -p /var/lib/archipelago/nostr-vpn