[backend/asp] Allow customizing the unix socket permissions that are set on startup (ISH-671)

Iceshrimp.Backend/Core/Configuration/Config.cs

@@ -36,6 +36,7 @@ public sealed class Config
 		[Range(1, 65535)] public  int     ListenPort        { get; init; } = 3000;
 		[Required]        public  string  ListenHost        { get; init; } = "localhost";
 		public                    string? ListenSocket      { get; init; }
+		public                    string  ListenSocketPerms { get; init; } = "660";
 		[Required]         public string  WebDomain         { get; init; } = null!;
 		[Required]         public string  AccountDomain     { get; init; } = null!;
 		[Range(1, 100000)] public int     CharacterLimit    { get; init; } = 8192;

Iceshrimp.Backend/Core/Extensions/WebApplicationExtensions.cs

@@ -302,8 +302,8 @@ public static class WebApplicationExtensions
 
 	public static void SetKestrelUnixSocketPermissions(this WebApplication app)
 	{
-		var config = app.Configuration.GetSection("Instance").Get<Config.InstanceSection>() ??
+		var config = app.Configuration.GetSection("Instance").Get<Config.InstanceSection>()
-		             throw new Exception("Failed to read instance config");
+		             ?? throw new Exception("Failed to read instance config");
 		if (config.ListenSocket == null) return;
 		using var scope = app.Services.CreateScope();
 		var logger = scope.ServiceProvider.GetRequiredService<ILoggerFactory>()
@@ -312,14 +312,30 @@ public static class WebApplicationExtensions
 		if (!OperatingSystem.IsLinux() && !OperatingSystem.IsMacOS() && !OperatingSystem.IsFreeBSD())
 			throw new Exception("Can't set unix socket permissions on a non-UNIX system");
 
-		var perms    = "660";
+		int perms;
-		var exitCode = chmod(config.ListenSocket, Convert.ToInt32(perms, 8));
+		try
+		{
+			perms = Convert.ToInt32(config.ListenSocketPerms, 8);
+		}
+		catch
+		{
+			logger.LogError("Failed to set Kestrel unix socket permissions to {SocketPerms}: failed to parse octal digits",
+			                config.ListenSocketPerms);
+			Environment.Exit(1);
+			return;
+		}
 
+		var exitCode = chmod(config.ListenSocket, perms);
 		if (exitCode < 0)
+		{
 			logger.LogError("Failed to set Kestrel unix socket permissions to {SocketPerms}, return code: {ExitCode}",
-			                perms, exitCode);
+			                config.ListenSocketPerms, exitCode);
+		}
 		else
-			logger.LogInformation("Kestrel unix socket permissions were set to {SocketPerms}", perms);
+		{
+			logger.LogInformation("Kestrel unix socket permissions were set to {SocketPerms}",
+			                      config.ListenSocketPerms);
+		}
 
 		return;
 

Iceshrimp.Backend/configuration.ini

@@ -4,6 +4,7 @@ ListenHost = localhost
 
 ;; If you want to have the application listen on a unix socket instead, uncomment the line below. Make sure to configure filesystem permissions correctly!
 ;;ListenSocket = /var/run/iceshrimp/iceshrimp.net.sock
+;;ListenSocketPerms = 660
 
 ;; Caution: changing these settings after initial setup *will* break federation
 WebDomain = shrimp.example.org