pyrox.dev
lol
Merge pull request #236134 from Tom-Hubrecht/pixelfed
nixos/pixelfed: Fix missing permissions for nginx serving files
authored by
Ryan Lahfa
and committed by
GitHub
3897d527
98b94235
+6
-2
+6
-2
nixos/modules/services/web-apps/pixelfed.nix
+6
-2
nixos/modules/services/web-apps/pixelfed.nix
···
356
356
ExecStart = "${pixelfed-manage}/bin/pixelfed-manage schedule:run";
357
357
User = user;
358
358
Group = group;
359
-
StateDirectory = cfg.dataDir;
359
+
StateDirectory =
360
+
lib.mkIf (cfg.dataDir == "/var/lib/pixelfed") "pixelfed";
360
361
};
361
362
};
362
363
···
390
391
mkdir -p ${cfg.dataDir}/storage
391
392
rsync -av --no-perms ${pixelfed}/storage-static/ ${cfg.dataDir}/storage
392
393
chmod -R +w ${cfg.dataDir}/storage
394
+
395
+
chmod g+x ${cfg.dataDir}/storage ${cfg.dataDir}/storage/app
396
+
chmod -R g+rX ${cfg.dataDir}/storage/app/public
393
397
394
398
# Link the app.php in the runtime folder.
395
399
# We cannot link the cache folder only because bootstrap folder needs to be writeable.
···
441
445
];
442
446
443
447
# Enable NGINX to access our phpfpm-socket.
444
-
users.users."${config.services.nginx.group}".extraGroups = [ cfg.group ];
448
+
users.users."${config.services.nginx.user}".extraGroups = [ cfg.group ];
445
449
services.nginx = mkIf (cfg.nginx != null) {
446
450
enable = true;
447
451
virtualHosts."${cfg.domain}" = mkMerge [