Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2018-09-08 18:53:49 +0200
committer: makefu <github@syntax-fehler.de> 2018-09-08 18:53:49 +0200
commit: e7dd1d0e65b267821811afdb7767669bf79be301 (patch)
tree: 05bd4d080c203b57cfcdeb3609ddfba96c7369e2 /krebs/3modules/git.nix
parent: 7d8825a33ec80b396c1aa3bed5b420ac2ea9abdc (diff)
parent: 8639e4008a34e5e7d68202a621ef8c95fe3087f4 (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 5ae24b40b..8a923efd2 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -348,6 +348,10 @@ let
     users.users.${cfg.user.name} = {
       inherit (cfg.user) home name uid;
       description = "Git repository hosting user";
+      extraGroups = [
+        # To allow running cgit-clear-cache via hooks.
+        cfg.cgit.fcgiwrap.group.name
+      ];
       shell = "/bin/sh";
       openssh.authorizedKeys.keys =
         unique
@@ -403,13 +407,12 @@ let
         ));
 
     environment.systemPackages = [
-      (pkgs.writeDashBin "cgit-clear-cache" ''
-        ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/*
-      '')
+      (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; })
     ];
 
     system.activationScripts.cgit = ''
-      mkdir -m 0700 -p ${cfg.cgit.settings.cache-root}
+      mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
+      chmod 0770 ${cfg.cgit.settings.cache-root}
       chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
     '';
author	makefu <github@syntax-fehler.de>	2018-09-08 18:53:49 +0200
committer	makefu <github@syntax-fehler.de>	2018-09-08 18:53:49 +0200
commit	e7dd1d0e65b267821811afdb7767669bf79be301 (patch)
tree	05bd4d080c203b57cfcdeb3609ddfba96c7369e2 /krebs/3modules/git.nix
parent	7d8825a33ec80b396c1aa3bed5b420ac2ea9abdc (diff)
parent	8639e4008a34e5e7d68202a621ef8c95fe3087f4 (diff)