summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-08-28 22:05:45 +0200
committertv <tv@krebsco.de>2018-08-28 22:08:15 +0200
commit7da08cb47fd07d4220f459475bb8bce405512397 (patch)
tree36a0ac385fbc7b38c7445e899c7c78699fbe4482 /krebs
parent23d2950ed7d60aaa066a437b4aaffbf55a76c036 (diff)
krebs git: allow git user to rwx cgit cache-root
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/git.nix7
1 files changed, 6 insertions, 1 deletions
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 89726fd7b..8a923efd2 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -348,6 +348,10 @@ let
users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid;
description = "Git repository hosting user";
+ extraGroups = [
+ # To allow running cgit-clear-cache via hooks.
+ cfg.cgit.fcgiwrap.group.name
+ ];
shell = "/bin/sh";
openssh.authorizedKeys.keys =
unique
@@ -407,7 +411,8 @@ let
];
system.activationScripts.cgit = ''
- mkdir -m 0700 -p ${cfg.cgit.settings.cache-root}
+ mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
+ chmod 0770 ${cfg.cgit.settings.cache-root}
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
'';