From 23d2950ed7d60aaa066a437b4aaffbf55a76c036 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 28 Aug 2018 20:58:23 +0200 Subject: cgit-clear-cache: init --- krebs/3modules/git.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'krebs/3modules/git.nix') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 5ae24b40b..89726fd7b 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -403,9 +403,7 @@ let )); environment.systemPackages = [ - (pkgs.writeDashBin "cgit-clear-cache" '' - ${pkgs.coreutils}/bin/rm -f ${cfg.cgit.settings.cache-root}/* - '') + (pkgs.cgit-clear-cache.override { inherit (cfg.cgit.settings) cache-root; }) ]; system.activationScripts.cgit = '' -- cgit v1.2.3 From 7da08cb47fd07d4220f459475bb8bce405512397 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 28 Aug 2018 22:05:45 +0200 Subject: krebs git: allow git user to rwx cgit cache-root --- krebs/3modules/git.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'krebs/3modules/git.nix') diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 89726fd7b..8a923efd2 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -348,6 +348,10 @@ let users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; description = "Git repository hosting user"; + extraGroups = [ + # To allow running cgit-clear-cache via hooks. + cfg.cgit.fcgiwrap.group.name + ]; shell = "/bin/sh"; openssh.authorizedKeys.keys = unique @@ -407,7 +411,8 @@ let ]; system.activationScripts.cgit = '' - mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} + mkdir -m 0770 -p ${cfg.cgit.settings.cache-root} + chmod 0770 ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} ''; -- cgit v1.2.3