tyo0/forgejo: fine grain unix socket permission
This commit is contained in:
parent
48a3c2cebe
commit
2ef8aaf319
4 changed files with 9 additions and 12 deletions
|
@ -84,12 +84,10 @@
|
||||||
trusted_proxies_strict = 1;
|
trusted_proxies_strict = 1;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.caddy.serviceConfig = {
|
systemd.services."caddy".serviceConfig.SupplementaryGroups = [
|
||||||
SupplementaryGroups = [
|
"mastodon"
|
||||||
"mastodon"
|
"matrix-synapse"
|
||||||
"matrix-synapse"
|
];
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -23,12 +23,6 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
experimental_features = {
|
|
||||||
# MSC3575 (Sliding Sync API endpoints)
|
|
||||||
# TODO: drop matrix-sliding-sync proxy
|
|
||||||
msc3575_enabled = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# https://element-hq.github.io/synapse/latest/openid.html#keycloak
|
# https://element-hq.github.io/synapse/latest/openid.html#keycloak
|
||||||
oidc_providers = lib.singleton {
|
oidc_providers = lib.singleton {
|
||||||
idp_id = "keycloak";
|
idp_id = "keycloak";
|
||||||
|
|
|
@ -64,6 +64,10 @@
|
||||||
listen = [ ":443" ];
|
listen = [ ":443" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services."caddy".serviceConfig.SupplementaryGroups = [
|
||||||
|
"forgejo"
|
||||||
|
];
|
||||||
|
|
||||||
services.caddy.settings.apps.http.servers.srv0.routes = [
|
services.caddy.settings.apps.http.servers.srv0.routes = [
|
||||||
{
|
{
|
||||||
match = lib.singleton {
|
match = lib.singleton {
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
PROTOCOL = "http+unix";
|
PROTOCOL = "http+unix";
|
||||||
ROOT_URL = "https://git.ny4.dev/";
|
ROOT_URL = "https://git.ny4.dev/";
|
||||||
SSH_DOMAIN = "tyo0.ny4.dev";
|
SSH_DOMAIN = "tyo0.ny4.dev";
|
||||||
|
UNIX_SOCKET_PERMISSION = "660";
|
||||||
};
|
};
|
||||||
|
|
||||||
service = {
|
service = {
|
||||||
|
|
Loading…
Reference in a new issue