tyo0/forgejo: fine grain unix socket permission
This commit is contained in:
parent
48a3c2cebe
commit
2ef8aaf319
4 changed files with 9 additions and 12 deletions
|
@ -84,12 +84,10 @@
|
|||
trusted_proxies_strict = 1;
|
||||
};
|
||||
|
||||
systemd.services.caddy.serviceConfig = {
|
||||
SupplementaryGroups = [
|
||||
systemd.services."caddy".serviceConfig.SupplementaryGroups = [
|
||||
"mastodon"
|
||||
"matrix-synapse"
|
||||
];
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
|
|
|
@ -23,12 +23,6 @@
|
|||
}
|
||||
];
|
||||
|
||||
experimental_features = {
|
||||
# MSC3575 (Sliding Sync API endpoints)
|
||||
# TODO: drop matrix-sliding-sync proxy
|
||||
msc3575_enabled = true;
|
||||
};
|
||||
|
||||
# https://element-hq.github.io/synapse/latest/openid.html#keycloak
|
||||
oidc_providers = lib.singleton {
|
||||
idp_id = "keycloak";
|
||||
|
|
|
@ -64,6 +64,10 @@
|
|||
listen = [ ":443" ];
|
||||
};
|
||||
|
||||
systemd.services."caddy".serviceConfig.SupplementaryGroups = [
|
||||
"forgejo"
|
||||
];
|
||||
|
||||
services.caddy.settings.apps.http.servers.srv0.routes = [
|
||||
{
|
||||
match = lib.singleton {
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
PROTOCOL = "http+unix";
|
||||
ROOT_URL = "https://git.ny4.dev/";
|
||||
SSH_DOMAIN = "tyo0.ny4.dev";
|
||||
UNIX_SOCKET_PERMISSION = "660";
|
||||
};
|
||||
|
||||
service = {
|
||||
|
|
Loading…
Reference in a new issue