tyo0/forgejo: fine grain unix socket permission

hosts/pek0/default.nix

@@ -84,12 +84,10 @@
     trusted_proxies_strict = 1;
   };
 
-  systemd.services.caddy.serviceConfig = {
-    SupplementaryGroups = [
+  systemd.services."caddy".serviceConfig.SupplementaryGroups = [
     "mastodon"
     "matrix-synapse"
   ];
-  };
 
   services.postgresql = {
     enable = true;

hosts/pek0/services/matrix.nix

@@ -23,12 +23,6 @@
         }
       ];
 
-      experimental_features = {
-        # MSC3575 (Sliding Sync API endpoints)
-        # TODO: drop matrix-sliding-sync proxy
-        msc3575_enabled = true;
-      };
-
       # https://element-hq.github.io/synapse/latest/openid.html#keycloak
       oidc_providers = lib.singleton {
         idp_id = "keycloak";

hosts/tyo0/default.nix

@@ -64,6 +64,10 @@
     listen = [ ":443" ];
   };
 
+  systemd.services."caddy".serviceConfig.SupplementaryGroups = [
+    "forgejo"
+  ];
+
   services.caddy.settings.apps.http.servers.srv0.routes = [
     {
       match = lib.singleton {

hosts/tyo0/services/forgejo.nix

@@ -14,6 +14,7 @@
         PROTOCOL = "http+unix";
         ROOT_URL = "https://git.ny4.dev/";
         SSH_DOMAIN = "tyo0.ny4.dev";
+        UNIX_SOCKET_PERMISSION = "660";
       };
 
       service = {