tyo0/ntfy: fine grain unix socket permission

2024-09-30 23:45:38 +08:00 · 2024-09-30 23:45:38 +08:00 · b1e15b64ff
commit b1e15b64ff
parent d472b07cff
2 changed files with 5 additions and 2 deletions
--- a/hosts/aws/tyo0/default.nix
+++ b/hosts/aws/tyo0/default.nix
@ -63,7 +63,10 @@
    listen = [ ":443" ];
  };

-  systemd.services."caddy".serviceConfig.SupplementaryGroups = [ "forgejo" ];
+  systemd.services."caddy".serviceConfig.SupplementaryGroups = [
+    "forgejo"
+    "ntfy-sh"
+  ];

  services.caddy.settings.apps.http.servers.srv0.routes = [
    {
--- a/hosts/aws/tyo0/services/ntfy.nix
+++ b/hosts/aws/tyo0/services/ntfy.nix
@ -6,7 +6,7 @@
      base-url = "https://ntfy.ny4.dev";
      listen-http = "";
      listen-unix = "/run/ntfy-sh/ntfy.sock";
-      listen-unix-mode = 511; # 0777
+      listen-unix-mode = 432; # 0660
      behind-proxy = true;
    };
  };