diff options
author | V <v@unfathomable.blue> | 2021-08-17 03:14:25 +0200 |
---|---|---|
committer | V <v@unfathomable.blue> | 2021-08-17 05:01:25 +0200 |
commit | 1c9978010c2616ec664d9febc14beb1625f5f903 (patch) | |
tree | 1145249aa2d6e681913223a8953c935d1956a885 /fleet | |
parent | ec0965e2672899d25a5a3a8c072de3ea734076a2 (diff) | |
download | unf-legacy-1c9978010c2616ec664d9febc14beb1625f5f903.tar.zst |
fleet/modules/public-inbox: fix permissions issue
It turns out the strange behaviour we were observing was due to createHome applying an overly-restrictive mode to the public-inbox top-level directory. This prevented public-inbox-httpd from accessing any of the inboxes, despite it having the correct group assigned. This fixes: - Inbox descriptions showing up as "($INBOX_DIR/description missing)" - Inbox pages only containing the text "No messages, yet" - Mysterious "fatal: not a git repository: '/path/to/inbox'" errors - Probably even more things that I simply didn't notice Change-Id: Ia5a3d57546efd2d0375528fa10e4e979d155b045
Diffstat (limited to 'fleet')
-rw-r--r-- | fleet/modules/public-inbox.nix | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/fleet/modules/public-inbox.nix b/fleet/modules/public-inbox.nix index a8aa06b..5c69fba 100644 --- a/fleet/modules/public-inbox.nix +++ b/fleet/modules/public-inbox.nix @@ -11,6 +11,8 @@ with lib; let cfg = config.services.public-inbox; + root = "/var/lib/public-inbox"; + environment.PI_CONFIG = "${pkgs.writeText "public-inbox-config" (generators.toGitINI public-inbox-config)}"; # TODO(V): Port this to a Nix type @@ -23,7 +25,7 @@ let publicinbox = mapAttrs (inbox: config: { address = [ "${inbox}@${config.domain}" ]; url = "https://${config.domain}/${inbox}"; # TODO(V): Allow using a different location than this - inboxdir = "/var/lib/public-inbox/${inbox}.git"; + inboxdir = "${root}/${inbox}"; inherit (config) watch; }) cfg.inboxes; } cfg.settings; @@ -70,12 +72,15 @@ in { isSystemUser = true; group = "public-inbox"; - home = "/var/lib/public-inbox"; - createHome = true; + home = root; }; users.groups.public-inbox = {}; + systemd.tmpfiles.rules = [ + "d ${root} 0750 public-inbox public-inbox" + ]; + systemd.services.public-inbox-init = { description = "public-inbox mailing-list archive (initialization)"; |