krebs git: allow git user to rwx cgit cache-root

This commit is contained in:
tv 2018-08-28 22:05:45 +02:00
parent 23d2950ed7
commit 7da08cb47f

View File

@ -348,6 +348,10 @@ let
users.users.${cfg.user.name} = { users.users.${cfg.user.name} = {
inherit (cfg.user) home name uid; inherit (cfg.user) home name uid;
description = "Git repository hosting user"; description = "Git repository hosting user";
extraGroups = [
# To allow running cgit-clear-cache via hooks.
cfg.cgit.fcgiwrap.group.name
];
shell = "/bin/sh"; shell = "/bin/sh";
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
unique unique
@ -407,7 +411,8 @@ let
]; ];
system.activationScripts.cgit = '' system.activationScripts.cgit = ''
mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} mkdir -m 0770 -p ${cfg.cgit.settings.cache-root}
chmod 0770 ${cfg.cgit.settings.cache-root}
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
''; '';