diff --git a/pixelfed-group-permissions.patch b/pixelfed-group-permissions.patch new file mode 100644 index 00000000..d7dd442d --- /dev/null +++ b/pixelfed-group-permissions.patch @@ -0,0 +1,18 @@ +diff --git a/config/filesystems.php b/config/filesystems.php +index 00254e93..fc1a58f3 100644 +--- a/config/filesystems.php ++++ b/config/filesystems.php +@@ -49,11 +49,11 @@ return [ + 'permissions' => [ + 'file' => [ + 'public' => 0644, +- 'private' => 0600, ++ 'private' => 0640, + ], + 'dir' => [ + 'public' => 0755, +- 'private' => 0700, ++ 'private' => 0750, + ], + ], + ], diff --git a/pixelfed.nix b/pixelfed.nix index 14489565..9d2281fb 100644 --- a/pixelfed.nix +++ b/pixelfed.nix @@ -36,7 +36,7 @@ in # TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place services.pixelfed.settings = { - DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3"; + # DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3"; FILESYSTEM_CLOUD = "s3"; PF_ENABLE_CLOUD = true; AWS_ACCESS_KEY_ID = snakeoil_key.id; @@ -53,4 +53,8 @@ in systemd.services.pixelfed-data-setup = { after = [ "ensure-garage.service" ]; }; + + services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: { + patches = (old.patches or [ ]) ++ [ ./pixelfed-group-permissions.patch ]; + }); }