patch pixelfed to give nginx read permissions

this way we don't need DANGEROUSLY_SET_FILESYSTEM_DRIVER
This commit is contained in:
Taeer Bar-Yam 2024-09-05 12:03:35 -04:00
parent e7ffd94c5e
commit 1d8f514240
2 changed files with 23 additions and 1 deletions

View file

@ -0,0 +1,18 @@
diff --git a/config/filesystems.php b/config/filesystems.php
index 00254e93..fc1a58f3 100644
--- a/config/filesystems.php
+++ b/config/filesystems.php
@@ -49,11 +49,11 @@ return [
'permissions' => [
'file' => [
'public' => 0644,
- 'private' => 0600,
+ 'private' => 0640,
],
'dir' => [
'public' => 0755,
- 'private' => 0700,
+ 'private' => 0750,
],
],
],

View file

@ -36,7 +36,7 @@ in
# TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
services.pixelfed.settings = {
DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
# DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
FILESYSTEM_CLOUD = "s3";
PF_ENABLE_CLOUD = true;
AWS_ACCESS_KEY_ID = snakeoil_key.id;
@ -53,4 +53,8 @@ in
systemd.services.pixelfed-data-setup = {
after = [ "ensure-garage.service" ];
};
services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [ ./pixelfed-group-permissions.patch ];
});
}