patch pixelfed to give nginx read permissions

this way we don't need DANGEROUSLY_SET_FILESYSTEM_DRIVER
2024-09-05 12:03:35 -04:00 · 2024-09-05 12:03:35 -04:00 · 1d8f514240
parent e7ffd94c5e
commit 1d8f514240
2 changed files with 23 additions and 1 deletions
--- a/pixelfed-group-permissions.patch
+++ b/pixelfed-group-permissions.patch
@ -0,0 +1,18 @@
+diff --git a/config/filesystems.php b/config/filesystems.php
+index 00254e93..fc1a58f3 100644
+--- a/config/filesystems.php
+++ b/config/filesystems.php
+@@ -49,11 +49,11 @@ return [
+             'permissions' => [
+                 'file' => [
+                     'public' => 0644,
+-                    'private' => 0600,
+                    'private' => 0640,
+                 ],
+                 'dir' => [
+                     'public' => 0755,
+-                    'private' => 0700,
+                    'private' => 0750,
+                 ],
+             ],
+         ],
--- a/pixelfed.nix
+++ b/pixelfed.nix
@ -36,7 +36,7 @@ in

  # TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
  services.pixelfed.settings = {
-    DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
+    # DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
    FILESYSTEM_CLOUD = "s3";
    PF_ENABLE_CLOUD = true;
    AWS_ACCESS_KEY_ID = snakeoil_key.id;
@ -53,4 +53,8 @@ in
  systemd.services.pixelfed-data-setup = {
    after = [ "ensure-garage.service" ];
  };
+
+  services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: {
+    patches = (old.patches or [ ]) ++ [ ./pixelfed-group-permissions.patch ];
+  });
 }