roberth/simple-nixos-fediverse
2
1
Fork 0
forked from Fediversity/simple-nixos-fediverse
Code Pull requests Activity

patch pixelfed to give nginx read permissions

Browse source 
this way we don't need DANGEROUSLY_SET_FILESYSTEM_DRIVER
This commit is contained in:
Taeer Bar-Yam 2024-09-05 12:03:35 -04:00
parent e7ffd94c5e
commit 1d8f514240
2 changed files with 23 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
pixelfed-group-permissions.patch Normal file
View file

@ -0,0 +1,18 @@
diff --git a/config/filesystems.php b/config/filesystems.php
index 00254e93..fc1a58f3 100644
--- a/config/filesystems.php
+++ b/config/filesystems.php
@@ -49,11 +49,11 @@ return [
'permissions' => [
'file' => [
'public' => 0644,
- 'private' => 0600,
+ 'private' => 0640,
],
'dir' => [
'public' => 0755,
- 'private' => 0700,
+ 'private' => 0750,
],
],
],

6
pixelfed.nix
View file

@ -36,7 +36,7 @@ in
# TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place # TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
services.pixelfed.settings = { services.pixelfed.settings = {
DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3"; # DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
FILESYSTEM_CLOUD = "s3"; FILESYSTEM_CLOUD = "s3";
PF_ENABLE_CLOUD = true; PF_ENABLE_CLOUD = true;
AWS_ACCESS_KEY_ID = snakeoil_key.id; AWS_ACCESS_KEY_ID = snakeoil_key.id;
@ -53,4 +53,8 @@ in
systemd.services.pixelfed-data-setup = { systemd.services.pixelfed-data-setup = {
after = [ "ensure-garage.service" ]; after = [ "ensure-garage.service" ];
}; };
services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [ ./pixelfed-group-permissions.patch ];
});
} }