diff options
author | stuebinm | 2024-09-09 18:44:29 +0200 |
---|---|---|
committer | stuebinm | 2024-09-09 18:44:29 +0200 |
commit | a33ad0716dc2655d8a23c90ebcab6b5eaec813f3 (patch) | |
tree | d1ce36eccec4a3338de63bf0d808e9785f8bea51 | |
parent | acd0947bb2eb627e94987c82c90fef2445417d9a (diff) |
flora/fcgiwrap: use separate instances
-rw-r--r-- | flora/services/cgit.nix | 10 | ||||
-rw-r--r-- | flora/services/nginx.nix | 16 |
2 files changed, 21 insertions, 5 deletions
diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix index 032ec1d..1d307e3 100644 --- a/flora/services/cgit.nix +++ b/flora/services/cgit.nix @@ -56,10 +56,14 @@ let ''; in { - services.fcgiwrap = { + services.fcgiwrap.instances.cgit.process = { user = "git"; group = "users"; - enable = true; + }; + services.fcgiwrap.instances.cgit.socket = { + user = "git"; + group = "users"; + mode = "0622"; }; services.nginx.virtualHosts."stuebinm.eu" = { @@ -69,7 +73,7 @@ in # this one should come last, behind the git-http-backend blocks locations."~ /git(/.*)".priority = 1100; locations."~ /git(/.*)".extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param CGIT_CONFIG ${pkgs.writeText "cgit.conf" cgitconf}; diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix index 1d95255..4a9bf33 100644 --- a/flora/services/nginx.nix +++ b/flora/services/nginx.nix @@ -24,12 +24,24 @@ enableACME = true; forceSSL = true; locations."~ (.*)".extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.nomsing.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${lib.getExe pkgs.nomsring}; fastcgi_param PATH_INFO $1; ''; }; }; - services.fcgiwrap.enable = true; + + services.fcgiwrap.instances.nomsing = { + socket = { + user = "nomsring"; + group = "users"; + mode = "0622"; + }; + }; + + users.users.nomsring = { + isSystemUser = true; + group = "users"; + }; } |