summaryrefslogtreecommitdiff
path: root/flora
diff options
context:
space:
mode:
authorstuebinm2024-09-09 18:44:29 +0200
committerstuebinm2024-09-09 18:44:29 +0200
commita33ad0716dc2655d8a23c90ebcab6b5eaec813f3 (patch)
treed1ce36eccec4a3338de63bf0d808e9785f8bea51 /flora
parentacd0947bb2eb627e94987c82c90fef2445417d9a (diff)
flora/fcgiwrap: use separate instances
Diffstat (limited to 'flora')
-rw-r--r--flora/services/cgit.nix10
-rw-r--r--flora/services/nginx.nix16
2 files changed, 21 insertions, 5 deletions
diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix
index 032ec1d..1d307e3 100644
--- a/flora/services/cgit.nix
+++ b/flora/services/cgit.nix
@@ -56,10 +56,14 @@ let
'';
in
{
- services.fcgiwrap = {
+ services.fcgiwrap.instances.cgit.process = {
user = "git";
group = "users";
- enable = true;
+ };
+ services.fcgiwrap.instances.cgit.socket = {
+ user = "git";
+ group = "users";
+ mode = "0622";
};
services.nginx.virtualHosts."stuebinm.eu" = {
@@ -69,7 +73,7 @@ in
# this one should come last, behind the git-http-backend blocks
locations."~ /git(/.*)".priority = 1100;
locations."~ /git(/.*)".extraConfig = ''
- fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address};
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
fastcgi_param CGIT_CONFIG ${pkgs.writeText "cgit.conf" cgitconf};
diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix
index 1d95255..4a9bf33 100644
--- a/flora/services/nginx.nix
+++ b/flora/services/nginx.nix
@@ -24,12 +24,24 @@
enableACME = true;
forceSSL = true;
locations."~ (.*)".extraConfig = ''
- fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ fastcgi_pass unix:${config.services.fcgiwrap.instances.nomsing.socket.address};
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME ${lib.getExe pkgs.nomsring};
fastcgi_param PATH_INFO $1;
'';
};
};
- services.fcgiwrap.enable = true;
+
+ services.fcgiwrap.instances.nomsing = {
+ socket = {
+ user = "nomsring";
+ group = "users";
+ mode = "0622";
+ };
+ };
+
+ users.users.nomsring = {
+ isSystemUser = true;
+ group = "users";
+ };
}