2 files changed, 23 insertions, 7 deletions

diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix
index 032ec1d..1dae737 100644
--- a/flora/services/cgit.nix
+++ b/flora/services/cgit.nix
@@ -56,10 +56,14 @@ let
   '';
 in
 {
-  services.fcgiwrap = {
+  services.fcgiwrap.instances.cgit.process = {
     user = "git";
     group = "users";
-    enable = true;
+  };
+  services.fcgiwrap.instances.cgit.socket = {
+    user = "git";
+    group = "users";
+    mode = "0622";
   };
 
   services.nginx.virtualHosts."stuebinm.eu" = {
@@ -69,7 +73,7 @@ in
     # this one should come last, behind the git-http-backend blocks
     locations."~ /git(/.*)".priority = 1100;
     locations."~ /git(/.*)".extraConfig = ''
-      fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+      fastcgi_pass  unix:${config.services.fcgiwrap.instances.cgit.socket.address};
       include       ${pkgs.nginx}/conf/fastcgi_params;
       fastcgi_param SCRIPT_FILENAME     ${pkgs.cgit}/cgit/cgit.cgi;
       fastcgi_param CGIT_CONFIG     ${pkgs.writeText "cgit.conf" cgitconf};
@@ -78,7 +82,7 @@ in
 
     locations."~ /git(/[^/]*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
       extraConfig = ''
-        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+        fastcgi_pass  unix:${config.services.fcgiwrap.instances.cgit.socket.address};
         include       ${pkgs.nginx}/conf/fastcgi_params;
         fastcgi_param SCRIPT_FILENAME     ${pkgs.gitMinimal}/bin/git-http-backend;
         fastcgi_param GIT_HTTP_EXPORT_ALL "";
@@ -89,7 +93,7 @@ in
 
     locations."~ /git/forks(/.*/(info/refs|git-(upload|receive)-pack|objects/info/packs))" = {
       extraConfig = ''
-        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+        fastcgi_pass  unix:${config.services.fcgiwrap.instances.cgit.socket.address};
         include       ${pkgs.nginx}/conf/fastcgi_params;
         fastcgi_param SCRIPT_FILENAME     ${pkgs.gitMinimal}/bin/git-http-backend;
         fastcgi_param GIT_HTTP_EXPORT_ALL "";
diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix
index 1d95255..4a9bf33 100644
--- a/flora/services/nginx.nix
+++ b/flora/services/nginx.nix
@@ -24,12 +24,24 @@
       enableACME = true;
       forceSSL = true;
       locations."~ (.*)".extraConfig = ''
-        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+        fastcgi_pass  unix:${config.services.fcgiwrap.instances.nomsing.socket.address};
         include       ${pkgs.nginx}/conf/fastcgi_params;
         fastcgi_param SCRIPT_FILENAME     ${lib.getExe pkgs.nomsring};
         fastcgi_param PATH_INFO           $1;
       '';
     };
   };
-  services.fcgiwrap.enable = true;
+
+  services.fcgiwrap.instances.nomsing = {
+    socket = {
+      user = "nomsring";
+      group = "users";
+      mode = "0622";
+    };
+  };
+
+  users.users.nomsring = {
+    isSystemUser = true;
+    group = "users";
+  };
 }