From a33ad0716dc2655d8a23c90ebcab6b5eaec813f3 Mon Sep 17 00:00:00 2001 From: stuebinm Date: Mon, 9 Sep 2024 18:44:29 +0200 Subject: flora/fcgiwrap: use separate instances --- flora/services/cgit.nix | 10 +++++++--- flora/services/nginx.nix | 16 ++++++++++++++-- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/flora/services/cgit.nix b/flora/services/cgit.nix index 032ec1d..1d307e3 100644 --- a/flora/services/cgit.nix +++ b/flora/services/cgit.nix @@ -56,10 +56,14 @@ let ''; in { - services.fcgiwrap = { + services.fcgiwrap.instances.cgit.process = { user = "git"; group = "users"; - enable = true; + }; + services.fcgiwrap.instances.cgit.socket = { + user = "git"; + group = "users"; + mode = "0622"; }; services.nginx.virtualHosts."stuebinm.eu" = { @@ -69,7 +73,7 @@ in # this one should come last, behind the git-http-backend blocks locations."~ /git(/.*)".priority = 1100; locations."~ /git(/.*)".extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param CGIT_CONFIG ${pkgs.writeText "cgit.conf" cgitconf}; diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix index 1d95255..4a9bf33 100644 --- a/flora/services/nginx.nix +++ b/flora/services/nginx.nix @@ -24,12 +24,24 @@ enableACME = true; forceSSL = true; locations."~ (.*)".extraConfig = '' - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.instances.nomsing.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${lib.getExe pkgs.nomsring}; fastcgi_param PATH_INFO $1; ''; }; }; - services.fcgiwrap.enable = true; + + services.fcgiwrap.instances.nomsing = { + socket = { + user = "nomsring"; + group = "users"; + mode = "0622"; + }; + }; + + users.users.nomsring = { + isSystemUser = true; + group = "users"; + }; } -- cgit v1.2.3