frumar: fix /home/public permissions
parent
d15e863f24
commit
9312548943
|
@ -9,6 +9,7 @@ in {
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
systemd.services.nginx.serviceConfig = {
|
systemd.services.nginx.serviceConfig = {
|
||||||
ProtectHome = "tmpfs";
|
ProtectHome = "tmpfs";
|
||||||
|
UMask = lib.mkForce "0022";
|
||||||
BindReadOnlyPaths = [ "/home/public/public" ];
|
BindReadOnlyPaths = [ "/home/public/public" ];
|
||||||
};
|
};
|
||||||
users.extraUsers.public = {
|
users.extraUsers.public = {
|
||||||
|
@ -16,7 +17,7 @@ in {
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ public ];
|
openssh.authorizedKeys.keys = with (import ../sshkeys.nix); [ public ];
|
||||||
createHome = true;
|
createHome = false; # sets wrong permissions
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts.${cfg.vhost} = {
|
services.nginx.virtualHosts.${cfg.vhost} = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
Loading…
Reference in New Issue