diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index f5fe0f9d..187b9690 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -46,6 +46,7 @@ HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3000; }; + log.LEVEL = "Warn"; mailer = { ENABLED = true; PROTOCOL = "smtps"; diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index b01b3808..4b79396f 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -8,6 +8,19 @@ { networking.firewall.allowedTCPPorts = [25]; + users.users.nginx.extraGroups = [ "mailman" ]; + + services.nginx.virtualHosts."list.pub.solar" = { + enableACME = true; + forceSSL = true; + }; + # Tweak permissions so nginx can read and serve the static assets + # (otherwise /var/lib/mailman-web is mode 0600) + # https://nixos.wiki/wiki/Mailman + systemd.services.mailman-settings.script = '' + chmod o+x /var/lib/mailman-web-static + ''; + services.postfix = { enable = true; relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index 18299a1e..c1b7dfaa 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -32,6 +32,9 @@ owner = config.services.mastodon.user; }; + # Nginx user needs access to mastodon unix sockets + users.users.nginx.extraGroups = [ "mastodon" ]; + services.mastodon = { enable = true; # Different from WEB_DOMAIN in our case diff --git a/hosts/nachtigall/apps/nginx.nix b/hosts/nachtigall/apps/nginx.nix index 27155837..9849b820 100644 --- a/hosts/nachtigall/apps/nginx.nix +++ b/hosts/nachtigall/apps/nginx.nix @@ -17,8 +17,6 @@ in { }; recommendedProxySettings = true; }; - # Nginx user needs access to mastodon unix sockets - users.users.nginx.extraGroups = [ "mastodon" ]; security.acme = { acceptTerms = true;