From b7d0e237035e4f616c719d36bf3e988dc416b3ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 02:38:46 +0100 Subject: [PATCH 1/4] refactor: add nginx to mastodon group in mastodon module --- hosts/nachtigall/apps/mastodon.nix | 3 +++ hosts/nachtigall/apps/nginx.nix | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index 18299a1..c1b7dfa 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -32,6 +32,9 @@ owner = config.services.mastodon.user; }; + # Nginx user needs access to mastodon unix sockets + users.users.nginx.extraGroups = [ "mastodon" ]; + services.mastodon = { enable = true; # Different from WEB_DOMAIN in our case diff --git a/hosts/nachtigall/apps/nginx.nix b/hosts/nachtigall/apps/nginx.nix index 2715583..9849b82 100644 --- a/hosts/nachtigall/apps/nginx.nix +++ b/hosts/nachtigall/apps/nginx.nix @@ -17,8 +17,6 @@ in { }; recommendedProxySettings = true; }; - # Nginx user needs access to mastodon unix sockets - users.users.nginx.extraGroups = [ "mastodon" ]; security.acme = { acceptTerms = true; -- 2.44.1 From f1fc31eea701daccc72ad7bcec729f729a8b97b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 29 Oct 2023 02:39:32 +0100 Subject: [PATCH 2/4] fix: update mailman nginx https settings --- hosts/nachtigall/apps/mailman.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index b01b380..286912d 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -8,6 +8,13 @@ { networking.firewall.allowedTCPPorts = [25]; + users.users.nginx.extraGroups = [ "mailman" ]; + + services.nginx.virtualHosts."list.pub.solar" = { + enableACME = true; + forceSSL = true; + }; + services.postfix = { enable = true; relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; -- 2.44.1 From e859cbbc102a15d5328ec16c04b3c6d3d811c412 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 02:48:51 +0100 Subject: [PATCH 3/4] fix: reduce forgejo logs to warning level --- hosts/nachtigall/apps/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index f5fe0f9..187b969 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -46,6 +46,7 @@ HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3000; }; + log.LEVEL = "Warn"; mailer = { ENABLED = true; PROTOCOL = "smtps"; -- 2.44.1 From 5aa4f8b947c4dcc23a0fd9d3074c8746b8316d44 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 29 Oct 2023 02:49:09 +0100 Subject: [PATCH 4/4] fix: mailman web static dir permissions --- hosts/nachtigall/apps/mailman.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index 286912d..4b79396 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -14,6 +14,12 @@ enableACME = true; forceSSL = true; }; + # Tweak permissions so nginx can read and serve the static assets + # (otherwise /var/lib/mailman-web is mode 0600) + # https://nixos.wiki/wiki/Mailman + systemd.services.mailman-settings.script = '' + chmod o+x /var/lib/mailman-web-static + ''; services.postfix = { enable = true; -- 2.44.1