diff options
| author | Vincent Ambo <tazjin@google.com> | 2020-04-22T11·03+0100 |
|---|---|---|
| committer | Vincent Ambo <tazjin@google.com> | 2020-04-22T11·04+0100 |
| commit | 8465a5435bf5b33caeebd93db3a1af11178e2722 (patch) | |
| tree | 9c80e09f48d71f3759edc902b9a2ac8c0ff3d88c | |
| parent | eeff42a7c1b1e1289cd13e9fb980ffee7429f286 (diff) | |
fix(ops/nixos/camden): Introduce brute-force nginx issue fix r/669
This adds a timer running every minute that fixes the nginx permissions that were broken in NixOS 20.03
| -rw-r--r-- | ops/nixos/camden/default.nix | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix index 3bb340212463..0528e5c3585b 100644 --- a/ops/nixos/camden/default.nix +++ b/ops/nixos/camden/default.nix @@ -173,6 +173,25 @@ in lib.fix(self: { }; }; + # NixOS 20.03 broke nginx and I can't be bothered to debug it + # anymore, all solution attempts have failed, so here's a + # brute-force fix. + systemd.services.fix-nginx = { + script = "${nixpkgs.coreutils}/bin/chown -R nginx: /var/spool/nginx"; + + serviceConfig = { + User = "root"; + Type = "oneshot"; + }; + }; + + systemd.timers.fix-nginx = { + wantedBy = [ "multi-user.target" ]; + timerConfig = { + OnCalendar = "minutely"; + }; + }; + # Provision a TLS certificate outside of nginx to avoid # nixpkgs#38144 security.acme = { |