fix(ops/nixos/camden): Introduce brute-force nginx issue fix r/669

This adds a timer running every minute that fixes the nginx permissions that were broken in NixOS 20.03
author: Vincent Ambo <tazjin@google.com> 2020-04-22T11·03+0100
committer: Vincent Ambo <tazjin@google.com> 2020-04-22T11·04+0100
commit: 8465a5435bf5b33caeebd93db3a1af11178e2722 (patch)
tree: 9c80e09f48d71f3759edc902b9a2ac8c0ff3d88c /ops
parent: eeff42a7c1b1e1289cd13e9fb980ffee7429f286 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index 3bb3402124..0528e5c358 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -173,6 +173,25 @@ in lib.fix(self: {
     };
   };
 
+  # NixOS 20.03 broke nginx and I can't be bothered to debug it
+  # anymore, all solution attempts have failed, so here's a
+  # brute-force fix.
+  systemd.services.fix-nginx = {
+    script = "${nixpkgs.coreutils}/bin/chown -R nginx: /var/spool/nginx";
+
+    serviceConfig = {
+      User = "root";
+      Type = "oneshot";
+    };
+  };
+
+  systemd.timers.fix-nginx = {
+    wantedBy = [ "multi-user.target" ];
+    timerConfig = {
+      OnCalendar = "minutely";
+    };
+  };
+
   # Provision a TLS certificate outside of nginx to avoid
   # nixpkgs#38144
   security.acme = {
author	Vincent Ambo <tazjin@google.com>	2020-04-22T11·03+0100
committer	Vincent Ambo <tazjin@google.com>	2020-04-22T11·04+0100
commit	8465a5435bf5b33caeebd93db3a1af11178e2722 (patch)
tree	9c80e09f48d71f3759edc902b9a2ac8c0ff3d88c /ops
parent	eeff42a7c1b1e1289cd13e9fb980ffee7429f286 (diff)