From 8465a5435bf5b33caeebd93db3a1af11178e2722 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <tazjin@google.com>
Date: Wed, 22 Apr 2020 12:03:04 +0100
Subject: fix(ops/nixos/camden): Introduce brute-force nginx issue fix

This adds a timer running every minute that fixes the nginx
permissions that were broken in NixOS 20.03
---
 ops/nixos/camden/default.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index 3bb3402124..0528e5c358 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -173,6 +173,25 @@ in lib.fix(self: {
     };
   };
 
+  # NixOS 20.03 broke nginx and I can't be bothered to debug it
+  # anymore, all solution attempts have failed, so here's a
+  # brute-force fix.
+  systemd.services.fix-nginx = {
+    script = "${nixpkgs.coreutils}/bin/chown -R nginx: /var/spool/nginx";
+
+    serviceConfig = {
+      User = "root";
+      Type = "oneshot";
+    };
+  };
+
+  systemd.timers.fix-nginx = {
+    wantedBy = [ "multi-user.target" ];
+    timerConfig = {
+      OnCalendar = "minutely";
+    };
+  };
+
   # Provision a TLS certificate outside of nginx to avoid
   # nixpkgs#38144
   security.acme = {
-- 
cgit 1.4.1