Correction des permissions

2025-06-28 09:54:55 +02:00 · 2025-06-28 09:54:55 +02:00 · abcf6977cc
parent 1fe25c1b5f
commit abcf6977cc
2 changed files with 21 additions and 17 deletions
--- a/hosts/vm/reverseproxy/default.nix
+++ b/hosts/vm/reverseproxy/default.nix
@ -140,6 +140,7 @@ in {
  boot.loader.grub.devices = [ "/dev/sda" ];
  users.users."nginx".home = "/var/lib/nginx";
  users.users."anubis".extraGroups = [ "nginx" ];
  crans = {
    enable = true;
--- a/modules/services/reverseproxy.nix
+++ b/modules/services/reverseproxy.nix
@ -95,23 +95,26 @@ in
  };
  config.services = mkIf cfg.enable {
-    anubis.instances = mapAttrs (
+    anubis = {
-      vhostName: vhostConfig: {
+      defaultOptions.group = "nginx";
-        enable = true;
+      instances = mapAttrs (
-        settings = {
+        vhostName: vhostConfig: {
-          BIND = "/run/anubis/anubis-${vhostName}.sock";
+          enable = true;
-          BIND_NETWORK = "unix";
+          settings = {
-          TARGET = "unix:///run/nginx/nginx-${vhostName}.sock";
+            BIND = "/run/anubis/anubis-${vhostName}.sock";
-          COOKIE_DOMAIN = "crans.org";
+            BIND_NETWORK = "unix";
-          REDIRECT_DOMAINS = "${vhostName}.crans.org";
+            TARGET = "unix:///run/nginx/nginx-${vhostName}.sock";
-          SOCKET_MODE = "0666";
+            COOKIE_DOMAIN = "crans.org";
-          POLICY_FNAME =
+            REDIRECT_DOMAINS = "${vhostName}.crans.org";
-            if (vhostConfig.anubisConfig == "")
+            SOCKET_MODE = "0660";
-            then allowAll
+            POLICY_FNAME =
-            else vhostConfig.anubisConfig;
+              if (vhostConfig.anubisConfig == "")
-        };
+              then allowAll
-      }
+              else vhostConfig.anubisConfig;
-    ) cfg.virtualHosts;
+          };
        }
      ) cfg.virtualHosts;
    };
    nginx =
      let