diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/users.nix | 22 | ||||
| -rw-r--r-- | config/web-server.nix | 2 |
2 files changed, 21 insertions, 3 deletions
diff --git a/config/users.nix b/config/users.nix index 0eb7dcb..c6acbe8 100644 --- a/config/users.nix +++ b/config/users.nix @@ -9,13 +9,17 @@ in { home = "/home/orbekk"; uid = 1000; description = "KJ"; - extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd"]; + extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly"]; openssh.authorizedKeys.keyFiles = [ ../data/pincer_rsa.pub ../data/yubikey_rsa.pub ]; }; - fcgi = { name = "fcgi"; group = "fcgi"; uid = 500; }; + fcgi = { + group = "fcgi"; + extraGroups = ["readonly"]; + uid = 500; + }; systemhttpd = { name = "systemhttpd"; group = "systemhttpd"; @@ -44,6 +48,19 @@ in { uid = 505; home = "/var/lib/terraria"; }; + readonly = { + group = "readonly"; + createHome = false; + uid = 506; + useDefaultShell = true; + home = "/storage"; + }; + mpd = lib.optionalAttrs config.services.mpd.enable { + extraGroups = ["readonly"]; + }; + nginx = lib.optionalAttrs config.services.nginx.enable { + extraGroups = ["readonly"]; + }; }; extraGroups = { fcgi = { name = "fcgi"; gid = 500; }; @@ -52,6 +69,7 @@ in { linoquotes = { name = "linoquotes"; gid = 503; }; stats = { name = "stats"; gid = 504; }; terraria = { name = "terraria"; gid = 505; }; + readonly = { gid = 506; }; }; }; } diff --git a/config/web-server.nix b/config/web-server.nix index 9dfe528..4a126dc 100644 --- a/config/web-server.nix +++ b/config/web-server.nix @@ -90,7 +90,7 @@ }; }; "kufieta.net" = template // { - locations."/".proxyPass = "http://10.0.20.13"; + # locations."/".proxyPass = "http://10.0.20.13"; }; }; }; |