about summary refs log tree commit diff
diff options
context:
space:
mode:
authorNguyễn Gia Phong <mcsinyx@disroot.org>2022-06-14 01:22:31 +0900
committerNguyễn Gia Phong <mcsinyx@disroot.org>2022-06-14 01:22:31 +0900
commit266e0aaca33ab96758ebb3ded4dc2cd825b1089e (patch)
tree5a5121858c7f618c83b739d793c0da460b68d642
parent94c4044b75ba799658c98949b0d6c144a39d8774 (diff)
downloadnixos-conf-266e0aaca33ab96758ebb3ded4dc2cd825b1089e.tar.gz
Prevent PGP private key from mode 644
-rw-r--r--sourcehut.nix22
1 files changed, 12 insertions, 10 deletions
diff --git a/sourcehut.nix b/sourcehut.nix
index 20a248f..6d0f2ac 100644
--- a/sourcehut.nix
+++ b/sourcehut.nix
@@ -17,7 +17,12 @@
 # along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
 
 { config, lib, ... }:
-let domain = config.networking.domain;
+let
+  domain = config.networking.domain;
+  common = {
+    enable = true;
+    group = "srht";
+  };
 in {
   services = {
     nginx.virtualHosts."hub.${domain}".serverAliases = lib.mkForce [ ];
@@ -29,14 +34,11 @@ in {
 
     sourcehut = {
       enable = true;
-      git = {
-        enable = true;
-        port = 5200; # 5001 used by IPFS
-      };
-      hub.enable = true;
-      lists.enable = true;
-      man.enable = true;
-      meta.enable = true;
+      git = common // { port = 5200; }; # 5001 used by IPFS
+      hub = common;
+      lists = common;
+      man = common;
+      meta = common;
 
       nginx = {
         enable = true;
@@ -92,7 +94,7 @@ in {
         webhooks.private-key = "/var/lib/sourcehut/webhook.key";
       };
 
-      todo.enable = true;
+      todo = common;
     };
   };
 }