set the mollysocket user to fix permissions

2025-01-14 14:31:52 +01:00 · 2025-01-14 14:31:52 +01:00 · 0fd416429e
parent 4f37f97cc2
commit 0fd416429e
1 changed files with 11 additions and 2 deletions
--- a/nixos/server/package-configs/mollysocket/default.nix
+++ b/nixos/server/package-configs/mollysocket/default.nix
@ -1,6 +1,11 @@
-{config, ...}: {
+{config, ...}: let
+  mollySocketUser = "mollysocket";
+in {
  sops.secrets."mollysocket-vapid-key".mode = "0440";
-  sops.secrets."mollysocket-vapid-key".owner = config.users.users.root.name;
+  sops.secrets."mollysocket-vapid-key" = {
+    owner = mollySocketUser;
+    group = mollySocketUser;
+  };

  services.mollysocket = {
    enable = true;
@ -12,6 +17,10 @@
      webserver = true;
    };
  };
+  systemd.services.mollysocket.serviceConfig = {
+    User = mollySocketUser;
+    Group = mollySocketUser;
+  };
  services.nginx = {
    virtualHosts = {
      "molly.gladtherescake.eu" = {