diff options
Diffstat (limited to 'nixos/modules/services/web-apps/pretix.nix')
| -rw-r--r-- | nixos/modules/services/web-apps/pretix.nix | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/nixos/modules/services/web-apps/pretix.nix b/nixos/modules/services/web-apps/pretix.nix index 22ee9769aa923..498face7456db 100644 --- a/nixos/modules/services/web-apps/pretix.nix +++ b/nixos/modules/services/web-apps/pretix.nix @@ -468,7 +468,7 @@ in StateDirectory = [ "pretix" ]; - StateDirectoryMode = "0755"; + StateDirectoryMode = "0750"; CacheDirectory = "pretix"; LogsDirectory = "pretix"; WorkingDirectory = cfg.settings.pretix.datadir; @@ -507,7 +507,7 @@ in "~@privileged" "@chown" ]; - UMask = "0022"; + UMask = "0027"; }; }; in { @@ -561,6 +561,8 @@ in wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = "${getExe' pythonEnv "celery"} -A pretix.celery_app worker ${cfg.celery.extraArgs}"; }; + + nginx.serviceConfig.SupplementaryGroups = mkIf cfg.nginx.enable [ "pretix" ]; }; systemd.sockets.pretix-web.socketConfig = { @@ -569,11 +571,9 @@ in }; users = { - groups."${cfg.group}" = {}; - users."${cfg.user}" = { + groups.${cfg.group} = {}; + users.${cfg.user} = { isSystemUser = true; - createHome = true; - home = cfg.settings.pretix.datadir; inherit (cfg) group; }; }; |