unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* How do I put assign supplementary groups to nginx user?
@ 2024-03-19  5:53 Jayesh Bhoot
  2024-03-19 12:42 ` Thompson, David
  0 siblings, 1 reply; 2+ messages in thread
From: Jayesh Bhoot @ 2024-03-19  5:53 UTC (permalink / raw)
  To: help-guix

Hello,

I am setting up a git server with Guix System with the following configuration:

- A git user with home directory set to /srv/git, so that git repos can be hosted from /srv, and the repo urls can have the shortest path possible, like git@server:test-repo.git.
- A git group to which the git user is assigned.
- cgit-service-type to serve a read-only view of the repos, with nginx acting as the server.

In order to serve the repos, nginx needs access to /srv/git. But, /srv/git, being a home directory, has the configuration of 700 git:git by default. I need to loosen up its permissions to at least 750 so that the git group members can read the directory, and add nginx user to the git group.

How do I encode the following withing the system-configuration.scm?

- add nginx user to git supplementary group. Neither (cgit-service-type) not (nginx-configuration) provide option to edit nginx's supplementary group, and %nginx-accounts does not seem to be exported.
- modify permissions of home directory /srv/git to 750. (user-account) does not seem to have this option.

I saw a similar question in the mailing list from 2017, but that one didn't end with a solution: https://lists.gnu.org/archive/html/help-guix/2017-06/msg00052.html

P.S.: Please interpert all of the above with the context that I have spent only about a weekend with Guix and Guile.


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: How do I put assign supplementary groups to nginx user?
  2024-03-19  5:53 How do I put assign supplementary groups to nginx user? Jayesh Bhoot
@ 2024-03-19 12:42 ` Thompson, David
  0 siblings, 0 replies; 2+ messages in thread
From: Thompson, David @ 2024-03-19 12:42 UTC (permalink / raw)
  To: Jayesh Bhoot; +Cc: help-guix

Hi Jayesh,

On Tue, Mar 19, 2024 at 2:44 AM Jayesh Bhoot <jysh@jysh.net> wrote:
>
> Hello,
>
> I am setting up a git server with Guix System with the following configuration:
>
> - A git user with home directory set to /srv/git, so that git repos can be hosted from /srv, and the repo urls can have the shortest path possible, like git@server:test-repo.git.
> - A git group to which the git user is assigned.
> - cgit-service-type to serve a read-only view of the repos, with nginx acting as the server.
>
> In order to serve the repos, nginx needs access to /srv/git. But, /srv/git, being a home directory, has the configuration of 700 git:git by default. I need to loosen up its permissions to at least 750 so that the git group members can read the directory, and add nginx user to the git group.
>
> How do I encode the following withing the system-configuration.scm?
>
> - add nginx user to git supplementary group. Neither (cgit-service-type) not (nginx-configuration) provide option to edit nginx's supplementary group, and %nginx-accounts does not seem to be exported.
> - modify permissions of home directory /srv/git to 750. (user-account) does not seem to have this option.

Unfortunately, some Guix services lack flexibility when it comes to
groups. The nginx service is one of them. My workaround for using
nginx and cgit together has been to make a modified nginx service that
adds the 'git' group to the 'nginx' user's supplementary groups.

Regarding file permissions, I use the gitolite service which creates a
home directory that's readable by the 'git' group.  To do so without
gitolite probably requires a similar modification of the cgit service
to modify the permission bits of the 'git' user's home directory.

Maybe my config source will help you:
https://git.dthompson.us/guix-config/tree/dthompson/machines/takemi.scm#n21

Good luck!

- Dave


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-03-19 12:43 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-19  5:53 How do I put assign supplementary groups to nginx user? Jayesh Bhoot
2024-03-19 12:42 ` Thompson, David

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).