From 6d89835197a8e5a342d73b5e38dab06112312e9b Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Fri, 26 Dec 2025 09:29:43 +0100
Subject: refactor(tente): set www-data as an extra group

Log files shouldn't be owned by www-data.
---
 nixos/hosts/tente/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix
index 277bc58..e853d12 100644
--- a/nixos/hosts/tente/default.nix
+++ b/nixos/hosts/tente/default.nix
@@ -69,6 +69,13 @@ in
       ];
     };
 
+    nginx = {
+      isSystemUser = true;
+      extraGroups = [
+        "www-data"
+      ];
+    };
+
     www-generator = {
       isSystemUser = true;
       group = "www-generator";
@@ -105,7 +112,6 @@ in
 
   services.nginx = {
     enable = true;
-    group = "www-data";
 
     virtualHosts."tente.tailnet" = helpers.serviceIndexHost "tente.tailnet" ports.webUis;
 
-- 
cgit v1.3.1