From 9a940960448864e18978786c14e5ca5354603d2b Mon Sep 17 00:00:00 2001
From: Skullheadx <admonty1@protonmail.com>
Date: Sun, 31 May 2026 19:20:01 -0400
Subject: [PATCH] nginx show all projects

---
 hosts/icon/configuration.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hosts/icon/configuration.nix b/hosts/icon/configuration.nix
index 0c6ad15..e089f6b 100644
--- a/hosts/icon/configuration.nix
+++ b/hosts/icon/configuration.nix
@@ -10,6 +10,12 @@
   ];
 
   users.groups.git = {};
+  users.users.nginx.extraGroups = ["git"];
+  systemd.services.nginx.serviceConfig = {
+    SupplementaryGroups = ["git"];
+    ReadOnlyPaths = ["/srv/git" "/srv"];
+  };
+  # systemd.services.fcgiwrap.serviceConfig.ReadOnlyPaths = ["/srv/git"];
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users = {
     andrew = {
@@ -27,6 +33,7 @@
       group = "git";
       home = "/srv/git";
       createHome = true;
+      homeMode = "755";
       openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfIZMlXeTEi0YoOq36WNo6xPoolqvoS77ygtKaySkoG admonty1@protonmail.com"
       ];
-- 
2.54.0