From a97bef3e8c58334a859a76bdf8118cf071a894d8 Mon Sep 17 00:00:00 2001
From: Mathijs Kwik <mathijs@bluescreen303.nl>
Date: Tue, 3 Jun 2014 16:00:27 +0200
Subject: [PATCH] nixos/nginx: fix group and stateDir permissions

furthermore, I don't think adding nginx to systemPackages is of any use.
---
 nixos/modules/services/web-servers/nginx/default.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index ff94ee42d28d..7c2d3a42973a 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -84,8 +84,6 @@ in
   };
 
   config = mkIf cfg.enable {
-    environment.systemPackages = [ nginx ];
-
     # TODO: test user supplied config file pases syntax test
 
     systemd.services.nginx = {
@@ -96,6 +94,7 @@ in
       preStart =
         ''
         mkdir -p ${cfg.stateDir}/logs
+        chmod 700 ${cfg.stateDir}
         chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
         '';
       serviceConfig = {
@@ -105,7 +104,7 @@ in
 
     users.extraUsers = optionalAttrs (cfg.user == "nginx") (singleton
       { name = "nginx";
-        group = "nginx";
+        group = cfg.group;
         uid = config.ids.uids.nginx;
       });