From 40f60919ab5f65a12e9a80ac4b75448ae4e3b77e Mon Sep 17 00:00:00 2001
From: Justin Humm <justin.humm@posteo.de>
Date: Wed, 17 Feb 2021 02:07:01 +0100
Subject: [PATCH] nixos/mastodon: fix group membership for nginx

4255954d972a67d2e50104cb4c72a0f22e1234dd set the StateDirectory to 0750,
but nginx wasn't in the Mastodon group. This commit also deletes a line,
that probably was intended to serve this purpose, but makes no sense.
Why should the Mastodon user be added as an extraGroup to the nginx
user?
---
 nixos/modules/services/web-apps/mastodon.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix
index 24aea356de4e..ea7aebc3b12d 100644
--- a/nixos/modules/services/web-apps/mastodon.nix
+++ b/nixos/modules/services/web-apps/mastodon.nix
@@ -111,7 +111,6 @@ in {
       group = lib.mkOption {
         description = ''
           Group under which mastodon runs.
-          If it is set to "mastodon", a group will be created.
         '';
         type = lib.types.str;
         default = "mastodon";
@@ -555,10 +554,9 @@ in {
         };
       })
       (lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package mastodonEnv ])
-      (lib.mkIf cfg.configureNginx {${config.services.nginx.user}.extraGroups = [ cfg.user ];})
     ];
 
-    users.groups.mastodon = lib.mkIf (cfg.group == "mastodon") { };
+    users.groups.${cfg.group}.members = lib.optional cfg.configureNginx config.services.nginx.user;
   };
 
   meta.maintainers = with lib.maintainers; [ happy-river erictapen ];