···

       
12
       
12
       
 
       
      brotli

     

       
13
       
13
       
 
       
    ];

     

       
14
       
14
       
 
       
  };

     

       
15
       
15
       
+
       


     

       
16
       
16
       
+
       
  # necessary for stuff like backup-public.nix and user.nix

     

       
17
       
17
       
+
       
  systemd.services.nginx.serviceConfig.ProtectHome = "tmpfs";

     

       
15
       
18
       
 
       
}

     

···

       
15
       
15
       
 
       
    };

     

       
16
       
16
       
 
       
  };

     

       
17
       
17
       
 
       


     

       
18
       
18
       
-
       
  systemd.services.nginx.serviceConfig.ReadOnlyPaths = lib.singleton "/home/backup/public";

     

       
18
       
18
       
+
       
  systemd.services.nginx.serviceConfig.BindReadOnlyPaths = lib.singleton "/home/backup/public";

     

       
19
       
19
       
 
       
  users.users.nginx.extraGroups = lib.singleton config.users.users.backup.name;

     

       
20
       
20
       
 
       
}

     

···

       
28
       
28
       
 
       
      extraConfig = "autoindex on;";

     

       
29
       
29
       
 
       
    };

     

       
30
       
30
       
 
       
  };

     

       
31
       
31
       
-
       
  systemd.services.nginx.serviceConfig.ReadOnlyPaths = lib.singleton "/home/cassie/Web";

     

       
31
       
31
       
+
       
  systemd.services.nginx.serviceConfig.BindReadOnlyPaths = lib.singleton "/home/cassie/Web";

     

       
32
       
32
       
 
       
}