fixed forgejo ssh

2025-03-14 19:49:11 -05:00 · 2025-03-14 19:49:11 -05:00 · 44d6b4827d
commit 44d6b4827d
parent 34dce8d9d1
2 changed files with 41 additions and 40 deletions
--- a/modules/nixos-modules/server/forgejo.nix
+++ b/modules/nixos-modules/server/forgejo.nix
@ -33,31 +33,32 @@ in {
        };
      };
-      services.forgejo = {
+      services = {
-        enable = true;
+        forgejo = {
-        database = {
+          enable = true;
          type = "postgres";
          socket = "/run/postgresql";
        };
        lfs.enable = true;
        settings = {
          server = {
            DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
            HTTP_PORT = forgejoPort;
            START_SSH_SERVER = true;
            SSH_LISTEN_PORT = sshPort;
            SSH_PORT = 22;
            # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys
            BUILTIN_SSH_SERVER_USER = "git";
            ROOT_URL = "https://git.jan-leila.com:";
          };
          service = {
            DISABLE_REGISTRATION = true;
          };
          database = {
-            DB_TYPE = "postgres";
+            type = "postgres";
-            NAME = db_user;
+            socket = "/run/postgresql";
-            USER = db_user;
+          };
          lfs.enable = true;
          settings = {
            server = {
              DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
              HTTP_PORT = forgejoPort;
              START_SSH_SERVER = true;
              SSH_LISTEN_PORT = sshPort;
              SSH_PORT = 22;
              BUILTIN_SSH_SERVER_USER = config.users.users.git.name;
              ROOT_URL = "https://git.jan-leila.com";
            };
            service = {
              DISABLE_REGISTRATION = true;
            };
            database = {
              DB_TYPE = "postgres";
              NAME = db_user;
              USER = db_user;
            };
          };
        };
      };
--- a/modules/nixos-modules/users.nix
+++ b/modules/nixos-modules/users.nix
@ -20,9 +20,9 @@
    adguardhome = 2003;
    hass = 2004;
    headscale = 2005;
    nextcloud = 2006;
    syncthing = 2007;
    ollama = 2008;
    git = 2009;
  };
  gids = {
@ -35,9 +35,9 @@
    adguardhome = 2003;
    hass = 2004;
    headscale = 2005;
    nextcloud = 2006;
    syncthing = 2007;
    ollama = 2008;
    git = 2009;
  };
  users = config.users.users;
@ -141,12 +141,6 @@ in {
            group = config.users.users.headscale.name;
          };
          nextcloud = {
            uid = lib.mkForce uids.nextcloud;
            isSystemUser = true;
            group = config.users.users.nextcloud.name;
          };
          syncthing = {
            uid = lib.mkForce uids.syncthing;
            isSystemUser = true;
@ -158,6 +152,13 @@ in {
            isSystemUser = true;
            group = config.users.users.ollama.name;
          };
          git = {
            uid = lib.mkForce uids.git;
            isSystemUser = !config.services.forgejo.enable;
            isNormalUser = config.services.forgejo.enable;
            group = config.users.users.git.name;
          };
        };
        groups = {
@ -232,14 +233,6 @@ in {
            ];
          };
          nextcloud = {
            gid = lib.mkForce gids.nextcloud;
            members = [
              users.nextcloud.name
              # leyla
            ];
          };
          syncthing = {
            gid = lib.mkForce gids.syncthing;
            members = [
@ -255,6 +248,13 @@ in {
              users.ollama.name
            ];
          };
          git = {
            gid = lib.mkForce gids.git;
            members = [
              users.git.name
            ];
          };
        };
      };
    }