fixed forgejo ssh

2025-03-14 19:49:11 -05:00 · 2025-03-14 19:49:11 -05:00 · 44d6b4827d
parent 34dce8d9d1
commit 44d6b4827d
2 changed files with 41 additions and 40 deletions
--- a/modules/nixos-modules/server/forgejo.nix
+++ b/modules/nixos-modules/server/forgejo.nix
@ -33,7 +33,8 @@ in {
        };
      };

-      services.forgejo = {
+      services = {
+        forgejo = {
          enable = true;
          database = {
            type = "postgres";
@ -47,9 +48,8 @@ in {
              START_SSH_SERVER = true;
              SSH_LISTEN_PORT = sshPort;
              SSH_PORT = 22;
-            # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys
-            BUILTIN_SSH_SERVER_USER = "git";
-            ROOT_URL = "https://git.jan-leila.com:";
+              BUILTIN_SSH_SERVER_USER = config.users.users.git.name;
+              ROOT_URL = "https://git.jan-leila.com";
            };
            service = {
              DISABLE_REGISTRATION = true;
@ -61,6 +61,7 @@ in {
            };
          };
        };
+      };

      networking.firewall.allowedTCPPorts = [
        config.services.forgejo.settings.server.SSH_LISTEN_PORT
--- a/modules/nixos-modules/users.nix
+++ b/modules/nixos-modules/users.nix
@ -20,9 +20,9 @@
    adguardhome = 2003;
    hass = 2004;
    headscale = 2005;
-    nextcloud = 2006;
    syncthing = 2007;
    ollama = 2008;
+    git = 2009;
  };

  gids = {
@ -35,9 +35,9 @@
    adguardhome = 2003;
    hass = 2004;
    headscale = 2005;
-    nextcloud = 2006;
    syncthing = 2007;
    ollama = 2008;
+    git = 2009;
  };

  users = config.users.users;
@ -141,12 +141,6 @@ in {
            group = config.users.users.headscale.name;
          };

-          nextcloud = {
-            uid = lib.mkForce uids.nextcloud;
-            isSystemUser = true;
-            group = config.users.users.nextcloud.name;
-          };
-
          syncthing = {
            uid = lib.mkForce uids.syncthing;
            isSystemUser = true;
@ -158,6 +152,13 @@ in {
            isSystemUser = true;
            group = config.users.users.ollama.name;
          };
+
+          git = {
+            uid = lib.mkForce uids.git;
+            isSystemUser = !config.services.forgejo.enable;
+            isNormalUser = config.services.forgejo.enable;
+            group = config.users.users.git.name;
+          };
        };

        groups = {
@ -232,14 +233,6 @@ in {
            ];
          };

-          nextcloud = {
-            gid = lib.mkForce gids.nextcloud;
-            members = [
-              users.nextcloud.name
-              # leyla
-            ];
-          };
-
          syncthing = {
            gid = lib.mkForce gids.syncthing;
            members = [
@ -255,6 +248,13 @@ in {
              users.ollama.name
            ];
          };
+
+          git = {
+            gid = lib.mkForce gids.git;
+            members = [
+              users.git.name
+            ];
+          };
        };
      };
    }