fixed forgejo ssh

modules/nixos-modules/server/forgejo.nix

@@ -33,31 +33,32 @@ in {
         };
       };
 
-      services.forgejo = {
-        enable = true;
-        database = {
-          type = "postgres";
-          socket = "/run/postgresql";
-        };
-        lfs.enable = true;
-        settings = {
-          server = {
-            DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
-            HTTP_PORT = forgejoPort;
-            START_SSH_SERVER = true;
-            SSH_LISTEN_PORT = sshPort;
-            SSH_PORT = 22;
-            # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys
-            BUILTIN_SSH_SERVER_USER = "git";
-            ROOT_URL = "https://git.jan-leila.com:";
-          };
-          service = {
-            DISABLE_REGISTRATION = true;
-          };
+      services = {
+        forgejo = {
+          enable = true;
           database = {
-            DB_TYPE = "postgres";
-            NAME = db_user;
-            USER = db_user;
+            type = "postgres";
+            socket = "/run/postgresql";
+          };
+          lfs.enable = true;
+          settings = {
+            server = {
+              DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}";
+              HTTP_PORT = forgejoPort;
+              START_SSH_SERVER = true;
+              SSH_LISTEN_PORT = sshPort;
+              SSH_PORT = 22;
+              BUILTIN_SSH_SERVER_USER = config.users.users.git.name;
+              ROOT_URL = "https://git.jan-leila.com";
+            };
+            service = {
+              DISABLE_REGISTRATION = true;
+            };
+            database = {
+              DB_TYPE = "postgres";
+              NAME = db_user;
+              USER = db_user;
+            };
           };
         };
       };

modules/nixos-modules/users.nix

@@ -20,9 +20,9 @@
     adguardhome = 2003;
     hass = 2004;
     headscale = 2005;
-    nextcloud = 2006;
     syncthing = 2007;
     ollama = 2008;
+    git = 2009;
   };
 
   gids = {
@@ -35,9 +35,9 @@
     adguardhome = 2003;
     hass = 2004;
     headscale = 2005;
-    nextcloud = 2006;
     syncthing = 2007;
     ollama = 2008;
+    git = 2009;
   };
 
   users = config.users.users;
@@ -141,12 +141,6 @@ in {
             group = config.users.users.headscale.name;
           };
 
-          nextcloud = {
-            uid = lib.mkForce uids.nextcloud;
-            isSystemUser = true;
-            group = config.users.users.nextcloud.name;
-          };
-
           syncthing = {
             uid = lib.mkForce uids.syncthing;
             isSystemUser = true;
@@ -158,6 +152,13 @@ in {
             isSystemUser = true;
             group = config.users.users.ollama.name;
           };
+
+          git = {
+            uid = lib.mkForce uids.git;
+            isSystemUser = !config.services.forgejo.enable;
+            isNormalUser = config.services.forgejo.enable;
+            group = config.users.users.git.name;
+          };
         };
 
         groups = {
@@ -232,14 +233,6 @@ in {
             ];
           };
 
-          nextcloud = {
-            gid = lib.mkForce gids.nextcloud;
-            members = [
-              users.nextcloud.name
-              # leyla
-            ];
-          };
-
           syncthing = {
             gid = lib.mkForce gids.syncthing;
             members = [
@@ -255,6 +248,13 @@ in {
               users.ollama.name
             ];
           };
+
+          git = {
+            gid = lib.mkForce gids.git;
+            members = [
+              users.git.name
+            ];
+          };
         };
       };
     }