sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: change forgejo user to git and allow git to login

Browse source
This commit is contained in:
oddlama 2024-03-13 02:08:40 +01:00
parent 65b638443b
commit 1631c116fd
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
2 changed files with 20 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

23
hosts/ward/guests/forgejo.nix
View file

@ -78,14 +78,26 @@ in {
};
};
# Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
users.groups.git = {};
users.users.git = {
isSystemUser = true;
useDefaultShell = true;
group = "git";
home = config.services.forgejo.stateDir;
};
services.openssh = {
authorizedKeysFiles = lib.mkForce [
"${config.services.forgejo.stateDir}/.ssh/authorized_keys"
];
# Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
settings.AcceptEnv = "GIT_PROTOCOL";
};
environment.persistence."/persist".directories = [
{
directory = config.services.forgejo.stateDir;
user = "forgejo";
group = "forgejo";
inherit (config.services.forgejo) user group;
mode = "0700";
}
];
@ -94,6 +106,8 @@ in {
enable = true;
# TODO db backups
# dump.enable = true;
user = "git";
group = "git";
lfs.enable = true;
mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
settings = {
@ -148,6 +162,7 @@ in {
ROOT_URL = "https://${forgejoDomain}/";
LANDING_PAGE = "login";
SSH_PORT = 9922;
SSH_USER = "git";
};
service = {
DISABLE_REGISTRATION = false;