From d577fb1d1abf6b4c37580c4fd8ae12bc1dd406ff Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Tue, 1 Aug 2023 02:10:10 +0200
Subject: [PATCH] fix(forgejo): use correct group for secret

---
 hosts/ward/microvms/forgejo.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hosts/ward/microvms/forgejo.nix b/hosts/ward/microvms/forgejo.nix
index f91f822..5588ce7 100644
--- a/hosts/ward/microvms/forgejo.nix
+++ b/hosts/ward/microvms/forgejo.nix
@@ -7,6 +7,7 @@
   ...
 }: let
   sentinelCfg = nodes.sentinel.config;
+  # XXX: other domain on other proxy?
   forgejoDomain = "git.${sentinelCfg.repo.secrets.local.personalDomain}";
 in {
   # TODO forward ssh port
@@ -16,8 +17,8 @@ in {
 
   age.secrets.forgejo-mailer-password = {
     rekeyFile = config.node.secretsDir + "/forgejo-mailer-password.age";
-    mode = "400";
-    group = "forgejo";
+    mode = "440";
+    inherit (config.services.gitea) group;
   };
 
   nodes.sentinel = {