From 5074bbeae4fa3605646cfd22f7d8a3b08ccdae9e Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Fri, 12 Sep 2025 23:15:28 +0200
Subject: [PATCH] forgejo: Rename service user to `git`

---
 modules/system/services/forgejo/default.nix | 14 +++++++++++++-
 modules/system/services/forgejo/ssh.nix     |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/modules/system/services/forgejo/default.nix b/modules/system/services/forgejo/default.nix
index 1db4a23..18a9c88 100644
--- a/modules/system/services/forgejo/default.nix
+++ b/modules/system/services/forgejo/default.nix
@@ -27,11 +27,23 @@ in
       ports.tcp.list = [ cfg.port ];
     };
 
-    sops.secrets."forgejo/admin-password".owner = config.users.users.forgejo.name;
+    sops.secrets."forgejo/admin-password".owner = config.users.users.git.name;
+
+    users = {
+      users.git = {
+        isSystemUser = true;
+        useDefaultShell = true;
+        group = config.users.groups.git.name;
+        home = config.services.forgejo.stateDir;
+      };
+      groups.git = { };
+    };
 
     services.forgejo = {
       enable = true;
       package = pkgs-unstable.forgejo;
+      user = "git";
+      group = "git";
 
       lfs.enable = true;
       settings = {
diff --git a/modules/system/services/forgejo/ssh.nix b/modules/system/services/forgejo/ssh.nix
index 59b139e..bbcb517 100644
--- a/modules/system/services/forgejo/ssh.nix
+++ b/modules/system/services/forgejo/ssh.nix
@@ -24,7 +24,7 @@ in
         PasswordAuthentication = false;
         KbdInteractiveAuthentication = false;
         PermitRootLogin = "no";
-        AllowUsers = [ config.users.users.forgejo.name ];
+        AllowUsers = [ config.services.forgejo.user ];
       };
     };
   };