forgejo: Rename service user to git

2026-01-21 18:41:34 +01:00 · 2025-09-12 23:15:28 +02:00 · 2025-09-12 23:15:28 +02:00 · 5074bbeae4
commit 5074bbeae4
parent e5b6374751
2 changed files with 14 additions and 2 deletions
--- a/modules/system/services/forgejo/default.nix
+++ b/modules/system/services/forgejo/default.nix
@ -27,11 +27,23 @@ in
      ports.tcp.list = [ cfg.port ];
    };

-    sops.secrets."forgejo/admin-password".owner = config.users.users.forgejo.name;
+    sops.secrets."forgejo/admin-password".owner = config.users.users.git.name;
+
+    users = {
+      users.git = {
+        isSystemUser = true;
+        useDefaultShell = true;
+        group = config.users.groups.git.name;
+        home = config.services.forgejo.stateDir;
+      };
+      groups.git = { };
+    };

    services.forgejo = {
      enable = true;
      package = pkgs-unstable.forgejo;
+      user = "git";
+      group = "git";

      lfs.enable = true;
      settings = {
--- a/modules/system/services/forgejo/ssh.nix
+++ b/modules/system/services/forgejo/ssh.nix
@ -24,7 +24,7 @@ in
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
        PermitRootLogin = "no";
-        AllowUsers = [ config.users.users.forgejo.name ];
+        AllowUsers = [ config.services.forgejo.user ];
      };
    };
  };