Make forgejo user setup more robust

2026-01-21 16:21:34 +01:00 · 2025-06-01 22:57:27 +02:00 · 2025-06-01 22:57:27 +02:00 · d2b73e1e9d
commit d2b73e1e9d
parent c62e58167c
1 changed files with 12 additions and 9 deletions
--- a/modules/system/services/forgejo/default.nix
+++ b/modules/system/services/forgejo/default.nix
@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 let
  cfg = config.custom.services.forgejo;

@ -53,10 +48,18 @@ in

    systemd.services.forgejo.preStart =
      let
-        createCmd = "${lib.getExe config.services.forgejo.package} admin user create";
-        passwordPath = config.sops.secrets."forgejo/admin-password".path;
+        userCmd = "${lib.getExe config.services.forgejo.package} admin user";
+        credentials = lib.concatStringsSep " " [
+          "--username SebastianStork"
+          "--password \"$PASSWORD\""
+        ];
      in
-      ''${createCmd} --username SebastianStork --password "$(cat ${passwordPath})" --email "sebastian.stork@pm.me" --admin || true'';
+      ''
+        PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
+
+        ${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
+          || ${userCmd} change-password ${credentials} --must-change-password=false
+      '';

    systemd.tmpfiles.rules =
      let