From 5fc8b856e7ec0ecffbe186d411363b483dbe969b Mon Sep 17 00:00:00 2001
From: Patrick <patrick@failmail.dev>
Date: Sat, 13 Apr 2024 19:17:41 +0200
Subject: [PATCH] feat: switch git domain

---
 config/basic/users.nix      |  2 +-
 config/services/forgejo.nix | 20 +++++++++++++++-----
 config/services/kanidm.nix  |  2 +-
 flake.lock                  | 18 +-----------------
 flake.nix                   |  2 +-
 hosts/elisabeth/guests.nix  |  2 +-
 6 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/config/basic/users.nix b/config/basic/users.nix
index 90a6280..0a67e2a 100644
--- a/config/basic/users.nix
+++ b/config/basic/users.nix
@@ -21,7 +21,7 @@
     nextcloud = uidGid 213;
     redis-nextcloud = uidGid 214;
     radicale = uidGid 215;
-    forgejo = uidGid 215;
+    git = uidGid 215;
     vaultwarden = uidGid 215;
     redis-paperless = uidGid 216;
     microvm = uidGid 217;
diff --git a/config/services/forgejo.nix b/config/services/forgejo.nix
index c9c3459..6386304 100644
--- a/config/services/forgejo.nix
+++ b/config/services/forgejo.nix
@@ -5,7 +5,7 @@
   lib,
   ...
 }: let
-  forgejoDomain = "git.${config.secrets.secrets.global.domains.web}";
+  forgejoDomain = "forge.${config.secrets.secrets.global.domains.web}";
 in {
   age.secrets.resticpasswd = {
     generator.script = "alnum";
@@ -42,6 +42,14 @@ in {
   # Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
   services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
 
+  users.groups.git = {};
+  users.users.git = {
+    isSystemUser = true;
+    useDefaultShell = true;
+    group = "git";
+    home = config.services.forgejo.stateDir;
+  };
+
   wireguard.elisabeth = {
     client.via = "elisabeth";
     firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.forgejo.settings.server.HTTP_PORT];
@@ -51,15 +59,15 @@ in {
   environment.persistence."/panzer".directories = [
     {
       directory = config.services.forgejo.stateDir;
-      user = "forgejo";
-      group = "forgejo";
+      user = "git";
+      group = "git";
       mode = "0700";
     }
   ];
   age.secrets.forgejo-mailer-passwd = {
     rekeyFile = config.node.secretsDir + "/forgejo-passwd.age";
-    owner = "forgejo";
-    group = "forgejo";
+    owner = "git";
+    group = "git";
     mode = "0700";
   };
 
@@ -67,6 +75,8 @@ in {
     enable = true;
     # TODO db backups
     # dump.enable = true;
+    user = "git";
+    group = "git";
     lfs.enable = true;
     mailerPasswordFile = config.age.secrets.forgejo-mailer-passwd.path;
     settings = {
diff --git a/config/services/kanidm.nix b/config/services/kanidm.nix
index ef5c199..c95621b 100644
--- a/config/services/kanidm.nix
+++ b/config/services/kanidm.nix
@@ -150,7 +150,7 @@ in {
       };
       systems.oauth2.forgejo = {
         displayName = "Forgejo";
-        originUrl = "https://git.${config.secrets.secrets.global.domains.web}/";
+        originUrl = "https://forge.${config.secrets.secrets.global.domains.web}/";
         basicSecretFile = config.age.secrets.oauth2-forgejo.path;
         scopeMaps."forgejo.access" = ["openid" "email" "profile"];
         allowInsecureClientDisablePkce = true;
diff --git a/flake.lock b/flake.lock
index 9620925..9422a61 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1730,8 +1730,7 @@
         "pre-commit-hooks": "pre-commit-hooks_5",
         "spicetify-nix": "spicetify-nix",
         "stylix": "stylix",
-        "systems": "systems_13",
-        "templates": "templates"
+        "systems": "systems_13"
       }
     },
     "rust-overlay": {
@@ -2019,21 +2018,6 @@
         "type": "github"
       }
     },
-    "templates": {
-      "locked": {
-        "lastModified": 1696855554,
-        "narHash": "sha256-9VYXESOCqGGZ8HHl4LN51k+74Kf5Nf9czoqqIN7IEo0=",
-        "ref": "refs/heads/main",
-        "rev": "a6c35c2af9f26599e81002630329054b99efbe79",
-        "revCount": 11,
-        "type": "git",
-        "url": "https://git.lel.lol/patrick/nix-templates.git"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.lel.lol/patrick/nix-templates.git"
-      }
-    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
diff --git a/flake.nix b/flake.nix
index 059d92e..17e254d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -66,7 +66,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
+    #templates.url = "git+https://forge.lel.lol/patrick/nix-templates.git";
 
     nix-topology.url = "github:oddlama/nix-topology";
 
diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix
index 0e9c5f5..4c40ea5 100644
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@@ -10,7 +10,7 @@
   domainOf = hostName: let
     domains = {
       adguardhome = "adguardhome";
-      forgejo = "git";
+      forgejo = "forge";
       immich = "immich";
       nextcloud = "nc";
       ollama = "ollama";