feat: switch git domain

config/basic/users.nix

@@ -21,7 +21,7 @@
     nextcloud = uidGid 213;
     redis-nextcloud = uidGid 214;
     radicale = uidGid 215;
-    forgejo = uidGid 215;
+    git = uidGid 215;
     vaultwarden = uidGid 215;
     redis-paperless = uidGid 216;
     microvm = uidGid 217;

config/services/forgejo.nix

@@ -5,7 +5,7 @@
   lib,
   ...
 }: let
-  forgejoDomain = "git.${config.secrets.secrets.global.domains.web}";
+  forgejoDomain = "forge.${config.secrets.secrets.global.domains.web}";
 in {
   age.secrets.resticpasswd = {
     generator.script = "alnum";
@@ -42,6 +42,14 @@ in {
   # Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
   services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
 
+  users.groups.git = {};
+  users.users.git = {
+    isSystemUser = true;
+    useDefaultShell = true;
+    group = "git";
+    home = config.services.forgejo.stateDir;
+  };
+
   wireguard.elisabeth = {
     client.via = "elisabeth";
     firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.forgejo.settings.server.HTTP_PORT];
@@ -51,15 +59,15 @@ in {
   environment.persistence."/panzer".directories = [
     {
       directory = config.services.forgejo.stateDir;
-      user = "forgejo";
+      user = "git";
-      group = "forgejo";
+      group = "git";
       mode = "0700";
     }
   ];
   age.secrets.forgejo-mailer-passwd = {
     rekeyFile = config.node.secretsDir + "/forgejo-passwd.age";
-    owner = "forgejo";
+    owner = "git";
-    group = "forgejo";
+    group = "git";
     mode = "0700";
   };
 
@@ -67,6 +75,8 @@ in {
     enable = true;
     # TODO db backups
     # dump.enable = true;
+    user = "git";
+    group = "git";
     lfs.enable = true;
     mailerPasswordFile = config.age.secrets.forgejo-mailer-passwd.path;
     settings = {

config/services/kanidm.nix

@@ -150,7 +150,7 @@ in {
       };
       systems.oauth2.forgejo = {
         displayName = "Forgejo";
-        originUrl = "https://git.${config.secrets.secrets.global.domains.web}/";
+        originUrl = "https://forge.${config.secrets.secrets.global.domains.web}/";
         basicSecretFile = config.age.secrets.oauth2-forgejo.path;
         scopeMaps."forgejo.access" = ["openid" "email" "profile"];
         allowInsecureClientDisablePkce = true;

flake.lock

@@ -1730,8 +1730,7 @@
         "pre-commit-hooks": "pre-commit-hooks_5",
         "spicetify-nix": "spicetify-nix",
         "stylix": "stylix",
-        "systems": "systems_13",
+        "systems": "systems_13"
-        "templates": "templates"
       }
     },
     "rust-overlay": {
@@ -2019,21 +2018,6 @@
         "type": "github"
       }
     },
-    "templates": {
-      "locked": {
-        "lastModified": 1696855554,
-        "narHash": "sha256-9VYXESOCqGGZ8HHl4LN51k+74Kf5Nf9czoqqIN7IEo0=",
-        "ref": "refs/heads/main",
-        "rev": "a6c35c2af9f26599e81002630329054b99efbe79",
-        "revCount": 11,
-        "type": "git",
-        "url": "https://git.lel.lol/patrick/nix-templates.git"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.lel.lol/patrick/nix-templates.git"
-      }
-    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [

flake.nix

@@ -66,7 +66,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    templates.url = "git+https://git.lel.lol/patrick/nix-templates.git";
+    #templates.url = "git+https://forge.lel.lol/patrick/nix-templates.git";
 
     nix-topology.url = "github:oddlama/nix-topology";
 

hosts/elisabeth/guests.nix

@@ -10,7 +10,7 @@
   domainOf = hostName: let
     domains = {
       adguardhome = "adguardhome";
-      forgejo = "git";
+      forgejo = "forge";
       immich = "immich";
       nextcloud = "nc";
       ollama = "ollama";