fix gitea and stuff

2025-02-01 23:10:51 -05:00 · 2025-02-01 23:10:51 -05:00 · 73111b87cf
commit 73111b87cf
parent a22012df2c
3 changed files with 8 additions and 1 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -102,6 +102,7 @@
  services.openssh = {
    enable = true;
    settings = {
+      AllowUsers = [ username ];
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -16,10 +16,12 @@

    settings = {
      server = {
+        SSH_USER = "gitea";
        DOMAIN = service_configs.gitea.domain;
        ROOT_URL = "https://" + config.services.gitea.settings.server.DOMAIN;
        HTTP_PORT = service_configs.ports.gitea;
        LANDING_PAGE = "/explore/repos";
+        DISABLE_HTTP_GIT = true;
      };
      session = {
        # https cookies or smth
@ -35,7 +37,8 @@
  '';

  systemd.tmpfiles.rules = [
-    "d ${config.services.gitea.stateDir} 0770 ${config.services.gitea.user} ${config.services.gitea.group}"
+    # 0700 for ssh permission reasons
+    "d ${config.services.gitea.stateDir} 0700 ${config.services.gitea.user} ${config.services.gitea.group}"
  ];

  services.postgresql = {
@ -49,6 +52,8 @@
    ];
  };

+  services.openssh.settings.AllowUsers = [ config.services.gitea.user ];
+
  users.users.${username}.extraGroups = [
    config.services.gitea.group
  ];
--- a/services/postgresql.nix
+++ b/services/postgresql.nix
@ -12,6 +12,7 @@
  };

  systemd.tmpfiles.rules = [
+    # postgresql requires 0700
    "d ${config.services.postgresql.dataDir} 0700 postgresql postgresql"
  ];