From b3fc1129ec04ee52ebf9ef41744c063d5575cac4 Mon Sep 17 00:00:00 2001 From: Martin Berg Alstad Date: Sat, 18 Oct 2025 15:47:35 +0000 Subject: [PATCH] [nidaros] Added hostPackages --- hosts/nidaros/default.nix | 1 + hosts/nidaros/forgejo.nix | 28 +++++++++++++++++++++------- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/hosts/nidaros/default.nix b/hosts/nidaros/default.nix index 127a66e..3d07437 100644 --- a/hosts/nidaros/default.nix +++ b/hosts/nidaros/default.nix @@ -12,5 +12,6 @@ ./security ]; + # Removed at 25.11 programs.nh.flake = lib.mkForce null; } diff --git a/hosts/nidaros/forgejo.nix b/hosts/nidaros/forgejo.nix index 77dbf5b..bb00017 100644 --- a/hosts/nidaros/forgejo.nix +++ b/hosts/nidaros/forgejo.nix @@ -22,13 +22,10 @@ in settings = { server = { DOMAIN = domain; - # You need to specify this to remove the port from URLs in the web UI. ROOT_URL = "https://${domain}/"; HTTP_PORT = 8002; }; - # You can temporarily allow registration to create an admin user. service.DISABLE_REGISTRATION = true; - # Add support for actions, based on act: https://github.com/nektos/act actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; @@ -42,6 +39,19 @@ in enable = true; name = "monolith"; url = "https://${domain}"; + hostPackages = with pkgs; [ + bash + coreutils + curl + gawk + gitMinimal + gnused + nodejs + wget + podman + podman-compose + ]; + # Obtaining the path to the runner token file may differ # tokenFile should be in format TOKEN=, since it's EnvironmentFile for systemd tokenFile = config.sops.secrets.${runnerTokenKey}.path; @@ -53,10 +63,14 @@ in }; }; - sops.secrets = { - ${passwordKey}.owner = "forgejo"; - ${runnerTokenKey}.owner = "forgejo"; - }; + sops.secrets = + let + user = config.systemd.services.forgejo.serviceConfig.User; + in + { + ${passwordKey}.owner = user; + ${runnerTokenKey}.owner = user; + }; # Create a single admin user / update password if exists systemd.services.forgejo.preStart =