From 19baa5d09c2b64e8fdb819a047fcda08b762ffab Mon Sep 17 00:00:00 2001
From: "Gustavo \"Guz\" L. de Mello" <contact.guz013@gmail.com>
Date: Mon, 29 Jan 2024 19:25:28 -0300
Subject: [PATCH] fix: push over ssh, fucking god

---
 hosts/homex/configuration.nix     |  7 +++
 modules/nixos/homelab/forgejo.nix | 89 +++++++++----------------------
 2 files changed, 31 insertions(+), 65 deletions(-)

diff --git a/hosts/homex/configuration.nix b/hosts/homex/configuration.nix
index 8a7e58b..84db13a 100644
--- a/hosts/homex/configuration.nix
+++ b/hosts/homex/configuration.nix
@@ -45,6 +45,13 @@
         admin = true;
       };
       settings.ui.themes = [ "forgejo-dark" "arc-green" ];
+      /*
+       I'm hours trying to make pushing via SSH work, but using the {user}@{domain}:{owner}/{repo}
+       simply isn't working and returns "does not appear to be a git repository". Probably
+       is a problem with all the "domain handling" stuff with caddy, adguard, etc. This is
+       a temporary fix, so I don't end up breaking my actual sanity.
+      */
+      settings.security.allowBypassGiteaEnv = true;
     };
   };
 
diff --git a/modules/nixos/homelab/forgejo.nix b/modules/nixos/homelab/forgejo.nix
index 7a16886..e4ea8a9 100644
--- a/modules/nixos/homelab/forgejo.nix
+++ b/modules/nixos/homelab/forgejo.nix
@@ -17,7 +17,7 @@ in
     enable = mkEnableOption "";
     user = mkOption {
       type = str;
-      default = "forgejo";
+      default = "git";
     };
     package = mkOption {
       type = package;
@@ -40,27 +40,11 @@ in
         type = path;
         default = config.homelab.storage + /forgejo;
       };
-      repositories = mkOption {
-        type = path;
-        default = /home + cfg.user + /repositories;
-      };
     };
     handleUndeclaredUsers = mkOption {
       type = bool;
       default = false;
     };
-    /*
-      See comment at the bottom of the file
-
-      linkUserReposDir = mkOption {
-      type = bool;
-      default = false;
-      description = ''
-        Links ${cfg.data.repositories} to /home/${cfg.user} to fix repositories
-        not being found when accssing via SSH.
-      '';
-      };
-    */
     settings = {
       users = mkOption {
         type = attrsOf (submodule ({ config, lib, ... }: with lib; with lib.types; {
@@ -188,16 +172,28 @@ in
         type = bool;
         default = false;
       };
+      security.allowBypassGiteaEnv = mkOption {
+        type = bool;
+        default = false;
+      };
     };
   };
   config = lib.mkIf cfg.enable {
+    users.users."${cfg.user}" = {
+      home = cfg.data.root;
+      useDefaultShell = true;
+      group = cfg.user;
+      isSystemUser = true;
+      initialPassword = "1313";
+    };
+    users.groups."${cfg.user}" = { };
+
     services.forgejo = {
       enable = true;
       package = cfg.package;
       user = cfg.user;
       group = cfg.user;
       stateDir = toString cfg.data.root;
-      repositoryRoot = toString cfg.data.repositories;
       useWizard = false;
       database = {
         user = cfg.user;
@@ -233,6 +229,9 @@ in
           ENABLE_GZIP = cfg.settings.server.compression;
           LANDING_PAGE = cfg.settings.server.landingPage;
         };
+        security = {
+          ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = if cfg.settings.security.allowBypassGiteaEnv then false else true;
+        };
         service = {
           DISABLE_REGISTRATION = if cfg.settings.service.registration then false else true;
         };
@@ -240,8 +239,12 @@ in
     };
     systemd.services."homelab-forgejo-setup" = with builtins; {
       script = ''
+        
+        configFile="${toString cfg.data.root}/custom/conf/app.ini";
+        touch $configFile
+
         gum="${pkgs.gum}/bin/gum"
-        forgejo="${cfg.package}/bin/gitea --work-path ${cfg.data.root}"
+        forgejo="${cfg.package}/bin/gitea --config $configFile"
         user="$forgejo admin user"
         awk="${pkgs.gawk}/bin/awk"
 
@@ -293,52 +296,6 @@ in
         Group = cfg.user;
       };
     };
-
-    /* 
-      Removed for now because handling deleted user/files, without touching the
-      user's files, would be too much of a hassle.
-
-      systemd.services."homelab-forgejo-repos-link-watcher" = lib.mkIf cfg.linkUserReposDir {
-      script = ''
-        ${pkgs.systemctl}/bin/systemctl start homelab-forgejo-repos-link.service;
-      '';
-      wantedBy = [ "multi-user.target" ];
-      before = [ "forgejo.service" ];
-      serviceConfig = {
-        Type = "oneshot";
-      };
-      };
-      systemd.paths."homelab-forgejo-repos-link-watcher" = lib.mkIf cfg.linkUserReposDir {
-      wantedBy = [ "multi-user.target" ];
-      pathConfig = {
-        PathModified = toString cfg.data.repositories;
-      };
-      };
-      systemd.services."homelab-forgejo-repos-link" = lib.mkIf cfg.linkUserReposDir {
-      script = ''
-        userDir="/home/${cfg.user}";
-
-        mkdir -p "$userDir";
-
-        for dir in ${toString cfg.data.repositories}/*; do
-          basename="$(basename $dir)"
-          linkname="$userDir/$basename"
-
-          if [ -f "$f" ]; then
-            echo "Link $dir to $linkname already exists";
-          else
-            echo "Linking $dir to $linkname";
-            ln -sf $dir -T $linkname;
-          fi
-        done
-      '';
-      wantedBy = [ "multi-user.target" ];
-      before = [ "forgejo.service" ];
-      serviceConfig = {
-        Type = "oneshot";
-      };
-      };
-    */
   };
 }
 
@@ -350,3 +307,5 @@ in
 
 
 
+
+