From 99350338f2c536e486203229fd8f8070f9d22f87 Mon Sep 17 00:00:00 2001
From: "Gustavo \"Guz\" L. de Mello" <contact.guz013@gmail.com>
Date: Wed, 10 Apr 2024 18:37:40 -0300
Subject: [PATCH] feat: forgejo user password

---
 hosts/homelab/configuration.nix | 2 +-
 hosts/homelab/secrets.nix       | 7 +++++++
 hosts/homelab/services.nix      | 8 ++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/hosts/homelab/configuration.nix b/hosts/homelab/configuration.nix
index 8d55585..cca60f4 100755
--- a/hosts/homelab/configuration.nix
+++ b/hosts/homelab/configuration.nix
@@ -30,7 +30,7 @@
   home-manager-helper.users."guz" = {
     name = "guz";
     shell = pkgs.zsh;
-    hashedPassword = "$y$j9T$J7gmdB306rufrjdsY5kJq0$spluDZf8jEkG0VYcZXzBIpnACVIk27C8YTbo2vbNFfA";
+    hashedPasswordFile = builtins.toString config.sops.secrets."guz/password".path;
     home = import ./home.nix;
     isNormalUser = true;
     extraGroups = ["wheel" "networkmanager"];
diff --git a/hosts/homelab/secrets.nix b/hosts/homelab/secrets.nix
index c583958..674b542 100644
--- a/hosts/homelab/secrets.nix
+++ b/hosts/homelab/secrets.nix
@@ -30,6 +30,10 @@ in {
     sops.defaultSopsFile = ../../secrets/homelab-secrets.yaml;
     sops.defaultSopsFormat = "yaml";
 
+    sops.secrets."guz/password" = {
+      owner = config.users.users."guz".name;
+    };
+
     sops.secrets."forgejo/user1/name" = {
       owner = config.services.forgejo.user;
     };
@@ -39,6 +43,9 @@ in {
     sops.secrets."forgejo/user1/email" = {
       owner = config.services.forgejo.user;
     };
+    sops.secrets."forgejo/git-password" = {
+      owner = config.services.forgejo.user;
+    };
 
     sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
   };
diff --git a/hosts/homelab/services.nix b/hosts/homelab/services.nix
index 860e470..7bcb374 100644
--- a/hosts/homelab/services.nix
+++ b/hosts/homelab/services.nix
@@ -86,6 +86,14 @@ in {
         };
       };
     };
+    home-manager-helper.users."${config.services.forgejo.user}" = {
+      name = "${config.services.forgejo.user}";
+      hashedPasswordFile = builtins.toString config.sops.secrets."forgejo/git-password".path;
+      isSystemUser = true;
+      homeDirectory = "/var/lib/forgejo";
+      extraGroups = ["wheel" "networkmanager"];
+      useDefaultShell = true;
+    };
 
     services.openssh.enable = true;