fix forgejo on trantor

2026-02-16 00:07:36 -03:00 · 2026-02-16 00:07:36 -03:00 · 657e1e4697
commit 657e1e4697
parent fe460c9151
2 changed files with 6 additions and 3 deletions
--- a/aspects/hosts/_trantor/forgejo.nix
+++ b/aspects/hosts/_trantor/forgejo.nix
@ -21,6 +21,8 @@ in
          ROOT_URL = "https://git.baduhai.dev";
          OFFLINE_MODE = true; # disable use of CDNs
          SSH_DOMAIN = "git.baduhai.dev";
+          SSH_USER = "forgejo";
+          SSH_PORT = lib.head config.services.openssh.ports;
        };
        log.LEVEL = "Warn";
        mailer.ENABLED = false;
@ -67,5 +69,8 @@ in
  };

  # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories
-  systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false;
+  systemd.services.forgejo.serviceConfig = {
+    PrivateMounts = lib.mkForce false;
+    ProtectSystem = lib.mkForce false;
+  };
 }
--- a/aspects/hosts/_trantor/nginx.nix
+++ b/aspects/hosts/_trantor/nginx.nix
@ -8,10 +8,8 @@
 let
  services = inputs.self.services;

-  # Get all unique domains from shared services on trantor (host = "trantor")
  localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services));

-  # Generate ACME cert configs for all local domains
  acmeCerts = lib.genAttrs localDomains (domain: {
    group = "nginx";
  });