From 66f036aee366c01f2b7892500b5674cb7cee7ec4 Mon Sep 17 00:00:00 2001
From: Nico <nico@astolfo.org>
Date: Sat, 3 May 2025 16:16:04 +1000
Subject: [PATCH] forgejo: fix ssh

really only a temporary solution for now, ideally we would do it so
only the forgejo user can use the .ssh/authorizedKeys file in their home
folder. but nix purity rules prevents that
---
 modules/services/forgejo.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix
index 9a72cd1..093c07e 100644
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   services.forgejo = {
@@ -19,6 +19,11 @@
     };
   };
 
+  # forgejo has user keys under its own .ssh/authorizedKeys file.
+  # nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
+  # in order to only allow that to the forgejo user as it has "/var"
+  services.openssh.authorizedKeysInHomedir = lib.mkForce true;
+
   services.caddy.virtualHosts."git.${config.homelab.domain}" = {
     useACMEHost = config.homelab.domain;
     extraConfig = ''