From 10cb34a48abb182e9897f0225825b1d48ade6af5 Mon Sep 17 00:00:00 2001
From: Charlie Root <charlie@charlieroot.dev>
Date: Wed, 5 Mar 2025 07:52:53 +0100
Subject: [PATCH] forgejo/module.nix: change user to git

---
 modules/services/forgejo/module.nix | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/modules/services/forgejo/module.nix b/modules/services/forgejo/module.nix
index 0be97e2..6740907 100644
--- a/modules/services/forgejo/module.nix
+++ b/modules/services/forgejo/module.nix
@@ -17,7 +17,6 @@ in {
   options.modules.system.services.forgejo.enable = lib.mkEnableOption "forgejo";
 
   config = mkIf cfg.enable {
-
     modules.system.services = {
       database.postgresql.enable = true;
     };
@@ -35,6 +34,10 @@ in {
         useACMEHost = domain;
         inherit acmeRoot;
         extraConfig = ''
+          # nginx defaults to a 1MB size limit for uploads, which
+          # *definitely* isn't enough for Git LFS.
+          # 'client_max_body_size 300m;' would set a limit of 300MB
+          # setting it to 0 means "no limit"
           client_max_body_size 512M;
         '';
         locations."/" = {
@@ -59,13 +62,25 @@ in {
       };
     };
 
+    # create the git user for forgejo
+    # NOTE: this is important and it will _not_ work otherwise.
+    users.users.git = {
+      home = dataDir;
+      useDefaultShell = true;
+      group = "git";
+      isSystemUser = true;
+    };
+    users.groups.git = {};
+
     services.forgejo = {
       enable = true;
       package = pkgs.forgejo;
       stateDir = dataDir;
 
       user = "git";
+      group = "git";
       database = {
+        createDatabase = true;
         name = "git";
         user = "git";
         type = "postgres";