forgejo

hosts/emenel-services/configuration.nix

@@ -75,9 +75,6 @@
     gnupg
     util-linux
     git
-    forgejo
-    forgejo-cli
-    forgejo-runner
   ];
 
   users.users.emenel = {
@@ -90,6 +87,7 @@
       "network"
       "wheel"
       "uinput"
+      "forgejo"
     ];
     packages = with pkgs; [
       git

modules/system/forgejo.nix

@@ -6,7 +6,6 @@ in
   services = {
     forgejo = {
       enable = true;
-      package = pkgs.forgejo;
       lfs = {
         enable = true;
       };
@@ -62,7 +61,27 @@ in
     # };
   };
 
-  #   sops.secrets.forgejo-emenel.owner = "forgejo";
+  environment.systemPackages = let
+    cfg = config.services.forgejo;
+    forgejo-cli = pkgs.writeScriptBin "forgejo-cli" ''
+      #!${pkgs.runtimeShell}
+      cd ${cfg.stateDir}
+      sudo=exec
+      if [[ "$USER" != forgejo ]]; then
+        sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} -g ${cfg.group} --preserve-env=GITEA_WORK_DIR --preserve-env=GITEA_CUSTOM'
+      fi
+      # Note that these variable names will change
+      export GITEA_WORK_DIR=${cfg.stateDir}
+      export GITEA_CUSTOM=${cfg.customDir}
+      $sudo ${lib.getExe cfg.package} "$@"
+  '';
+  in [
+    forgejo-cli
+    pkgs.forgejo
+    pkgs.forgejo-runner
+  ];
+
+#   sops.secrets.forgejo-emenel.owner = "forgejo";
 #   systemd.services.forgejo.preStart = let
 #     adminCmd = "${lib.getExe pkgs.forgejo} admin user";
 #     pwd = config.sops.secrets.forgejo-emenel;