Forgejo: Difference between revisions

(2 intermediate revisions by 2 users not shown)

Line 89:

url = "https://git.example.com";

# Obtaining the path to the runner token file may differ

# tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd

tokenFile = config.age.secrets.forgejo-runner-token.path;

labels = [

Line 106:

Line 107:

Using the following snippet, you can ensure users:

systemd.services.forgejo.preStart = ''

sops.secrets.forgejo-admin-password.owner = "forgejo";

~~create~~="${lib.getExe config.~~services~~.forgejo~~.package}~~ admin user ~~create~~"

systemd.services.forgejo.preStart = let

$create --admin --email "~~you~~@~~example~~.~~com~~" --username ~~you~~ --password "~~`cat~~ ${~~config.sops.secrets.forgejo~~.path}`" ~~&>/dev/null~~ || true

adminCmd = "${lib.getExe cfg.package} admin user";

'';

pwd = config.sops.secrets.forgejo-admin-password;

user = "joe"; # Note, Forgejo doesn't allow creation of an account named "admin"

in ''

${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true

## uncomment this line to change an admin user which was already created

# ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true

'';

</syntaxhighlight>

You may remove the <code>--admin</code> flag to create only a regular user. The <code>~~&>/dev/null~~ || true</code> is necessary, so ~~1. The code snippet doesn't write to~~ the ~~log, 2. The~~ snippet does not fail if the user already exists.

You may remove the <code>--admin</code> flag to create only a regular user. The <code>|| true</code> is necessary, so the snippet does not fail if the user already exists.

Naturally, instead of sops, you may use any file or secret manager, as explained above.

@@ Line 89: / Line 89: @@
        url = "https://git.example.com";
        # Obtaining the path to the runner token file may differ
+      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
        tokenFile = config.age.secrets.forgejo-runner-token.path;
        labels = [
@@ Line 106: / Line 107: @@
 Using the following snippet, you can ensure users:
 <syntaxhighlight lang="nixos">
-systemd.services.forgejo.preStart = ''
+sops.secrets.forgejo-admin-password.owner = "forgejo";
-create="${lib.getExe config.services.forgejo.package} admin user create"
+systemd.services.forgejo.preStart = let
-$create --admin --email "you@example.com" --username you --password "`cat ${config.sops.secrets.forgejo.path}`" &>/dev/null || true
+  adminCmd = "${lib.getExe cfg.package} admin user";
-'';
+  pwd = config.sops.secrets.forgejo-admin-password;
+  user = "joe"; # Note, Forgejo doesn't allow creation of an account named "admin"
+in ''
+  ${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+  ## uncomment this line to change an admin user which was already created
+  # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
+'';
 </syntaxhighlight>
-You may remove the <code>--admin</code> flag to create only a regular user. The <code>&>/dev/null || true</code> is necessary, so 1. The code snippet doesn't write to the log, 2. The snippet does not fail if the user already exists.
+You may remove the <code>--admin</code> flag to create only a regular user. The <code>|| true</code> is necessary, so the snippet does not fail if the user already exists.
 Naturally, instead of sops, you may use any file or secret manager, as explained above.