fix: start tailscale before forgejo

If tailscale is not up then we can't reach the database. Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-09-19 17:37:19 +02:00 · 2025-09-19 17:37:19 +02:00 · d5d3984557
commit d5d3984557
parent 34bbab282c
1 changed files with 30 additions and 26 deletions
--- a/hosts/hosting-01/git/forgejo.nix
+++ b/hosts/hosting-01/git/forgejo.nix
@ -63,34 +63,38 @@ in
    };
  };

-  systemd.services.forgejo.preStart = ''
-    auth="${lib.getExe config.services.forgejo.package} admin auth"
+  systemd.services.forgejo = {
+    requires = [ "tailscaled.service" ];

-    echo "Trying to find existing sso configuration for Authelia"...
-    set +e -o pipefail
-    id="$($auth list | grep "Authelia.*OAuth2" |  cut -d'	' -f1)"
-    found=$?
-    set -e +o pipefail
+    preStart = ''
+      auth="${lib.getExe config.services.forgejo.package} admin auth"

-    if [[ $found = 0 ]]; then
-      echo Found sso configuration at id=$id, updating it if needed.
-      $auth update-oauth \
-        --id       $id \
-        --name     "Authelia" \
-        --provider openidConnect \
-        --key      forgejo \
-        --secret   $(tr -d '\n' < ${config.sops.secrets."forgejo/oidc-secret".path}) \
-        --auto-discover-url https://auth.escapeangle.com/.well-known/openid-configuration
-    else
-      echo Did not find any sso configuration, creating one with name Authelia.
-      $auth add-oauth \
-        --name     Authelia \
-        --provider openidConnect \
-        --key      forgejo \
-        --secret   $(tr -d '\n' < ${config.sops.secrets."forgejo/oidc-secret".path}) \
-        --auto-discover-url https://auth.escapeangle.com/.well-known/openid-configuration
-    fi
-  '';
+      echo "Trying to find existing sso configuration for Authelia"...
+      set +e -o pipefail
+      id="$($auth list | grep "Authelia.*OAuth2" |  cut -d'	' -f1)"
+      found=$?
+      set -e +o pipefail
+
+      if [[ $found = 0 ]]; then
+        echo Found sso configuration at id=$id, updating it if needed.
+        $auth update-oauth \
+          --id       $id \
+          --name     "Authelia" \
+          --provider openidConnect \
+          --key      forgejo \
+          --secret   $(tr -d '\n' < ${config.sops.secrets."forgejo/oidc-secret".path}) \
+          --auto-discover-url https://auth.escapeangle.com/.well-known/openid-configuration
+      else
+        echo Did not find any sso configuration, creating one with name Authelia.
+        $auth add-oauth \
+          --name     Authelia \
+          --provider openidConnect \
+          --key      forgejo \
+          --secret   $(tr -d '\n' < ${config.sops.secrets."forgejo/oidc-secret".path}) \
+          --auto-discover-url https://auth.escapeangle.com/.well-known/openid-configuration
+      fi
+    '';
+  };

  services.nginx.virtualHosts."git.escapeangle.com" = {
    forceSSL = true;