lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: start tailscale before forgejo

Browse source 
If tailscale is not up then we can't reach the database.

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
This commit is contained in:
Lander Van den Bulcke 2025-09-19 17:37:19 +02:00
parent 34bbab282c
commit d5d3984557
Signed by: lander
GPG key ID: 0142722B4B0C536F
1 changed files with 30 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

56
hosts/hosting-01/git/forgejo.nix
View file

@ -63,34 +63,38 @@ in
}; };
}; };
systemd.services.forgejo.preStart = '' systemd.services.forgejo = {
auth="${lib.getExe config.services.forgejo.package} admin auth" requires = [ "tailscaled.service" ];
echo "Trying to find existing sso configuration for Authelia"... preStart = ''
set +e -o pipefail auth="${lib.getExe config.services.forgejo.package} admin auth"
id="$($auth list | grep "Authelia.*OAuth2" | cut -d' ' -f1)"
found=$?
set -e +o pipefail
if [[ $found = 0 ]]; then echo "Trying to find existing sso configuration for Authelia"...
echo Found sso configuration at id=$id, updating it if needed. set +e -o pipefail
$auth update-oauth \ id="$($auth list | grep "Authelia.*OAuth2" | cut -d' ' -f1)"
--id $id \ found=$?
--name "Authelia" \ set -e +o pipefail
--provider openidConnect \
--key forgejo \ if [[ $found = 0 ]]; then
--secret $(tr -d '\n' < ${config.sops.secrets."forgejo/oidc-secret".path}) \ echo Found sso configuration at id=$id, updating it if needed.
--auto-discover-url https://auth.escapeangle.com/.well-known/openid-configuration $auth update-oauth \
else --id $id \
echo Did not find any sso configuration, creating one with name Authelia. --name "Authelia" \
$auth add-oauth \ --provider openidConnect \
--name Authelia \ --key forgejo \
--provider openidConnect \ --secret $(tr -d '\n' < ${config.sops.secrets."forgejo/oidc-secret".path}) \
--key forgejo \ --auto-discover-url https://auth.escapeangle.com/.well-known/openid-configuration
--secret $(tr -d '\n' < ${config.sops.secrets."forgejo/oidc-secret".path}) \ else
--auto-discover-url https://auth.escapeangle.com/.well-known/openid-configuration echo Did not find any sso configuration, creating one with name Authelia.
fi $auth add-oauth \
''; --name Authelia \
--provider openidConnect \
--key forgejo \
--secret $(tr -d '\n' < ${config.sops.secrets."forgejo/oidc-secret".path}) \
--auto-discover-url https://auth.escapeangle.com/.well-known/openid-configuration
fi
'';
};
services.nginx.virtualHosts."git.escapeangle.com" = { services.nginx.virtualHosts."git.escapeangle.com" = {
forceSSL = true; forceSSL = true;