From cd309dd51033b3e286f7d214b7442b0d988e5884 Mon Sep 17 00:00:00 2001
From: prescientmoon <git@moonythm.dev>
Date: Sat, 11 May 2024 01:22:34 +0200
Subject: [PATCH] Fix perms for forgejo mailer password

---
 hosts/nixos/lapetus/services/forgejo.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hosts/nixos/lapetus/services/forgejo.nix b/hosts/nixos/lapetus/services/forgejo.nix
index aa8b526..8bc0438 100644
--- a/hosts/nixos/lapetus/services/forgejo.nix
+++ b/hosts/nixos/lapetus/services/forgejo.nix
@@ -5,9 +5,13 @@ let
   cfg = config.services.forgejo;
 in
 {
-  sops.secrets.forgejo_mail_password.sopsFile = ../secrets.yaml;
+  sops.secrets.forgejo_mail_password = {
+    sopsFile = ../secrets.yaml;
+    owner = cfg.user;
+    group = cfg.group;
+  };
+
   satellite.cloudflared.targets.${host}.port = port;
-  systemd.tmpfiles.rules = [ "d ${cfg.stateDir} 0700 ${cfg.user} ${cfg.user} -" ];
 
   services.forgejo = {
     enable = true;