3 changed files with 29 additions and 28 deletions
--- a/config/globals.nix
+++ b/config/globals.nix
@ -23,9 +23,8 @@
  services = {
    forgejo = {
-      home = "/var/lib/forgejo";
+      home = "/var/lib/services/forgejo";
      url = "govel.porzh.me";
      user = "git";
      port = 3000;
    };
    goaccess = {
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -3,23 +3,23 @@ let
  globals = import ../../config/globals.nix;
 in {
  # --- Utilisateur dédié ---
-  users.users.${globals.services.forgejo.user} = {
+  users.users.git = {
    isSystemUser = true;
-    home = globals.services.forgejo.home;
+    home = "/var/lib/forgejo";
    shell = pkgs.bash;
-    group = globals.services.forgejo.user;
+    group = "git";
  };
-  users.groups.${globals.services.forgejo.user} = {};
+  users.groups.git = {};
  # --- Forgejo ---
  services = {
    forgejo = {
      enable = true;
-      user = globals.services.forgejo.user;
+      user = "git";
-      group = globals.services.forgejo.user;
+      group = "git";
      database = {
        type = "sqlite3";
-        path = "${globals.services.forgejo.home}/data/gitea.db";
+        path = "/var/lib/forgejo/data/gitea.db";
      };
      settings = {
        server = {
@ -27,6 +27,7 @@ in {
          ROOT_URL = "https://${globals.services.forgejo.url}/";
          SSH_DOMAIN = globals.services.forgejo.url;
          HTTP_PORT = globals.services.forgejo.port;
          SSH_PORT = 22;
          START_SSH_SERVER = false;
        };
        service = {
@ -48,5 +49,22 @@ in {
      };
    };
  };
-  networking.firewall.allowedTCPPorts = [80 443 22 ];
+
  # --- Ouvrir les ports nécessaires ---
  networking.firewall = {
    allowedTCPPorts = [80 443 2222];
    interfaces."eth0".allowedTCPPorts = [22];
  };
  # --- Pour que Forgejo génère les bonnes URLs Git ---
  #  networking.hostName = "git"; # non strictement obligatoire
  # --- Optionnel : config DNS ---
  # git.lomig.me -> ton IP publique (ou IP locale si LAN)
  # --- Pour te cloner un dépôt : ---
  # git clone git@git.lomig.me:lomig/nom-du-repo.git
  # --- Astuce : génère une paire de clés pour l’accès SSH Git ---
  # ssh-keygen -t ed25519 -f ~/.ssh/id_git_forgejo
  # puis ajoute la clé publique dans ton compte Forgejo
 }
--- a/modules/services/goaccess.nix
+++ b/modules/services/goaccess.nix
@ -6,23 +6,11 @@ in {
    goaccess
  ];
-  environment.etc."local/bin/generate-goaccess.sh".text = ''
+  # Service pour générer le rapport statique GoAccess
    #!/bin/sh 
    set -eu
    RAW_LOG="/var/log/caddy/access-${globals.services.levr.url}.log"
    CLEAN_LOG="/tmp/goaccess-clean.log"
    REPORT="${globals.services.goaccess.home}/index.html"
    ${pkgs.gnugrep}/bin/grep -v '192.168.' "$RAW_LOG" > "$CLEAN_LOG"
    ${pkgs.goaccess}/bin/goaccess "$CLEAN_LOG" --log-format=CADDY -o "$REPORT";
  '';
  environment.etc."local/bin/generate-goaccess.sh".mode = "0755";
  systemd.services.goaccess-report = {
    description = "Generate GoAccess HTML report";
    serviceConfig = {
-      ExecStart = "/etc/local/bin/generate-goaccess.sh";
+      ExecStart = "${pkgs.goaccess}/bin/goaccess /var/log/caddy/access-${globals.services.levr.url}.log --log-format=CADDY -o ${globals.services.goaccess.home}/index.html";
    };
  };
@ -47,8 +35,4 @@ in {
      };
    };
  };
  systemd.tmpfiles.rules = [
    "d ${globals.services.goaccess.home} 0755 root root -"
  ];
 }