fix checks

modules/base.nix

@@ -93,7 +93,7 @@
     sysstat
     tree
     whois
-    exa
+    eza
     zsh
   ];
 }

modules/course-management.nix

@@ -38,9 +38,7 @@ in
     enable = lib.mkForce true; # upstream bacula config wants to disable it, so we need to force
     ensureUsers = [{
       name = "course-management";
-      ensurePermissions = {
-        "DATABASE \"course-management\"" = "ALL PRIVILEGES";
-      };
+      ensureDBOwnership = true;
     }];
     ensureDatabases = [ "course-management" ];
   };

modules/courses-phil.nix

@@ -67,9 +67,7 @@ in
         enableTCPIP = lib.mkForce false;
         ensureUsers = [{
           name = "course-management";
-          ensurePermissions = {
-            "DATABASE \"course-management\"" = "ALL PRIVILEGES";
-          };
+          ensureDBOwnership = true;
         }];
         ensureDatabases = [ "course-management" ];
       };

modules/gitea.nix

@@ -1,40 +1,43 @@
 { config, lib, pkgs, ... }:
 let
   domain = "git.${config.networking.domain}";
-  giteaUser = "git";
+  gitUser = "git";
 in
 {
   sops.secrets.gitea_ldap_search = {
     key = "portunus/search-password";
-    owner = config.services.gitea.user;
+    owner = config.services.forgejo.user;
   };
 
-  users.users.${giteaUser} = {
+  users.users.${gitUser} = {
     isSystemUser = true;
     home = config.services.gitea.stateDir;
-    group = giteaUser;
+    group = gitUser;
     useDefaultShell = true;
   };
-  users.groups.${giteaUser} = { };
+  users.groups.${gitUser} = { };
 
-  services.gitea = {
+  services.forgejo = {
     enable = true;
-    package = pkgs.forgejo; # community fork
-    user = giteaUser;
-    group = giteaUser;
-    appName = "iFSR Git";
+    # package = pkgs.forgejo; # community fork
+    user = gitUser;
+    group = gitUser;
     lfs.enable = true;
 
     database = {
       type = "postgres";
+      name = "git"; # legacy
       createDatabase = true;
-      user = giteaUser;
+      user = gitUser;
     };
 
     # TODO: enable periodic dumps of the DB and repos, maybe use this for backups?
     # dump = { };
 
     settings = {
+      DEFAULT = {
+        APP_NAME = "iFSR Git";
+      };
       server = {
         PROTOCOL = "http+unix";
         DOMAIN = domain;
@@ -68,7 +71,7 @@ in
 
   systemd.services.gitea.preStart =
     let
-      exe = lib.getExe config.services.gitea.package;
+      exe = lib.getExe config.services.forgejo.package;
       portunus = config.services.portunus;
       basedn = "ou=users,${portunus.ldap.suffix}";
       ldapConfigArgs = ''
@@ -108,7 +111,7 @@ in
     enableACME = true;
     forceSSL = true;
     locations."/" = {
-      proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}:/";
+      proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
       proxyWebsockets = true;
     };
     locations."/api/v1/users/search".return = "403";

modules/hedgedoc.nix

@@ -14,9 +14,7 @@ in
       ensureUsers = [
         {
           name = "hedgedoc";
-          ensurePermissions = {
-            "DATABASE hedgedoc" = "ALL PRIVILEGES";
-          };
+          ensureDBOwnership = true;
         }
       ];
       ensureDatabases = [ "hedgedoc" ];

modules/mailman.nix

@@ -20,7 +20,7 @@
     webSettings = {
       DATABASES.default = {
         ENGINE = "django.db.backends.postgresql";
-        NAME = "mailmanweb";
+        NAME = "mailman-web";
       };
     };
     ldap = {
@@ -45,18 +45,14 @@
     ensureUsers = [
       {
         name = "mailman";
-        ensurePermissions = {
-          "DATABASE mailman" = "ALL PRIVILEGES";
-        };
+        ensureDBOwnership = true;
       }
       {
         name = "mailman-web";
-        ensurePermissions = {
-          "DATABASE mailmanweb" = "ALL PRIVILEGES";
-        };
+        ensureDBOwnership = true;
       }
     ];
-    ensureDatabases = [ "mailman" "mailmanweb" ];
+    ensureDatabases = [ "mailman" "mailman-web" ];
   };
   services.nginx.virtualHosts."lists.${config.networking.domain}" = {
     enableACME = true;

modules/mautrix-telegram.nix

@@ -10,9 +10,7 @@ in
     enable = true;
     ensureUsers = [{
       name = "mautrix-telegram";
-      ensurePermissions = {
-        "DATABASE \"mautrix-telegram\"" = "ALL PRIVILEGES";
-      };
+      ensureDBOwnership = true;
     }];
     ensureDatabases = [ "mautrix-telegram" ];
   };

modules/nextcloud.nix

@@ -17,7 +17,6 @@ in
       enable = true;
       configureRedis = true;
       package = pkgs.nextcloud27;
-      enableBrokenCiphersForSSE = false; # disable the openssl warning
       hostName = domain;
       https = true; # Use https for all urls
       phpExtraExtensions = all: [

modules/sogo.nix

@@ -51,9 +51,7 @@ in
       ensureUsers = [
         {
           name = "sogo";
-          ensurePermissions = {
-            "DATABASE sogo" = "ALL PRIVILEGES";
-          };
+          ensureDBOwnership = true;
         }
       ];
       ensureDatabases = [ "sogo" ];

modules/vaultwarden.nix

@@ -25,9 +25,7 @@ in
     ensureUsers = [
       {
         name = "vaultwarden";
-        ensurePermissions = {
-          "DATABASE vaultwarden" = "ALL PRIVILEGES";
-        };
+        ensureDBOwnership = true;
       }
     ];
     ensureDatabases = [ "vaultwarden" ];