kommode/gitea/web: use default login shell

bekkalokk/nettsiden: fix gallery rsync target
2026-02-20 00:47:52 +01:00 · 2026-02-05 13:25:06 +09:00 · 2026-02-05 13:19:29 +09:00
2 changed files with 9 additions and 2 deletions
--- a/hosts/bekkalokk/services/website/fetch-gallery.nix
+++ b/hosts/bekkalokk/services/website/fetch-gallery.nix
@@ -1,8 +1,14 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, values, ... }:
 let
  galleryDir = config.services.pvv-nettsiden.settings.GALLERY.DIR;
  transferDir = "${config.services.pvv-nettsiden.settings.GALLERY.DIR}-transfer";
 in {
+  users.users.${config.services.pvv-nettsiden.user} = {
+    # NOTE: the user unfortunately needs a registered shell for rrsync to function...
+    #       is there anything we can do to remove this?
+    useDefaultShell = true;
+  };
+
  # This is pushed from microbel:/var/www/www-gallery/build-gallery.sh
  services.rsync-pull-targets = {
    enable = true;
@@ -11,6 +17,7 @@ in {
      rrsyncArgs.wo = true;
      authorizedKeysAttrs = [
        "restrict"
+        "from=\"microbel.pvv.ntnu.no,${values.hosts.microbel.ipv6},${values.hosts.microbel.ipv4}\""
        "no-agent-forwarding"
        "no-port-forwarding"
        "no-pty"
--- a/hosts/kommode/services/gitea/web-secret-provider/default.nix
+++ b/hosts/kommode/services/gitea/web-secret-provider/default.nix
@@ -28,7 +28,7 @@ in
  users.users."gitea-web" = {
    group = "gitea-web";
    isSystemUser = true;
-    shell = pkgs.bash;
+    useDefaultShell = true;
  };

  sops.secrets."gitea/web-secret-provider/token" = {
Author	SHA1	Message	Date
h7x4	02bdb8d45b	kommode/gitea/web: use default login shell	2026-02-05 13:25:06 +09:00
h7x4	a5143c0aaa	bekkalokk/nettsiden: fix gallery rsync target	2026-02-05 13:19:29 +09:00