From 0475568d18da9ddd0c4b50e653ff3c2327d0ff84 Mon Sep 17 00:00:00 2001
From: Jan Kremer <mail@jankremer.eu>
Date: Sat, 28 Mar 2026 15:28:05 +0100
Subject: [PATCH] Fix website deployment

---
 modules/nixos/caddy.nix   |  2 +-
 modules/nixos/forgejo.nix | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/caddy.nix b/modules/nixos/caddy.nix
index f915d04..5218b09 100644
--- a/modules/nixos/caddy.nix
+++ b/modules/nixos/caddy.nix
@@ -1,6 +1,6 @@
 {
   systemd.tmpfiles.rules = [
-    "d /var/www/jankremer.de 755 forgejo-runner users -"
+    "d /var/www/jankremer.de 755 gitea-runner users -"
   ];
 
   services.caddy = {
diff --git a/modules/nixos/forgejo.nix b/modules/nixos/forgejo.nix
index d414478..3abc895 100644
--- a/modules/nixos/forgejo.nix
+++ b/modules/nixos/forgejo.nix
@@ -14,9 +14,17 @@ in
   };
   age.secrets.forgejo-runner = {
     file = ../../modules/secrets/forgejo-runner.age;
-    owner = "forgejo";
+    owner = "gitea-runner";
   };
 
+  users.users.gitea-runner = {
+    isSystemUser = true;
+    group = "gitea-runner";
+  };
+  users.groups.gitea-runner = {};
+
+  systemd.services."gitea-runner-nimbus".serviceConfig.ReadWritePaths = [ "/var/www/jankremer.de" ];
+
   services = {
     forgejo = {
       enable = true;