`/api/v1/signing-key.gpg` spawns a `gpg` process,
which is great to test if `gpg` is available
and can be invoked from in the unit.
Which is somewhat relevant, since `gpg` was
missing from the unit's `$PATH` until recently.
And even after adding `gpg` to the unit's `$PATH`,
configuring commit signing for a instance
resulted in http/500s nonetheless.
That's due to `@memlock` being present in
`SystemCallFilter=~` and `gpg` trying to
use `mlock` (probably to prevent secrets
in the memory to swap), resulting in an
immediate `SIGKILL` of any spawned `gpg` processes.
This reduces the length of the gitea-test by creating a single
`makeGiteaTest` function which creates the configuration for a testcase
with a given database driver.
trace: warning: config.services.gitea.database.password will be stored as plaintext
in the Nix store. Use database.passwordFile instead.
(Arguably, this shouldn't be a warning at all. But making it happy is
easier than having a debate on the value of this warning.)
Although this can be added to `extraOptions` I figured that it makes
sense to add an option to explicitly promote this feature in our
documentation since most of the self-hosted gitea instances won't be
intended for common use I guess.
Also added a notice that this should be added after the initial deploy
as you have to register yourself using that feature unless the install
wizard is used.