configures forgejo

2026-03-11 22:42:54 +01:00 · 2026-03-11 22:42:54 +01:00 · 1e9cacb761
commit 1e9cacb761
parent 31976a7c9c
5 changed files with 42 additions and 0 deletions
--- a/modules/hosts/dnsc-vps-sm/default.nix
+++ b/modules/hosts/dnsc-vps-sm/default.nix
@ -62,6 +62,9 @@ in
            secrets."restic/password" = {
              file = "${secretsDir}/restic/password.age";
            };
            secrets."forgejo/mail-password" = {
              file = "${secretsDir}/forgejo/mail-password.age";
            };
          };
          # Custom Module Options
--- a/modules/selfhosted/caddy/default.nix
+++ b/modules/selfhosted/caddy/default.nix
@ -35,6 +35,9 @@
        virtualHosts."notes.dnsc.io".extraConfig = ''
          reverse_proxy localhost:9003
        '';
        virtualHosts."git.dnsc.io".extraConfig = ''
          reverse_proxy localhost:9004
        '';
      };
    };
 }
--- a/modules/selfhosted/forgejo/default.nix
+++ b/modules/selfhosted/forgejo/default.nix
@ -0,0 +1,26 @@
 { ... }:
 {
  flake.modules.nixos.forgejo =
    { pkgs, config, ... }:
    {
      services.forgejo = {
        enable = true;
        lfs.enable = true;
        settings = {
          server = {
            DOMAIN = "git.dnsc.io";
            ROOT_URL = "https://git.dnsc.io/";
            HTTP_PORT = 9004;
          };
          service.DISABLE_REGISTRATION = false;
          mailer = {
            ENABLED = true;
            SMTP_ADDR = "me@dnsc.io";
            FROM = "git@dnsc.io";
            USER = "git@dnsc.io";
          };
        };
        secrets.mailer.PASSWD = config.age.secrets."forgejo/mail-password".path;
      };
    };
 }
--- a/secrets/forgejo/mail-password.age
+++ b/secrets/forgejo/mail-password.age
@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 JIw3cQ 6dRa6cCY05awbR5Ypq89K9nAPN1SBcoz67RrZ2PLvWE
 yYJn+UHJHt+DX34+EHneLuCWDs4qw7l/+LUVe3DaVEo
 -> ssh-ed25519 HufN+g Avtl/q3JuMecU5fFnGHqByHg5y/ZMVN90UDB325Mhi4
 7Mw+QqltaEDAOCCSlAG/aBOayGBxtOeiJwRfdXGX2ow
 -> ssh-ed25519 cTYF0w 8VwH3Yz2dUAhAVBHeeZL7leSmyUQfMusiAEFLGnafhQ
 mtc13Xfnc7X42iMgrxGVdLWk54H9IjjmTI2T26jWMXQ
 --- bVcpPfFruDRU3VEipqVt6ztjsOon71V38jKdDQkhvQA
 ÍãùÐvÿÐ'?ÍªcgÜ‰ ß8`neo<65> ë*V ™GJ	vN¶BSoŠCï
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -12,6 +12,7 @@ in
  # Add like this: "secret1.age".publicKeys = systems;
  "vaultwarden/env.age".publicKeys = systems;
  "restic/password.age".publicKeys = systems;
  "forgejo/mail-password.age".publicKeys = systems;
 }
 # 1. Create a file with secret