From 2fe39ada398593eeceb43d638d2739f07d7428a4 Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Fri, 7 Nov 2025 13:37:55 -0500 Subject: [PATCH] forgejo up and running with pocket id --- flake.lock | 8 +++--- hosts/nixos/HandlerOne/default.nix | 1 + modules/services/forgejo/default.nix | 41 ++++++++++++++++++++++++++-- 3 files changed, 43 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 31e578c..00d7fa5 100644 --- a/flake.lock +++ b/flake.lock @@ -387,11 +387,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1762177792, - "narHash": "sha256-8m/oUyPw4RgctZXY/LVLBIRdQDVPoR3jK5mTGeA+7IY=", + "lastModified": 1762540987, + "narHash": "sha256-SqE+KPd8N9Fef7u7lOXMayI6VB7lflop7KIwPg0jui4=", "ref": "refs/heads/master", - "rev": "d56e91ea1ec05faff82c5f9be18bdb33c5a4fc15", - "revCount": 146, + "rev": "9e68e5dfdad75a5be8e95efce24d9b4708589dd2", + "revCount": 148, "type": "git", "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets" }, diff --git a/hosts/nixos/HandlerOne/default.nix b/hosts/nixos/HandlerOne/default.nix index d1eadf4..07a0245 100644 --- a/hosts/nixos/HandlerOne/default.nix +++ b/hosts/nixos/HandlerOne/default.nix @@ -58,6 +58,7 @@ "modules/services/ollama/proxy.nix" # Just host the proxy path back to Parzival "modules/services/netbox" "modules/services/matrix" + "modules/services/forgejo" "modules/services/flamesites" ]) ]; diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix index 8787d37..408a830 100644 --- a/modules/services/forgejo/default.nix +++ b/modules/services/forgejo/default.nix @@ -1,8 +1,27 @@ +{ inputs, config, ... }: +let + sopsFolder = builtins.toString inputs.nix-secrets + "/sops"; +in { services.caddy.virtualHosts."git.wanderingcrow.net".extraConfig = '' reverse_proxy http://localhost:3000 ''; + sops.secrets = { + "forgejo/mailer/server" = { + sopsFile = "${sopsFolder}/services.yaml"; + }; + "forgejo/mailer/port" = { + sopsFile = "${sopsFolder}/services.yaml"; + }; + "forgejo/mailer/user" = { + sopsFile = "${sopsFolder}/services.yaml"; + }; + "forgejo/mailer/pass" = { + sopsFile = "${sopsFolder}/services.yaml"; + }; + }; + services.forgejo = { enable = true; lfs.enable = true; @@ -17,11 +36,27 @@ HTTP_PORT = 3000; }; service = { - DISABLE_REGISTRATION = false; + REGISTER_EMAIL_CONFIRM = true; + ENABLE_NOTIFY_MAIL = true; + # I want to offload account security to OIDC provider + REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = false; + ENABLE_INTERNAL_SIGNIN = false; + EMAIL_DOMAIN_BLOCK_DISPOSABLE = true; + ALLOW_ONLY_EXTERNAL_REGISTRATION = false; + ENABLE_OPENID_SIGNIN = true; + ENABLE_OPENID_SIGNUP = true; + WHITELISTED_URIS = "auth.wanderingcrow.net"; }; - actions = { + mailer = { ENABLED = true; - DEFAULT_ACTIONS_URL = "github"; + }; + }; + secrets = { + mailer = { + SMTP_ADDR = config.sops.secrets."forgejo/mailer/server".path; + SMTP_PORT = config.sops.secrets."forgejo/mailer/port".path; + USER = config.sops.secrets."forgejo/mailer/user".path; + PASSWD = config.sops.secrets."forgejo/mailer/pass".path; }; }; };