From 6f0cd412f1d6640a647a7dbbaf7518781dfb8016 Mon Sep 17 00:00:00 2001 From: Crow Date: Wed, 22 Oct 2025 14:13:27 -0400 Subject: [PATCH] Push nrxnukzvxrpt (#9) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * work on install documentation' * get forgejo setup * flake.lock: Update Flake lock file updates: • Updated input 'nix-secrets': 'git+ssh://git@github.com/TheWanderingCrow/nix-secrets?ref=refs/heads/master&rev=ee028b24d966663da48f4d1884ba84c3db779518' (2025-10-16) → 'git+ssh://git@github.com/TheWanderingCrow/nix-secrets?ref=refs/heads/master&rev=e83722f7ae8d1289579ed1d064176e57b294eb41' (2025-10-22) --- flake.lock | 8 ++++---- modules/services/forgejo/default.nix | 4 ++++ nixos-bootstrap/README.md | 8 ++++++++ 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index aaffa19..c3400fe 100644 --- a/flake.lock +++ b/flake.lock @@ -333,11 +333,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1760644113, - "narHash": "sha256-vQ/aSkyfHAaEqi38S86U1LVFwTqY8U3YQ1GPNwcPyAI=", + "lastModified": 1761156521, + "narHash": "sha256-+lGuJKTRHqpBDEE8xgkImYpCNR67BRtHbH5zNCE2uhg=", "ref": "refs/heads/master", - "rev": "ee028b24d966663da48f4d1884ba84c3db779518", - "revCount": 140, + "rev": "e83722f7ae8d1289579ed1d064176e57b294eb41", + "revCount": 141, "type": "git", "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets" }, diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix index b254473..609d8ec 100644 --- a/modules/services/forgejo/default.nix +++ b/modules/services/forgejo/default.nix @@ -2,5 +2,9 @@ services.forgejo = { enable = true; lfs.enable = true; + database = { + type = "sqlite3"; + createDatabase = true; + }; }; } diff --git a/nixos-bootstrap/README.md b/nixos-bootstrap/README.md index a46028e..a063e56 100644 --- a/nixos-bootstrap/README.md +++ b/nixos-bootstrap/README.md @@ -13,3 +13,11 @@ From this subdirectory directory, run `just iso` to generate the ISO file ethernet and SSH in using the installer key in order to setup SOPS, this section will be amended when we figure this out 6. Connect new host to ethernet and SSH in +7. Run `ssh-keyscan | ssh-to-age` to get the age keys for the remote +8. Place the public key into .sops.yaml in the secrets repo at keys.hosts. +9. Run `age-keygen` and place the public key in keys.users._ +10. Create the .yaml file in .sops.yaml and assign *skeleton, the host + key, and the user key +11. Run `just rekey` in the secrets repo and push, then run `just update-secret` + in the primary repo and push. +12. Rebuild the system and test for working sops, you can now login locally