From b480446505f0d06a0decdff0da5f86051b3e4711 Mon Sep 17 00:00:00 2001 From: Matt Nish-Lapidus Date: Wed, 16 Apr 2025 16:42:05 -0400 Subject: [PATCH] forgejo --- homes/emenel-services/default.nix | 5 ----- hosts/emenel-services/configuration.nix | 1 + hosts/emenel-services/secrets.yaml | 5 +++-- modules/system/forgejo.nix | 17 ++++++++--------- 4 files changed, 12 insertions(+), 16 deletions(-) diff --git a/homes/emenel-services/default.nix b/homes/emenel-services/default.nix index 96a7497..98026c0 100644 --- a/homes/emenel-services/default.nix +++ b/homes/emenel-services/default.nix @@ -31,11 +31,6 @@ stateVersion = "25.05"; }; - sops = { - age.keyFile = "/home/media/.config/sops/age/keys.txt"; # must have no password! - defaultSopsFile = ../emenel/secrets.yaml; - }; - programs = { home-manager.enable = true; password-store.enable = true; diff --git a/hosts/emenel-services/configuration.nix b/hosts/emenel-services/configuration.nix index 89fe992..ed9ecec 100644 --- a/hosts/emenel-services/configuration.nix +++ b/hosts/emenel-services/configuration.nix @@ -48,6 +48,7 @@ defaultSopsFile = ./secrets.yaml; secrets = { forgejo-emenel = {}; + forgejo-smtp = {}; }; }; diff --git a/hosts/emenel-services/secrets.yaml b/hosts/emenel-services/secrets.yaml index ed2b81d..a117e70 100644 --- a/hosts/emenel-services/secrets.yaml +++ b/hosts/emenel-services/secrets.yaml @@ -1,4 +1,5 @@ forgejo-emenel: ENC[AES256_GCM,data:Ngb8YCzaxVskDau76iv0XTesSA2NLXOfRr4Y+J47Z0prq5ol5Kf9H71VpWFTzR0TjSu8q8EUdq/2dqNzlzxlW+5SAXzxDWVW,iv:EOiKG4Y/yrOWUfbPoM3O4BvZiWEltTXIyYhcRNQ3Jbw=,tag:fUl2/3wtevmXCSUqsv+Hqg==,type:str] +forgejo-smtp: ENC[AES256_GCM,data:p2n5u13LpGjJO5HrjtmyJ2tbJU/oZQOMedQ0fL2QvioxFNVXIa33S9x0+LwEO6a+1k8=,iv:n+rOLNYnSAR98F3Hr6qSEKm10+KDGTzJ2GWdUclSTSc=,tag:jiAsgTg+bk8buRiysIYWnA==,type:str] sops: age: - recipient: age10k8v6pfm3p7cmsgn6wu5ufpcquqgpvqh76l23xf326et55dacc0qlr8fe8 @@ -19,7 +20,7 @@ sops: cjUxSzYwSjg4c2pqRVlEeDVYc2NlN28KLyF2kPwaBTfm6ooIWkC7QuM4H4F7uvhi tsS/pHp9aE43ur6CShAJn4x7AHJGIwge+VZe3mUiMpsBfO5hROvwmA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-14T12:29:05Z" - mac: ENC[AES256_GCM,data:lYflBymIecXWR5gAu3eKjmWqn4FPEuE2STFyxQdjPEbj7aP2CfshOUhUAwvhEy9twPvPTDkZuyiWmfSHZiHWiUYdI9cEKOB4ZiG+wlwmdOP76soXulFPyIsvFCbQMbvbUrxpA7+kUDArzuXnvffH+zI8lExgh0LHrnNR3893A10=,iv:SAECjDkkJxeNklUUaJMOJFrQjWtj/1IMZR5Tpkd1EzA=,tag:fBVnhFXRgYiDZ9gYfUUUtg==,type:str] + lastmodified: "2025-04-16T20:39:05Z" + mac: ENC[AES256_GCM,data:PaNwzi8Ico3Bq+P22p80HTTzSDIZvwJC/8bS1nSED3xqPKPDqM/fyb8gyYNo/04lCbH4D3DYhwV8Y6LvU0S9WD5nYcSBC8Qv9pomkgxOMFgE/8La+dQWLZzmwTaedZSHruX40B+QbZviiDP0PXqRynxqr+cMya2IGY8YSWWFh5Y=,iv:jdHYM8Dr4EkF7xuDCTuFuL1ENeFSBYnLPt1/J5MT69Y=,tag:LxsQVT5Fx9ut5saw0vdbwQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.1 diff --git a/modules/system/forgejo.nix b/modules/system/forgejo.nix index d514331..d881cc8 100644 --- a/modules/system/forgejo.nix +++ b/modules/system/forgejo.nix @@ -28,14 +28,15 @@ in ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; - # mailer = { - # ENABLED = true; - # SMTP_ADDR = "mail.example.com"; - # FROM = "noreply@${srv.DOMAIN}"; - # USER = "noreply@${srv.DOMAIN}"; - # }; + mailer = { + ENABLED = true; + SMTP_ADDR = "smtp.mailgun.org"; + SMTP_PORT = 587; + FROM = "git@gt.emenel.ca"; + USER = "git@gt.emenel.ca"; + }; }; - # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; + mailerPasswordFile = config.sops.secrets.forgejo-smtp; }; caddy.virtualHosts."gt.emenel.ca" = { @@ -85,8 +86,6 @@ in ''; in [ forgejo-cli - pkgs.forgejo - pkgs.forgejo-runner ]; # sops.secrets.forgejo-emenel.owner = "forgejo";