Commit d02584a

HPCesia <me@hpcesia.com>
2025-08-21 12:46:54
feat(service): update forgejo config
1 parent 163507f
Changed files (3)
hosts
chaser-pardofelis
secrets
hosts/chaser-pardofelis/forgejo.nix
@@ -25,6 +25,23 @@
         SSH_PORT = 2233;
         ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
       };
+      service = {
+        DISABLE_REGISTRATION = true;
+        ENABLE_NOTIFY_MAIL = true;
+        ENABLE_BASIC_AUTHENTICATION = false;
+      };
+      repository = {
+        DEFAULT_REPO_UNITS = "repo.code,repo.releases";
+      };
+      mailer = {
+        ENABLED = true;
+        PROTOCOL = "smtps";
+        SMTP_ADDR = "glacier.mxrouting.net";
+        SMTP_PORT = 465;
+        USER = "info@hpcesia.com";
+        FROM = "Forgejo Infomation <info@hpcesia.com>";
+        SUBJECT_PREFIX = "[repo.hpcesia.com] ";
+      };
       # TODO: Enable federation after I finalize a suitable instance name and switch to an independent domain.
       federation.ENABLED = false;
       session.COOKIE_SECURE = true;
@@ -37,6 +54,9 @@
         ENABLED = true;
       };
     };
+    secrets = {
+      mailer.PASSWD = config.sops.secrets.forgejo-mailer-password.path;
+    };
   };
 
   users.users."git" = {
secrets/hosts/pardofelis/default.nix
@@ -61,6 +61,17 @@ in
             }
             // secretFileConf;
         }
+        {
+          name = "forgejo-mailer-password";
+          value =
+            {
+              key = "services/forgejo/mailerPassword";
+              owner = "root";
+              group = "forgejo";
+              mode = "0440";
+            }
+            // secretFileConf;
+        }
         {
           name = "restic-backup-password";
           value = {key = "services/restic/password";} // secretFileConf;
secrets/hosts/pardofelis/secrets.yaml
@@ -7,6 +7,8 @@ services:
         defaultUserPassword: ENC[AES256_GCM,data:go37FcBdkPaI3o9ufWWSe4csncSBXl7Sna1lOU9xCxc=,iv:uslyMRqDLmJp9al4kz+F/f8tcyAzpBtnRHRNaz5E+1U=,tag:cs/laSyPWy0GHN3bMO8FRQ==,type:str]
     grafana:
         adminPassword: ENC[AES256_GCM,data:GSD4lXMBxnzbmWluPp0J4Y7EDOnutCZq,iv:MqyKSHZk2RkPEo07SQxYYYZir+DPwWSjwwWVfeP8kqQ=,tag:VVJFT5HQquF6fOp7aOINSA==,type:str]
+    forgejo:
+        mailerPassword: ENC[AES256_GCM,data:R9zhwWLjxAuZe3+pXXh12GsO01kpseOv,iv:Z+VH4XHj7HHEr+PdWtpa2kL/vXOaaVZl+aqrFm/htoQ=,tag:sEvfPKWxWjTJzVAeND9/kA==,type:str]
     forgejo-runner:
         token: ENC[AES256_GCM,data:gm23RUL8LVnq6prQFjX+mk2NlcURJuRdlOOzDjM6brjPOi4Rxy4dZw==,iv:OsRpBP5SEdHSHiCAVS7FJhAlnuBODc66Ap+Fty9fhZo=,tag:7Ez+qNe/w18DGJT+neZSHA==,type:str]
     gotosocial:
@@ -58,8 +60,8 @@ sops:
             SENxSmtOQUlWaFg4Tys2MU91UklURW8K8VUSmBV87SBHVtTfJJrEbX3KtxtPT+nd
             a0lbIgNit5pZu5uQVwiuENuPA3K+/3Uo0AIVRxkHJC8ZVqrjXeHhvw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-20T06:45:56Z"
-    mac: ENC[AES256_GCM,data:PZSFrc4x0K+bq2sdnDney86wxQ/0jPsXRpc/e35Zdk3SFajxOe9z9VbQAiln8qeFgGdg/IY3U9BDsVZEsgMc+xQpVRIZxGvozP3Zt/MAsMfjLGN2bGpPgJoL11s9CJ4vCeOTECV9ps+ckD+pXdekBObKdMw21OanK1vXeP/WsuE=,iv:mWTrtcXquPs29rNKseQsppOq+HBuwMromxZmW9LljlU=,tag:Jx8DWVzH/WZo34ibtHbGCA==,type:str]
+    lastmodified: "2025-08-21T12:48:17Z"
+    mac: ENC[AES256_GCM,data:Mdc04pB0+QscCchESv3hcYWI8XgJEvhkwc49qzfPJMd9xf0SjA096QdpltiLggRtbKewxpVnkOOZJdZ5z7Fb+R63m7nVcHGRVIY0LZJqhaOLoZpkPk/0znLvm7fGLEqiCZRCtM4tM8OVauKJUcLbLZYWVFZ96evx4p1KGrEcVB0=,iv:hNmLXa5H6C3QAZkI3ulHWXM+yDz7zD8Y8q9ulJ4nXMA=,tag:RnlvXIfnrLsz2dIgNwYGiA==,type:str]
     pgp:
         - created_at: "2025-08-06T11:08:38Z"
           enc: |-