feat: update forgejo settings to include mailer and gitea-actions-runner configuration now that we have sops-nix

modules/services/forgejo.nix

@@ -9,57 +9,64 @@ let
   srv = cfg.settings.server;
 in
 {
-  services.forgejo = {
-    enable = true;
-    # database.type = "postgres";
-    # Enable support for Git Large File Storage
-    lfs.enable = true;
-    settings = {
-      server = {
-        DOMAIN = "code.liv.town";
-        # You need to specify this to remove the port from URLs in the web UI.
-        ROOT_URL = "https://${srv.DOMAIN}/";
-        HTTP_PORT = 3050;
-      };
-      # You can temporarily allow registration to create an admin user.
-      service.DISABLE_REGISTRATION = true;
-      # Add support for actions, based on act: https://github.com/nektos/act
-      actions = {
-        ENABLED = true;
-        DEFAULT_ACTIONS_URL = "github";
-      };
-      # Sending emails is completely optional
-      # You can send a test email from the web UI at:
-      # Profile Picture > Site Administration > Configuration >  Mailer Configuration
-      # mailer = {
-      #   ENABLED = true;
-      #   SMTP_ADDR = "mail.example.com";
-      #   FROM = "noreply@${srv.DOMAIN}";
-      #   USER = "noreply@${srv.DOMAIN}";
-      # };
-    };
-    # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
-  };
-  # gitea-actions-runner = {
-  #   package = pkgs.forgejo-runner;
-  #   instances.my-forgejo-instance = {
-  #     enable = true;
-  #     name = "forgejo-01";
-  #     token = ""; # TODO: fill in tokens etc
-  #     url = "https://code.liv.town";
-  #     labels = [
-  #       "node-22:docker://node:22-bookworm"
-  #       "nixos-latest:docker://nixos/nix"
-  #     ];
-  #   };
-  # };
   services = {
+    forgejo = {
+      enable = true;
+      # database.type = "postgres";
+      # Enable support for Git Large File Storage
+      lfs.enable = true;
+      settings = {
+        server = {
+          DOMAIN = "code.liv.town";
+          # You need to specify this to remove the port from URLs in the web UI.
+          ROOT_URL = "https://${srv.DOMAIN}/";
+          HTTP_PORT = 3050;
+        };
+        # You can temporarily allow registration to create an admin user.
+        service.DISABLE_REGISTRATION = true;
+        # Add support for actions, based on act: https://github.com/nektos/act
+        actions = {
+          ENABLED = true;
+          DEFAULT_ACTIONS_URL = "github";
+        };
+        # TODO: run own email server that sends users emails!
+        # You can send a test email from the web UI at:
+        # Profile Picture > Site Administration > Configuration >  Mailer Configuration
+        mailer = {
+          ENABLED = true;
+          SMTP_ADDR = "smtp.migadu.com";
+          FROM = config.liv.variables.senderEmail;
+          USER = config.liv.variables.senderEmail;
+        };
+      };
+      mailerPasswordFile = config.sops.secrets.systemMailerPassword.path;
+    };
+    gitea-actions-runner = {
+      package = pkgs.forgejo-runner;
+      instances.code-liv-town = {
+        enable = true;
+        name = "forgejo-01";
+        tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}";
+        url = "https://code.liv.town";
+        labels = [
+          "node-22:docker://node:22-bookworm"
+          "nixos-latest:docker://nixos/nix"
+        ];
+      };
+    };
+    anubis.instances.forgejo = {
+      settings = {
+        TARGET = "http://localhost:3050";
+        BIND = ":3051";
+        BIND_NETWORK = "tcp";
+      };
+    };
     nginx.virtualHosts."code.liv.town" = {
       forceSSL = true;
       sslCertificate = "/var/lib/acme/liv.town/cert.pem";
       sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
       locations."/" = {
-        proxyPass = "http://localhost:3050";
+        proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}";
         proxyWebsockets = true;
       };
     };