feat: update forgejo settings to include mailer and gitea-actions-runner configuration now that we have sops-nix

2025-12-04 15:00:13 +01:00 · 2025-07-30 13:54:14 +02:00 · 2025-07-30 13:54:14 +02:00 · b663614fa5
commit b663614fa5
parent d8d6bc67d8
1 changed files with 52 additions and 45 deletions
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -9,7 +9,8 @@ let
  srv = cfg.settings.server;
 in
 {
-  services.forgejo = {
+  services = {
+    forgejo = {
      enable = true;
      # database.type = "postgres";
      # Enable support for Git Large File Storage
@ -28,38 +29,44 @@ in
          ENABLED = true;
          DEFAULT_ACTIONS_URL = "github";
        };
-      # Sending emails is completely optional
+        # TODO: run own email server that sends users emails!
        # You can send a test email from the web UI at:
        # Profile Picture > Site Administration > Configuration >  Mailer Configuration
-      # mailer = {
-      #   ENABLED = true;
-      #   SMTP_ADDR = "mail.example.com";
-      #   FROM = "noreply@${srv.DOMAIN}";
-      #   USER = "noreply@${srv.DOMAIN}";
-      # };
+        mailer = {
+          ENABLED = true;
+          SMTP_ADDR = "smtp.migadu.com";
+          FROM = config.liv.variables.senderEmail;
+          USER = config.liv.variables.senderEmail;
+        };
+      };
+      mailerPasswordFile = config.sops.secrets.systemMailerPassword.path;
+    };
+    gitea-actions-runner = {
+      package = pkgs.forgejo-runner;
+      instances.code-liv-town = {
+        enable = true;
+        name = "forgejo-01";
+        tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}";
+        url = "https://code.liv.town";
+        labels = [
+          "node-22:docker://node:22-bookworm"
+          "nixos-latest:docker://nixos/nix"
+        ];
+      };
+    };
+    anubis.instances.forgejo = {
+      settings = {
+        TARGET = "http://localhost:3050";
+        BIND = ":3051";
+        BIND_NETWORK = "tcp";
      };
-    # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
    };
-  # gitea-actions-runner = {
-  #   package = pkgs.forgejo-runner;
-  #   instances.my-forgejo-instance = {
-  #     enable = true;
-  #     name = "forgejo-01";
-  #     token = ""; # TODO: fill in tokens etc
-  #     url = "https://code.liv.town";
-  #     labels = [
-  #       "node-22:docker://node:22-bookworm"
-  #       "nixos-latest:docker://nixos/nix"
-  #     ];
-  #   };
-  # };
-  services = {
    nginx.virtualHosts."code.liv.town" = {
      forceSSL = true;
      sslCertificate = "/var/lib/acme/liv.town/cert.pem";
      sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
      locations."/" = {
-        proxyPass = "http://localhost:3050";
+        proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}";
        proxyWebsockets = true;
      };
    };