Add forgejo, remove authelia.

machines/lebesgue/config/configuration.nix

@@ -14,6 +14,11 @@
       enable = true;
     };
 
+    services.forgejo = {
+      enable = true;
+      domain = "forge.foehammer.me";
+    };
+
     services.vaultwarden = {
       enable = true;
       domain = "https://passwords.foehammer.me";
@@ -21,19 +26,6 @@
       envPath = config.sops.secrets.vaultwarden-env.path;
     };
 
-    services.authelia = {
-      enable = true;
-      domain = "foehammer.me";
-      url = "https://auth.foehammer.me";
-      jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path;
-
-      userDbFile = config.sops.secrets.authelia-users.path;
-      # oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path;
-      # oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path;
-      sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
-      storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
-    };
-
     backups.restic = {
       enable = true;
 
@@ -41,7 +33,7 @@
       environmentFile = config.sops.secrets.restic-env.path;
       passwordFile = config.sops.secrets.restic-password.path;
 
-      paths = ["/var/lib/vaultwarden" "/var/lib/authelia"];
+      paths = ["/var/lib/vaultwarden" "/var/lib/authelia" "/var/lib/forgejo"];
     };
 
     tailscale = {

machines/lebesgue/config/routing.nix

@@ -8,14 +8,9 @@
           reverse_proxy :${toString config.foehammer.services.vaultwarden.port}
         '';
       };
-      "auth.foehammer.me" = {
+      "forge.foehammer.me" = {
         extraConfig = ''
-          reverse_proxy :${toString config.foehammer.services.authelia.port}
-        '';
-      };
-      "goatcounter.foehammer.me" = {
-        extraConfig = ''
-          reverse_proxy :${toString config.foehammer.services.goatcounter.port}
+          reverse_proxy :${toString config.foehammer.services.forgejo.port}
         '';
       };
     };

machines/lebesgue/config/secrets.nix

@@ -3,10 +3,6 @@
     defaultSopsFile = ../secrets/main.yaml;
 
     secrets = let
-      autheliaSecret = {
-        owner = "authelia-main";
-        sopsFile = ../secrets/authelia/secrets.yaml;
-      };
     in {
       admin-password.neededForUsers = true;
 
@@ -17,16 +13,6 @@
       restic-env = {owner = "restic";};
       restic-password = {owner = "restic";};
       restic-repository = {owner = "restic";};
-
-      authelia-jwtsecret = autheliaSecret;
-      authelia-oidc-privkey = autheliaSecret;
-      authelia-oidc-hmac = autheliaSecret;
-      authelia-session-secret = autheliaSecret;
-      authelia-storage-encryption = autheliaSecret;
-      authelia-users = {
-        owner = "authelia-main";
-        sopsFile = ../secrets/authelia/users.yaml;
-      };
     };
   };
 }

machines/lebesgue/config/state.nix

@@ -4,6 +4,7 @@
   environment.persistence."/persist" = {
     directories = [
       "/var/cache/restic-backups-s3"
+      "/var/lib/forgejo"
       "/var/lib/tailscale"
       "/var/lib/goatcounter"
       "/var/log"

machines/lebesgue/flake.lock

@@ -50,11 +50,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1765838191,
-        "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=",
+        "lastModified": 1766736597,
+        "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6",
+        "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
         "type": "github"
       },
       "original": {