Add forgejo, remove authelia.

2025-12-28 20:49:16 -06:00 · 2025-12-28 20:49:16 -06:00 · 7d90587392
commit 7d90587392
parent dfb52f269c
8 changed files with 179 additions and 68 deletions
--- a/machines/lebesgue/config/configuration.nix
+++ b/machines/lebesgue/config/configuration.nix
@ -14,6 +14,11 @@
      enable = true;
    };

+    services.forgejo = {
+      enable = true;
+      domain = "forge.foehammer.me";
+    };
+
    services.vaultwarden = {
      enable = true;
      domain = "https://passwords.foehammer.me";
@ -21,19 +26,6 @@
      envPath = config.sops.secrets.vaultwarden-env.path;
    };

-    services.authelia = {
-      enable = true;
-      domain = "foehammer.me";
-      url = "https://auth.foehammer.me";
-      jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path;
-
-      userDbFile = config.sops.secrets.authelia-users.path;
-      # oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path;
-      # oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path;
-      sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
-      storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
-    };
-
    backups.restic = {
      enable = true;

@ -41,7 +33,7 @@
      environmentFile = config.sops.secrets.restic-env.path;
      passwordFile = config.sops.secrets.restic-password.path;

-      paths = ["/var/lib/vaultwarden" "/var/lib/authelia"];
+      paths = ["/var/lib/vaultwarden" "/var/lib/authelia" "/var/lib/forgejo"];
    };

    tailscale = {
--- a/machines/lebesgue/config/routing.nix
+++ b/machines/lebesgue/config/routing.nix
@ -8,14 +8,9 @@
          reverse_proxy :${toString config.foehammer.services.vaultwarden.port}
        '';
      };
-      "auth.foehammer.me" = {
+      "forge.foehammer.me" = {
        extraConfig = ''
-          reverse_proxy :${toString config.foehammer.services.authelia.port}
-        '';
-      };
-      "goatcounter.foehammer.me" = {
-        extraConfig = ''
-          reverse_proxy :${toString config.foehammer.services.goatcounter.port}
+          reverse_proxy :${toString config.foehammer.services.forgejo.port}
        '';
      };
    };
--- a/machines/lebesgue/config/secrets.nix
+++ b/machines/lebesgue/config/secrets.nix
@ -3,10 +3,6 @@
    defaultSopsFile = ../secrets/main.yaml;

    secrets = let
-      autheliaSecret = {
-        owner = "authelia-main";
-        sopsFile = ../secrets/authelia/secrets.yaml;
-      };
    in {
      admin-password.neededForUsers = true;

@ -17,16 +13,6 @@
      restic-env = {owner = "restic";};
      restic-password = {owner = "restic";};
      restic-repository = {owner = "restic";};
-
-      authelia-jwtsecret = autheliaSecret;
-      authelia-oidc-privkey = autheliaSecret;
-      authelia-oidc-hmac = autheliaSecret;
-      authelia-session-secret = autheliaSecret;
-      authelia-storage-encryption = autheliaSecret;
-      authelia-users = {
-        owner = "authelia-main";
-        sopsFile = ../secrets/authelia/users.yaml;
-      };
    };
  };
 }
--- a/machines/lebesgue/config/state.nix
+++ b/machines/lebesgue/config/state.nix
@ -4,6 +4,7 @@
  environment.persistence."/persist" = {
    directories = [
      "/var/cache/restic-backups-s3"
+      "/var/lib/forgejo"
      "/var/lib/tailscale"
      "/var/lib/goatcounter"
      "/var/log"