Change gitea ssh port.

Add forgejo, remove authelia.
Update Nixpkgs to 25.11
2025-12-28 22:03:03 -06:00 · 2025-12-28 20:49:16 -06:00 · 2025-12-17 17:29:11 -06:00 · 2025-12-14 23:43:37 -05:00 · 2025-12-14 23:39:55 -05:00 · 2025-12-14 18:33:05 -05:00
10 changed files with 228 additions and 99 deletions
--- a/common/services/gitea.nix
+++ b/common/services/gitea.nix
@ -0,0 +1,63 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkEnableOption mkIf mkOption;
+
+  cfg = config.foehammer.services.forgejo;
+in {
+  options.foehammer.services.forgejo = {
+    enable = mkEnableOption "Enable Gitea Server";
+
+    port = mkOption {
+      type = lib.types.port;
+      default = 8225;
+      description = ''
+        What external port to serve over.
+      '';
+    };
+
+    ssh-port = mkOption {
+      type = lib.types.port;
+      default = 22;
+      description = ''
+        Where ssh is available.
+      '';
+    };
+
+    domain = mkOption {
+      type = lib.types.str;
+    };
+
+    ssh-domain = mkOption {
+      type = lib.types.str;
+      default = cfg.domain;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.forgejo = {
+      enable = true;
+      lfs.enable = true;
+
+      settings = {
+        service = {
+         DISABLE_REGISTRATION = true;
+         SHOW_REGISTRATION_BUTTON = false;
+        };
+        ui = {
+          SHOW_USER_EMAIL = false;
+        };
+        server = {
+          HTTP_PORT = cfg.port;
+          DOMAIN = cfg.domain;
+          ROOT_URL = "https://${cfg.domain}";
+          SSH_DOMAIN = cfg.ssh-domain;
+          SSH_PORT = cfg.ssh-port;
+        };
+      };
+    };
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -1,15 +1,60 @@
 {
  "nodes": {
+    "alejandra": {
+      "inputs": {
+        "fenix": "fenix",
+        "flakeCompat": "flakeCompat",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660592437,
+        "narHash": "sha256-xFumnivtVwu5fFBOrTxrv6fv3geHKF04RGP23EsDVaI=",
+        "owner": "kamadorueda",
+        "repo": "alejandra",
+        "rev": "e7eac49074b70814b542fee987af2987dd0520b5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kamadorueda",
+        "ref": "3.0.0",
+        "repo": "alejandra",
+        "type": "github"
+      }
+    },
+    "fenix": {
+      "inputs": {
+        "nixpkgs": [
+          "alejandra",
+          "nixpkgs"
+        ],
+        "rust-analyzer-src": "rust-analyzer-src"
+      },
+      "locked": {
+        "lastModified": 1657607339,
+        "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=",
+        "owner": "nix-community",
+        "repo": "fenix",
+        "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "fenix",
+        "type": "github"
+      }
+    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1738453229,
-        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
+        "lastModified": 1765495779,
+        "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
+        "rev": "5635c32d666a59ec9a55cab87e898889869f7b71",
        "type": "github"
      },
      "original": {
@ -18,39 +63,76 @@
        "type": "github"
      }
    },
+    "flakeCompat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1749024892,
-        "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
+        "lastModified": 1766736597,
+        "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
+        "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1738452942,
-        "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
+        "lastModified": 1761765539,
+        "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
+        "type": "github"
      },
      "original": {
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
      }
    },
    "root": {
      "inputs": {
+        "alejandra": "alejandra",
        "flake-parts": "flake-parts",
        "nixpkgs": "nixpkgs"
      }
+    },
+    "rust-analyzer-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1657557289,
+        "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=",
+        "owner": "rust-lang",
+        "repo": "rust-analyzer",
+        "rev": "caf23f29144b371035b864a1017dbc32573ad56d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rust-lang",
+        "ref": "nightly",
+        "repo": "rust-analyzer",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -1,6 +1,6 @@
 {
  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";

    flake-parts.url = "github:hercules-ci/flake-parts";
  };
@ -31,6 +31,7 @@

    flake = {
      lib = import ./lib inputs.nixpkgs withSystem;
+
      # overlays.default = final: prev: (import ./lib/packages.nix prev);

      nixosModules.default = {...}: {
--- a/machines/lebesgue/config/configuration.nix
+++ b/machines/lebesgue/config/configuration.nix
@ -14,6 +14,12 @@
      enable = true;
    };

+    services.forgejo = {
+      enable = true;
+      domain = "forge.foehammer.me";
+      ssh-domain = "lebesgue";
+    };
+
    services.vaultwarden = {
      enable = true;
      domain = "https://passwords.foehammer.me";
@ -21,19 +27,6 @@
      envPath = config.sops.secrets.vaultwarden-env.path;
    };

-    services.authelia = {
-      enable = true;
-      domain = "foehammer.me";
-      url = "https://auth.foehammer.me";
-      jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path;
-
-      userDbFile = config.sops.secrets.authelia-users.path;
-      # oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path;
-      # oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path;
-      sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
-      storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
-    };
-
    backups.restic = {
      enable = true;

@ -41,7 +34,7 @@
      environmentFile = config.sops.secrets.restic-env.path;
      passwordFile = config.sops.secrets.restic-password.path;

-      paths = ["/var/lib/vaultwarden" "/var/lib/authelia"];
+      paths = ["/var/lib/vaultwarden" "/var/lib/authelia" "/var/lib/forgejo"];
    };

    tailscale = {
--- a/machines/lebesgue/config/routing.nix
+++ b/machines/lebesgue/config/routing.nix
@ -8,16 +8,16 @@
          reverse_proxy :${toString config.foehammer.services.vaultwarden.port}
        '';
      };
-      "auth.foehammer.me" = {
-        extraConfig = ''
-          reverse_proxy :${toString config.foehammer.services.authelia.port}
-        '';
-      };
      "goatcounter.foehammer.me" = {
        extraConfig = ''
          reverse_proxy :${toString config.foehammer.services.goatcounter.port}
        '';
      };
+      "forge.foehammer.me" = {
+        extraConfig = ''
+          reverse_proxy :${toString config.foehammer.services.forgejo.port}
+        '';
+      };
    };
  };
 }
--- a/machines/lebesgue/config/secrets.nix
+++ b/machines/lebesgue/config/secrets.nix
@ -3,10 +3,6 @@
    defaultSopsFile = ../secrets/main.yaml;

    secrets = let
-      autheliaSecret = {
-        owner = "authelia-main";
-        sopsFile = ../secrets/authelia/secrets.yaml;
-      };
    in {
      admin-password.neededForUsers = true;

@ -17,16 +13,6 @@
      restic-env = {owner = "restic";};
      restic-password = {owner = "restic";};
      restic-repository = {owner = "restic";};
-
-      authelia-jwtsecret = autheliaSecret;
-      authelia-oidc-privkey = autheliaSecret;
-      authelia-oidc-hmac = autheliaSecret;
-      authelia-session-secret = autheliaSecret;
-      authelia-storage-encryption = autheliaSecret;
-      authelia-users = {
-        owner = "authelia-main";
-        sopsFile = ../secrets/authelia/users.yaml;
-      };
    };
  };
 }
--- a/machines/lebesgue/config/state.nix
+++ b/machines/lebesgue/config/state.nix
@ -4,6 +4,7 @@
  environment.persistence."/persist" = {
    directories = [
      "/var/cache/restic-backups-s3"
+      "/var/lib/forgejo"
      "/var/lib/tailscale"
      "/var/lib/goatcounter"
      "/var/log"
--- a/machines/lebesgue/deploy
+++ b/machines/lebesgue/deploy
@ -1,10 +1,10 @@
 #!/usr/bin/env bash

 function deploy() {
-	nixos-rebuild $1 --flake .#default --target-host admin@lebesgue --use-remote-sudo --verbose
+	nix develop -c nixos-rebuild $1 --flake .#default --target-host admin@lebesgue --use-remote-sudo --verbose
 }

-nix flake lock --update-input common
+nix flake update common

 if [[ -n $1 ]]; then 
 	deploy $1
--- a/machines/lebesgue/flake.lock
+++ b/machines/lebesgue/flake.lock
@ -20,11 +20,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1738453229,
-        "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
+        "lastModified": 1765495779,
+        "narHash": "sha256-MhA7wmo/7uogLxiewwRRmIax70g6q1U/YemqTGoFHlM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
+        "rev": "5635c32d666a59ec9a55cab87e898889869f7b71",
        "type": "github"
      },
      "original": {
@ -50,55 +50,58 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1749024892,
-        "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
+        "lastModified": 1766736597,
+        "narHash": "sha256-BASnpCLodmgiVn0M1MU2Pqyoz0aHwar/0qLkp7CjvSQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
+        "rev": "f560ccec6b1116b22e6ed15f4c510997d99d5852",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1738452942,
-        "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
+        "lastModified": 1761765539,
+        "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
+        "type": "github"
      },
      "original": {
-        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1748889542,
-        "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
+        "lastModified": 1765838191,
+        "narHash": "sha256-m5KWt1nOm76ILk/JSCxBM4MfK3rYY7Wq9/TZIIeGnT8=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
+        "rev": "c6f52ebd45e5925c188d1a20119978aa4ffd5ef6",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1731763621,
-        "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
+        "lastModified": 1763618868,
+        "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
+        "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942",
        "type": "github"
      },
      "original": {
@ -121,11 +124,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1738291974,
-        "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
+        "lastModified": 1764021963,
+        "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
+        "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec",
        "type": "github"
      },
      "original": {
--- a/machines/lebesgue/flake.nix
+++ b/machines/lebesgue/flake.nix
@ -2,7 +2,7 @@
  inputs = {
    common.url = "path:../..";

-    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";

    sops-nix = {
      url = "github:Mic92/sops-nix";
Author	SHA1	Message	Date
Lorenzo Good	60424d6ff2	Change gitea ssh port.	2025-12-28 22:03:03 -06:00
Lorenzo Good	7d90587392	Add forgejo, remove authelia.	2025-12-28 20:49:16 -06:00
Lorenzo Good	dfb52f269c	Update Nixpkgs to 25.11	2025-12-17 17:29:11 -06:00
Lorenzo Good	d1ab660c43	Fix deploy script to call nix develop.	2025-12-14 23:43:37 -05:00
Lorenzo Good	7de84f5bf5	Revert "Add readeck service." This reverts commit `c231e5349e`.	2025-12-14 23:39:55 -05:00
Lorenzo Good	c231e5349e	Add readeck service.	2025-12-14 18:33:05 -05:00
Lorenzo Good	39626b43ee	Nix flake update.	2025-12-14 17:28:12 -05:00
Lorenzo Good	ab3cee9bb0	Fix deployment script.	2025-12-14 17:03:55 -05:00
foehammer127	b2de27ce91	Nix flake update.	2025-11-25 20:08:26 -05:00
foehammer127	db8869d0b7	Update nix flake.	2025-09-16 16:58:19 -04:00