tofu workflow

nixos/hosts/forgejo/forgejo.nix

@@ -16,6 +16,11 @@ in {
     user = "forgejo";
     group = "forgejo";
     stateDir = "/srv/forgejo";
+    secrets = {
+      mailer = {
+        PASSWD = ;
+      };
+    };
     settings = {
       # https://forgejo.org/docs/latest/admin/config-cheat-sheet/
       server = {
@@ -34,8 +39,7 @@ in {
 
         PROTOCOL = "smtp+starttls";
         SMTP_ADDR = "mail.procopius.dk";
-        USER = "admin@procopius.dk";
-        PASSWD = "mikael";
+        USER = "git@procopius.dk";
       };
       database = {
         DB_TYPE = lib.mkForce "postgres";
@@ -57,9 +61,9 @@ in {
         ZOMBIE_TASK_TIMEOUT = "30m";
       };
       ldap = {
-        AUTHORIZATION_NAME = "My LDAP";
-        HOST = "ldap.example.com";
-        PORT = 389;
+        AUTHORIZATION_NAME = "LLDAP";
+        HOST = "auth.lab";
+        PORT = 3890;
         ENABLE_TLS = false;
         USER_SEARCH_BASE = "ou=users,dc=example,dc=com";
         USER_FILTER = "(&(objectClass=user)(sAMAccountName=%[1]s))";
@@ -86,7 +90,6 @@ in {
 
       security = {
         INSTALL_LOCK = true;
-        SECRET_KEY = config.sops.secrets."forgejo-secret-key".path; # can be another secret
       };
     };
   };

nixos/hosts/forgejo/storage.nix

@@ -1,26 +1,12 @@
 {
-  # services.nfs.client = {
-  #   enable = true;
-  #   idmapd.enable = true;
-  # };
-
-  # environment.etc."idmapd.conf".text = ''
-  #   [General]
-  #   Domain = localdomain
-
-  #   [Mapping]
-  #   Nobody-User = nobody
-  #   Nobody-Group = nogroup
-  # '';
-
-  boot.supportedFilesystems = [ "nfs" ];
+  boot.supportedFilesystems = ["nfs"];
 
   services.rpcbind.enable = true;
 
   fileSystems."/srv/forgejo" = {
     device = "192.168.1.226:/volume1/data/forgejo";
     fsType = "nfs4";
-    options = [ "x-systemd.automount" "noatime" "_netdev" ];
+    options = ["x-systemd.automount" "noatime" "_netdev"];
   };
 
   systemd.tmpfiles.rules = [