tofu workflow

nixos/hosts/forgejo/forgejo.nix

@@ -16,6 +16,11 @@ in {
     user = "forgejo";
     group = "forgejo";
     stateDir = "/srv/forgejo";
+    secrets = {
+      mailer = {
+        PASSWD = ;
+      };
+    };
     settings = {
       # https://forgejo.org/docs/latest/admin/config-cheat-sheet/
       server = {
@@ -34,8 +39,7 @@ in {
 
         PROTOCOL = "smtp+starttls";
         SMTP_ADDR = "mail.procopius.dk";
-        USER = "admin@procopius.dk";
-        PASSWD = "mikael";
+        USER = "git@procopius.dk";
       };
       database = {
         DB_TYPE = lib.mkForce "postgres";
@@ -57,9 +61,9 @@ in {
         ZOMBIE_TASK_TIMEOUT = "30m";
       };
       ldap = {
-        AUTHORIZATION_NAME = "My LDAP";
-        HOST = "ldap.example.com";
-        PORT = 389;
+        AUTHORIZATION_NAME = "LLDAP";
+        HOST = "auth.lab";
+        PORT = 3890;
         ENABLE_TLS = false;
         USER_SEARCH_BASE = "ou=users,dc=example,dc=com";
         USER_FILTER = "(&(objectClass=user)(sAMAccountName=%[1]s))";
@@ -86,7 +90,6 @@ in {
 
       security = {
         INSTALL_LOCK = true;
-        SECRET_KEY = config.sops.secrets."forgejo-secret-key".path; # can be another secret
       };
     };
   };