homelab framework module init (everything is a mess)

2025-07-28 02:05:13 +02:00 · 2025-07-28 02:05:13 +02:00 · bcbcc8b17b
commit bcbcc8b17b
parent 0347f4d325
94 changed files with 7289 additions and 436 deletions
--- a/nixos/hosts/forgejo/README.md
+++ b/nixos/hosts/forgejo/README.md
@ -1,17 +0,0 @@
-🥇 Phase 1: Git + Secrets
-
-    ✅ Set up Forgejo VM (NixOS declarative)
-
-    ✅ Set up sops-nix + age keys (can live in the Git repo)
-
-    ✅ Push flake + ansible + secrets to Forgejo
-
-    ✅ Write a basic README with how to rebuild infra
-
-🥈 Phase 2: GitOps
-
-    🔁 Add CI runner VM
-
-    🔁 Configure runner to deploy (nixos-rebuild or ansible-playbook) on commit
-
-    🔁 Optional: add webhooks to auto-trigger via Forgejo
--- a/nixos/hosts/forgejo/forgejo.nix
+++ b/nixos/hosts/forgejo/forgejo.nix
@ -18,7 +18,7 @@ in {
    stateDir = "/srv/forgejo";
    secrets = {
      mailer = {
-        PASSWD = ;
+        PASSWD = config.sops.secrets.forgejo-mailer-password.path;
      };
    };
    settings = {
@ -76,12 +76,12 @@ in {
        ALLOW_DEACTIVATE_ALL = false;
      };

-      oauth2 = {
-      };
-      oauth2_client = {
-        ENABLE_AUTO_REGISTRATION = true;
-        UPDATE_AVATAR = true;
-      };
+      # oauth2 = {
+      # };
+      # oauth2_client = {
+      #   ENABLE_AUTO_REGISTRATION = true;
+      #   UPDATE_AVATAR = true;
+      # };
      # log = {
      #   ROOT_PATH = "/var/log/forgejo";
      #   MODE = "file";
--- a/nixos/hosts/forgejo/sops.nix
+++ b/nixos/hosts/forgejo/sops.nix
@ -1,7 +1,6 @@
 let
  forgejoSops = ../../secrets/forgejo/secrets.yml;
-in
-{
+in {
  sops.secrets = {
    "forgejo-admin-password" = {
      sopsFile = forgejoSops;
@ -15,5 +14,9 @@ in
      sopsFile = forgejoSops;
      owner = "forgejo";
    };
+    "forgejo-mailer-password" = {
+      sopsFile = forgejoSops;
+      owner = "forgejo";
+    };
  };
 }