flake: update lockfile

flake.nix

@@ -123,7 +123,6 @@
           modules = [
             ./hosts/monolith.nix
             ./system/monolith-gitlab-runner.nix
-            ./system/monolith-forgejo-runner.nix
             ./system/nix-serve.nix
             ./system/steam.nix
           ] ++ common_modules;

hosts/phantom/default.nix

@@ -12,7 +12,6 @@
     ./writefreely.nix
     ./renawiki.nix
     ./email.nix
-    ./forgejo.nix
   ];
 
   # # Enable networking

hosts/phantom/email.nix

@@ -9,21 +9,13 @@
   mailserver = {
     enable = true;
     fqdn = "mail.lelgenio.xyz";
-    domains = [
+    domains = [ "lelgenio.xyz" ];
-      "lelgenio.xyz"
-      "git.lelgenio.xyz"
-    ];
     certificateScheme = "acme-nginx";
-    # Create passwords with
-    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
     loginAccounts = {
       "lelgenio@lelgenio.xyz" = {
         hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
         aliases = [ "postmaster@lelgenio.xyz" ];
       };
-      "noreply@git.lelgenio.xyz" = {
-        hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0.";
-      };
     };
   };
 

hosts/phantom/forgejo.nix

@@ -1,56 +0,0 @@
-{ lib, pkgs, config, ... }:
-let
-  cfg = config.services.forgejo;
-  srv = cfg.settings.server;
-in
-{
-  services.nginx = {
-    virtualHosts.${cfg.settings.server.DOMAIN} = {
-      forceSSL = true;
-      enableACME = true;
-      extraConfig = ''
-        client_max_body_size 512M;
-      '';
-      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
-    };
-  };
-
-  services.openssh = {
-    authorizedKeysFiles = [
-      "${config.services.forgejo.stateDir}/.ssh/authorized_keys"
-    ];
-    # Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
-    settings.AcceptEnv = "GIT_PROTOCOL";
-  };
-
-  services.forgejo = {
-    enable = true;
-    database.type = "postgres";
-    lfs.enable = true;
-    settings = {
-      service.DISABLE_REGISTRATION = true;
-      actions = {
-        ENABLED = true;
-        DEFAULT_ACTIONS_URL = "github";
-      };
-      server = {
-        DOMAIN = "git.lelgenio.xyz";
-        HTTP_PORT = 3000;
-        ROOT_URL = "https://${srv.DOMAIN}/";
-      };
-      mailer = {
-        ENABLED = true;
-        SMTP_ADDR = "mail.lelgenio.xyz";
-        FROM = "noreply@git.lelgenio.xyz";
-        USER = "noreply@git.lelgenio.xyz";
-      };
-    };
-    mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;
-  };
-
-  age.secrets.phantom-forgejo-mailer-password = {
-    file = ../../secrets/phantom-forgejo-mailer-password.age;
-    mode = "400";
-    owner = "forgejo";
-  };
-}

hosts/phantom/mastodon.nix

@@ -6,6 +6,5 @@
     smtp.fromAddress = "lelgenio@disroot.org";
     streamingProcesses = 2;
     extraConfig.SINGLE_USER_MODE = "true";
-    mediaAutoRemove.olderThanDays = 10;
   };
 }

hosts/phantom/users.nix

@@ -2,7 +2,7 @@
   security.rtkit.enable = true;
   services.openssh = {
     enable = true;
-    ports = [ 9022 22 ];
+    ports = [ 9022 ];
     settings = {
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;

hosts/phantom/vpsadminos.nix

@@ -13,8 +13,7 @@ let
     "1.1.1.1"
     "2606:4700:4700::1111"
   ];
-in
+in {
-{
   networking.nameservers = mkDefault nameservers;
   services.resolved = mkDefault { fallbackDns = nameservers; };
   networking.dhcpcd.extraConfig = "noipv4ll";

overlays/sway.nix

@@ -11,7 +11,7 @@
     executable = true;
     text = ''
       systemctl --user import-environment
-      dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway SWAYSOCK
+      dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
       # systemctl --user stop pipewire wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
       # systemctl --user start pipewire wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
     '';

secrets/secrets.nix

@@ -5,11 +5,9 @@ in
   "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
   "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
   "gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
-  "monolith-forgejo-runner-token.age".publicKeys = [ main_ssh_public_key ];
   "lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
   "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
   "phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
   "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
   "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
-  "phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
 }

switch-phantom

@@ -1,12 +0,0 @@
-#!/bin/sh
-
-nix fmt
-
-git diff
-
-nixos-rebuild switch --flake .#phantom \
-  --update-input nixpkgs \
-  --no-write-lock-file \
-  --build-host phantom \
-  --target-host phantom \
-  "$@"

system/configuration.nix

@@ -59,7 +59,7 @@
 
   security.rtkit.enable = true;
   services.openssh = {
-    enable = false;
+    enable = true;
     ports = [ 9022 ];
     settings = {
       PermitRootLogin = "no";

system/monolith-forgejo-runner.nix

@@ -1,19 +0,0 @@
-{ pkgs, config, ... }: {
-  services.gitea-actions-runner = {
-    package = pkgs.forgejo-actions-runner;
-    instances.default = {
-      enable = true;
-      name = "monolith";
-      url = "https://git.lelgenio.xyz";
-      tokenFile = config.age.secrets.monolith-forgejo-runner-token.path;
-      labels = [
-        # provide a debian base with nodejs for actions
-        "debian-latest:docker://node:18-bullseye"
-        # fake the ubuntu name, because node provides no ubuntu builds
-        "ubuntu-latest:docker://node:18-bullseye"
-        # provide native execution on the host
-        #"native:host"
-      ];
-    };
-  };
-}

system/secrets.nix

@@ -6,13 +6,9 @@
       ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
     secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file =
       ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
-    secrets.monolith-forgejo-runner-token.file =
-      ../secrets/monolith-forgejo-runner-token.age;
     secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
       ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
     secrets.monolith-nix-serve-privkey.file =
       ../secrets/monolith-nix-serve-privkey.age;
-    secrets.phantom-forgejo-mailer-password.file =
-      ../secrets/phantom-forgejo-mailer-password.age;
   };
 }