diff --git a/flake.lock b/flake.lock index a4fcccb..2656a8a 100644 --- a/flake.lock +++ b/flake.lock @@ -88,11 +88,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1765253041, - "narHash": "sha256-D4/vwhvX26KW3gux9CCiJ87zc5UOiLTFlfG3+5h0VRI=", + "lastModified": 1764907471, + "narHash": "sha256-8JrQq+vRZTTMqHjyBC1OcDThjU29ui6+KCcQzGAVdRk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "687d6eb2a8503afdeaaf9e230fb72f880daa7252", + "rev": "a40541abfdeeee6f18da6f56e5882c90ed369b6e", "type": "gitlab" }, "original": { @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1765170903, - "narHash": "sha256-O8VTGey1xxiRW+Fpb+Ps9zU7ShmxUA1a7cMTcENCVNg=", + "lastModified": 1764866045, + "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=", "owner": "nix-community", "repo": "home-manager", - "rev": "20561be440a11ec57a89715480717baf19fe6343", + "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab", "type": "github" }, "original": { @@ -207,11 +207,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764983851, - "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=", + "lastModified": 1764831616, + "narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454", + "rev": "c97c47f2bac4fa59e2cbdeba289686ae615f8ed4", "type": "github" }, "original": { @@ -238,11 +238,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1764950072, - "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", + "lastModified": 1764667669, + "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f61125a668a320878494449750330ca58b78c557", + "rev": "418468ac9527e799809c900eda37cbff999199b6", "type": "github" }, "original": { @@ -294,11 +294,11 @@ ] }, "locked": { - "lastModified": 1765231718, - "narHash": "sha256-qdBzo6puTgG4G2RHG0PkADg22ZnQo1JmSVFRxrD4QM4=", + "lastModified": 1764483358, + "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7fd1416aba1865eddcdec5bb11339b7222c2363e", + "rev": "5aca6ff67264321d47856a2ed183729271107c9c", "type": "github" }, "original": { @@ -382,11 +382,11 @@ ] }, "locked": { - "lastModified": 1765245651, - "narHash": "sha256-/+ahII8MXi59KnRmzz+OgPXScr2Oyygin/XJWP7GvdU=", + "lastModified": 1764900054, + "narHash": "sha256-eMQ+eu5u/3AkhZ5zm3CaE7GSrP3Ca+70WzPs51uNKZ0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "32a0d010099f0b982498b11cc04d5335b0fc1556", + "rev": "7194cfbf5b270c228ff189078e6d345ead97ae69", "type": "github" }, "original": { diff --git a/hosts/vps-monitor/secrets.json b/hosts/vps-monitor/secrets.json index eca0fd8..f4f5090 100644 --- a/hosts/vps-monitor/secrets.json +++ b/hosts/vps-monitor/secrets.json @@ -2,7 +2,7 @@ "seb-password": "ENC[AES256_GCM,data:BsVFQMY7q+RhByY3RTWwrwbdC4Pgb2kNVG8HXn+kmI2evAo8XmGbDHbr7mXnI2LA6E+iXm5bewfwwTnJWZjaup06/kr1bd8JDg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:ydQaXcLVYllSZYWNCtH7+A==,type:str]", "tailscale": { "auth-key": "ENC[AES256_GCM,data:b+m+4KGLeS7hYLSqYXxX5VhiA946b4SEp+OAQUkK6e6ShYe0RnC0VfnypHjqwrdOiGYAIxB4ggIjZ9F5lfw=,iv:o36k4vtsnSThDQNIMIPBQHJ92WodbIyVC42L1t8Fvzg=,tag:/9oYSFO3asAGmWiedNo+Bw==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:Z/u3GJr1J7rhn1k+Ul0SyHhWKIxpIKqqinGphdZ/BNFvBGCsU8xKKHz7c4B6O94Oe3tuUNGp+X285lSnpZg=,iv:ch6Mg8ki82pxlWFGlOGoJB7Mhn3tYPEcL6Z8/6bXzCQ=,tag:9sHLrQ8F/DzYvdtvUM7dYg==,type:str]" + "service-auth-key": "ENC[AES256_GCM,data:Lz8UTAa2Y0QZ0qtkxrN30/nKj5PoAuoZON0LgflJtvOb5xiE8qAN9E04HA4O2dMWTXJ4zfIK8QC/s/Amlh8=,iv:e55ow3YQh6hd7FkTu09fMN8XgBk5ZsuHCtRDb5Q2sDI=,tag:qpzj9J9BgVCDF/7U3lcbkA==,type:str]" }, "healthchecks": { "ping-key": "ENC[AES256_GCM,data:Zq71AU3oym7fC364YZNyRtx4N2G35Q==,iv:ibMBpcrSocLBhtumsSV00+KVN6Pi4SzE7soCkZcU4fY=,tag:Wv/Wr0wRZGXucMHZHgoNtg==,type:str]" @@ -21,9 +21,9 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-12-09T12:25:24Z", - "mac": "ENC[AES256_GCM,data:RlXJ6lSCzVKpmcSWuCCFKZLG5O6ltPq4yA7nZeWiFYJBJ9gIhVM/fLfqOk2a+msWDg5WDYXCyfARPhKzH6AnS0kK+yqdkytGklQUKLlBuWvswuiWycvShc+04hClpyn/76nTK6yQeXeYK+b807uc5PJHGnBweEteBLShFbSTfIY=,iv:FtYfeckV45KtgYp+V1ZSupV26gYEm3T3Vi/RovDWlAo=,tag:k1clC/bsLC1FCLuaB6ypMg==,type:str]", + "lastmodified": "2025-10-11T15:48:45Z", + "mac": "ENC[AES256_GCM,data:4bECM/RM3hCmhGNpVlwQA3uLZvjzkqD/EBmGjhmLBUYIq251B36eJZh5hLli1AkMMiR5RdYxobSsQpMLkNEyLEVMOImsj4P3m+9h9Hh1R8+1R5InGI/afL/CHXjnYrJKohlOBDcJXRtgrQRPH1Rb35/20vl2RvoQ8OwimMRMmeY=,iv:Oqkac45fCnMQgXgLM06TGZjh3fRG2DATwlCKTvnO5Fw=,tag:xapQEWQpjVeIZRAoH0YbqQ==,type:str]", "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" + "version": "3.10.2" } } diff --git a/hosts/vps-private/secrets.json b/hosts/vps-private/secrets.json index aed6713..5904085 100644 --- a/hosts/vps-private/secrets.json +++ b/hosts/vps-private/secrets.json @@ -2,7 +2,7 @@ "seb-password": "ENC[AES256_GCM,data:Q+yRIOJCUzHmCZ5n0OAGyCkePVh0VJfeFYmgG2fh8Wwy6IKyG9c3/3qcMEIRSvG6Qm9KFGahuIR2md5bz7//pTRfPcu1GdIsMA==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:pOLRjWZKL2+GkMgV435FMw==,type:str]", "tailscale": { "auth-key": "ENC[AES256_GCM,data:qqJnjWR309LAuW49/7t2uZqWlAgPUvz8niLZuM2g8kJxaQmF0TEAWcBDpYridy9NLHnJ+xgA9g088t9dSg==,iv:imh6BrNPf2jVQ6eVaB9Mt+gX9zGq6mHX1+9yhY/KzrI=,tag:HPjhNE+vecDWwCAMC+nGfw==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:x69Z9Ac533qpKb9y/CQXJYvkw3G6OGyvoih9wABwlYO969+PvQssuNvciFGq8ZmqUXaGRcFsL45edegiKs0=,iv:0yO9RGbrBVfnQ7GR+3rdLBCk+UY9DQJk7NVGlUEBdNs=,tag:ISv0GFT9yinM2BAvvI3mvw==,type:str]" + "service-auth-key": "ENC[AES256_GCM,data:w9hTq+DLUcHdgHLKOWv0eg+Ew9GoN47GIiOlGNVZY+YnOgCqJ9L59xxt37B9ry1wTJXtlCJWl/fOSxUT/PA=,iv:1e7sWm+CEXOBt7p74b9O5Hhs5+NYv6v6QfdqiKHNn18=,tag:HpoX3OyDg0S4OzgGUXRfZw==,type:str]" }, "restic": { "password": "ENC[AES256_GCM,data:AERasH4M/uP3aUELnggUmH6NzAx6v4Uqjg+ymF5X,iv:q5qJkB3+feZyEm778hKI8ikNz9/9dj+Z1hda6M4eHfQ=,tag:adI4AwzXp63SRSA8uAjRZw==,type:str]" @@ -32,9 +32,9 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqU01heng3NHdrYnZFZmZn\nZlJtUUIyd1ExTmhzeU5iZFZadFcwR25GOEVZCmxHOXNWQVh1ZlJSRHJtaDVHNVUv\nbTY0TlNmZ2hESDkzS2M3WHdlamxwclkKLS0tIEEvOFd3TDFkQmQwbjBodHhpb1BD\nZ2NvTnNqQmtrLy9aVDdGRGxZbVgrZG8KdnnjJWcjZFu3R8fVKToj6THHHRCFou9k\njQoedCZAML2A2FZIhHugH9wnDUPQQjG86WbcCBuFWcOTGiTF2gN+Qg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-12-09T12:25:40Z", - "mac": "ENC[AES256_GCM,data:S9WbziGg3LInSZ0ClNa7AKAOHxmYN12K/8Gw0EEWU/Sw5drdQ0UUPapU6r2FJRssQhjw03tOfwylEHO0fFZx9ra0bk9ZX+QrNnktSWNzpJE3XAg9/OzApOoyWptvfxEFLWdYb7FgB4qlK+goNYTiC7sPe1Z4j9Ct25ARfFQYKFc=,iv:7vehA/fdtEJ3B+vnsP2EkaO0L8h4B/gmXudFgJCyyAA=,tag:wBYlqvWDQobqPutTVFbfEA==,type:str]", + "lastmodified": "2025-10-11T15:48:45Z", + "mac": "ENC[AES256_GCM,data:pVeX+/xaRJJ3g+q7Ob+pdxmybWykgMj+5uVNlSQ7EMSqm4SFEdZTGiH0JVcFOBld5da/feu9VDzQObItAftVNwi7Ta/jJ1BM+oiVzA9dG+sBKd3CIAFuGaODtNsXdaiNFHqZaY0t+7L1xpC8daYyI0E/3StPDsVGKo262CXNMYA=,iv:neXImm5GDmPaRHumiTTXRQob4cM6K019GzFnNBruGGA=,tag:V65xEBNpzn4nLoJYvdCIwQ==,type:str]", "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" + "version": "3.10.2" } } diff --git a/hosts/vps-public/secrets.json b/hosts/vps-public/secrets.json index 93cf928..bcf32ec 100644 --- a/hosts/vps-public/secrets.json +++ b/hosts/vps-public/secrets.json @@ -2,7 +2,7 @@ "seb-password": "ENC[AES256_GCM,data:znyHz9AhZipp2VNkXifU27IvEbPoKqLf4ibSkqfvkGGoX/jHnoJRYruWmwLnAaqTk6moHtew6HZq3xjvNgUf+qVgaleWQntrLg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:CKgqMm/mVae1i9He/ioMAg==,type:str]", "tailscale": { "auth-key": "ENC[AES256_GCM,data:tnmR93k4iPsojBZgwVmnSPJkNDOYiJt9lJ/IpoDR/TWCIbpBmbFq7xKSnyoCXBRKiEZ6hK0z3jezuQc9IgQ=,iv:/b3+yxEOuPaRrrmD3LSUeSiNv/1u4bMxrg4B+1SKb0o=,tag:9f6ZSgFjP4HAExWiaStr2g==,type:str]", - "service-auth-key": "ENC[AES256_GCM,data:xlXV01WcdLVm/vRw8Elb3iCId8LstKP0UWSXDXeOG10goKLoIMV4JmJ8a8OalE3s3pO3FSLYQFxjQNxQmhk=,iv:ikHW6XVow1NJZB0hUhKl5JsC9gEZtvXc4F9SlUycQlI=,tag:GgqQPIxOXkYhhqPcv2/k0A==,type:str]" + "service-auth-key": "ENC[AES256_GCM,data:fW9M95GXFGUrhIXiuVQdD+l7O+7qcTcYGVuTZC1hSUQunL/fjNh+cLFvjwEpKVvsZJ7uDzD0IHQlicBmzPI=,iv:XDFwA47jyQ8jkIOfkooywXGzUAtbQb5ktjbrcHnep9g=,tag:kh6G1ey8Ly2Rzx1DdoDmRQ==,type:str]" }, "restic": { "password": "ENC[AES256_GCM,data:IGV07og9eSoleJnZ2+/FFLph7TLNd80q+u6WNn+V,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:eA7CAtfQtodTCyOuEn4+ug==,type:str]" @@ -31,8 +31,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnphWlNaTUU0QytIdnEv\nQnNzelN4MUMreXZrME5KZStFMDg2V1VFd21rCkk2Uy9ITEF3SjlRVEdMMXlPdHhG\nam1PNnp3emtnMnczeFFSSStJaHF6TkkKLS0tIEJKbFRzbmNqMjk5NXVHZnhlWWZ3\nYng5L1F5YUJGOTg3TTJCK281SG9Id3MKsmH2yj19ig2g+KzBGLD9dWkdvr6TLdSd\nuuDC+frhj7wWrEomOOjIoYtWHXkUtTSAnCEZhrhfyupYhEvlFfWRlw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-12-09T12:24:32Z", - "mac": "ENC[AES256_GCM,data:96b2vkoRYVIYR7kL8yOjZTG2tpjJyWBFBZ+qIwMsDHxSa3tUULQs+xKbW1gbc06LJMe97ZfKZYAFt2ExJ19Ftw/xJumbuDgX0f7tk7dkx5QrlsUyAGM8T5bOtZDAUAnkAgcJsIepdtTTSW8GsEmiAClynX08c00/jv3PEaF3IPs=,iv:9QAeA05iSP1NKVDa/Mu/hFJ07gDjZdNoVzvrYGT7rhc=,tag:0x/CI8c0F7RW7IANY8DdwA==,type:str]", + "lastmodified": "2025-12-09T11:54:09Z", + "mac": "ENC[AES256_GCM,data:hmQQhRVXv+g2run9fftwEjH9B+feiGLVaSgmkAt14z6n1y38heThksgaLCT3uE3hAmH7CJ8kumF9o6IYVSGQMWwmlB1GYajrptaF57/m0aMgPEZpODz+bnstRVU7z6EmTT3Pp49PIP8cRXT8U9HQQpOcM4Fr5+epFkkzJicpSKs=,iv:JkDOVQ5PciUYQcff9cuP+KWEry2+X5hpf7Y/TwPDUhQ=,tag:rocHo+ml5zXp2KgYY/chOw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } diff --git a/modules/system/web-services/forgejo/default.nix b/modules/system/web-services/forgejo/default.nix index 86b506f..3bef43b 100644 --- a/modules/system/web-services/forgejo/default.nix +++ b/modules/system/web-services/forgejo/default.nix @@ -22,6 +22,11 @@ in ports.tcp = [ cfg.port ]; }; + sops.secrets."forgejo/admin-password" = { + owner = config.users.users.git.name; + restartUnits = [ "forgejo.service" ]; + }; + users = { users.git = { isSystemUser = true;