loptland: more modules

2025-10-31 00:24:07 +01:00 · 2025-10-31 00:24:07 +01:00 · 942f3262a7
commit 942f3262a7
parent 82f7af3856
4 changed files with 90 additions and 19 deletions
--- a/modules/hosts/loptland/default.nix
+++ b/modules/hosts/loptland/default.nix
@ -14,8 +14,8 @@ in
      ...
    }:
    let
+      domainName = "christophhollizeck.dev";
      sopsFile = ../../../secrets/secrets-loptland.yaml;
-
    in
    {
      nixpkgs.config.allowUnfree = true;
@ -26,11 +26,13 @@ in
        [
          (modulesPath + "/profiles/qemu-guest.nix")
          inputs.catppuccin.nixosModules.catppuccin
+          inputs.sops-nix.nixosModules.sops

          # System modules
          base
          server
          hydra
+          forgejo
          factorio-server

          # apps
@ -55,19 +57,38 @@ in

        ];

-      sops = {
-        secrets = {
-          "forgejo/db/password" = {
-            inherit sopsFile;
-          };
-          "forgejo/mail/password" = {
-            inherit sopsFile;
-          };
-          "forgejo/mail/passwordHash" = {
-            inherit sopsFile;
-          };
-        };
+      # sops.secrets = {
+      #   "forgejo/mail/passwordHash" = {
+      #     inherit sopsFile;
+      #   };
+      # };
+
+      # mailserver = {
+      #   enable = true;
+      #   fqdn = "mail.${domainName}";
+      #   domains = [ domainName ];
+
+      #   loginAccounts = {
+      #     "forgejo@${domainName}" = {
+      #       hashedPasswordFile = config.sops.secrets."forgejo/mail/passwordHash".path;
+      #       aliases = [ "no-reply@${domainName}" ];
+      #     };
+      #   };
+
+      #   certificateScheme = "acme-nginx";
+      #   stateVersion = 3;
+      # };
+
+      services.tailscale = {
+        enable = true;
+        useRoutingFeatures = "client";
      };

+      networking.firewall.allowedTCPPorts = [
+        3000
+        80
+        443
+      ];
+
    };
 }