forgejo: make SSH keys declarative
All checks were successful
Flake checks / Check (pull_request) Successful in 8m39s

This commit is contained in:
Benjamin Yule Bädorf 2024-04-05 19:14:10 +02:00
parent 9191729f5c
commit b7e7a52aa5
Signed by: b12f
GPG key ID: 729956E1124F8F26
3 changed files with 15 additions and 0 deletions

View file

@ -16,6 +16,19 @@
owner = "gitea";
};
age.secrets.forgejo-ssh-private-key = {
file = "${flake.self}/secrets/forgejo-ssh-private-key.age";
mode = "600";
owner = "gitea";
path = "/etc/forgejo/ssh/id_forgejo";
};
environment.etc."forgejo/ssh/id_forgejo.pub" = {
text = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkPjvF2tZ2lZtkXed6lBvaPUpsNrI5kHlCNEf4LyFtgFXHoUL8UD3Bz9Fn1S+SDkdBMw/SumjvUf7TEGqQqzmFbG7+nWdWg2L00VdN8Kp8W+kKPBByJrzjDUIGhIMt7obaZnlSAVO5Cdqc1Q6bA9POLjSHIBxSD3QUs2pjUCkciNcEtL93easuXnlMwoYa217n5sA8n+BZmOJAcmA/UxYvKsqYlpJxa44m8JgMTy+5L08i/zkx9/FwniOcKcLedxmjZfV8raitDy34LslT2nBNG4I+em7qhKhSScn/cfyPvARiK71pk/rTx9mxBEjcGAkp3+hiA3Nyms0h/qTUh8yGyhbOn8hiro34HEKswXDN1HRfseyyZ4TqOoIC07F53x4OliYA0B+QbvwOemTX2XAWHfU4xEYrIhR46o3Eu5ooOM9HZLLYzIzKjsj/rpuKalFZ+9IeT/PJ/DrbgOEBlJGTu4XucEYXSiIvWB7G9WXij7TXKYbsRAFho9jw+9UZWklFAh9dcUKlX9YxafxOrw9DhJK620hblHLY9wPPFCbZVXDGfqdtn+ncRReMAw6N3VYqxMgnxd+OC52SMsSUi9VaL26i2UvEBwNYuim8GDnVabu/ciQLHMgifBONuF9sKD58ee5nnKgtYLDy9zU86aHBU78Ijew+WhYitO7qejMHMQ==";
mode = "600";
user = "gitea";
};
services.nginx.virtualHosts."git.pub.solar" = {
enableACME = true;
forceSSL = true;
@ -70,6 +83,7 @@
HTTP_PORT = 3000;
START_SSH_SERVER = true;
SSH_LISTEN_PORT = 2223;
SSH_SERVER_HOST_KEYS = "${config.age.secrets."forgejo-ssh-private-key".path}";
};
log.LEVEL = "Warn";

Binary file not shown.

View file

@ -33,6 +33,7 @@ in
"forgejo-actions-runner-token.age".publicKeys = flora6Keys ++ adminKeys;
"forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
"forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys;
"forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;