diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index 647f83e..f98e344 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -16,6 +16,19 @@ owner = "gitea"; }; + age.secrets.forgejo-ssh-private-key = { + file = "${flake.self}/secrets/forgejo-ssh-private-key.age"; + mode = "600"; + owner = "gitea"; + path = "/etc/forgejo/ssh/id_forgejo"; + }; + + environment.etc."forgejo/ssh/id_forgejo.pub" = { + text = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkPjvF2tZ2lZtkXed6lBvaPUpsNrI5kHlCNEf4LyFtgFXHoUL8UD3Bz9Fn1S+SDkdBMw/SumjvUf7TEGqQqzmFbG7+nWdWg2L00VdN8Kp8W+kKPBByJrzjDUIGhIMt7obaZnlSAVO5Cdqc1Q6bA9POLjSHIBxSD3QUs2pjUCkciNcEtL93easuXnlMwoYa217n5sA8n+BZmOJAcmA/UxYvKsqYlpJxa44m8JgMTy+5L08i/zkx9/FwniOcKcLedxmjZfV8raitDy34LslT2nBNG4I+em7qhKhSScn/cfyPvARiK71pk/rTx9mxBEjcGAkp3+hiA3Nyms0h/qTUh8yGyhbOn8hiro34HEKswXDN1HRfseyyZ4TqOoIC07F53x4OliYA0B+QbvwOemTX2XAWHfU4xEYrIhR46o3Eu5ooOM9HZLLYzIzKjsj/rpuKalFZ+9IeT/PJ/DrbgOEBlJGTu4XucEYXSiIvWB7G9WXij7TXKYbsRAFho9jw+9UZWklFAh9dcUKlX9YxafxOrw9DhJK620hblHLY9wPPFCbZVXDGfqdtn+ncRReMAw6N3VYqxMgnxd+OC52SMsSUi9VaL26i2UvEBwNYuim8GDnVabu/ciQLHMgifBONuF9sKD58ee5nnKgtYLDy9zU86aHBU78Ijew+WhYitO7qejMHMQ=="; + mode = "600"; + user = "gitea"; + }; + services.nginx.virtualHosts."git.pub.solar" = { enableACME = true; forceSSL = true; @@ -70,6 +83,7 @@ HTTP_PORT = 3000; START_SSH_SERVER = true; SSH_LISTEN_PORT = 2223; + SSH_SERVER_HOST_KEYS = "${config.age.secrets."forgejo-ssh-private-key".path}"; }; log.LEVEL = "Warn"; diff --git a/secrets/forgejo-ssh-private-key.age b/secrets/forgejo-ssh-private-key.age new file mode 100644 index 0000000..39f42d6 Binary files /dev/null and b/secrets/forgejo-ssh-private-key.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 153a975..117ebdf 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -33,6 +33,7 @@ in "forgejo-actions-runner-token.age".publicKeys = flora6Keys ++ adminKeys; "forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys; "forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys; + "forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys; "matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys; "matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;