test: forgejo microVM

2025-12-06 21:17:14 -06:00 · 2025-11-09 04:00:09 -06:00 · 2025-11-09 04:00:09 -06:00 · bb9a102fd9
commit bb9a102fd9
parent 6d83b2b2f5
3 changed files with 13 additions and 16 deletions
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@ -32,11 +32,9 @@ in
      services = {
        forgejo = {
          enable = true;
-          database.type = "postgres";
          lfs.enable = true;
          secrets = {
-            mailer.PASSWD = "/run/secrets/${serviceCfg.name}-smtp";
-            database.PASSWD = "/run/secrets/${serviceCfg.name}-database";
+            mailer.PASSWD = "/run/secrets/smtp";
          };
          dump = {
            interval = "5:00";
@ -164,7 +162,7 @@ in
          {
            mountPoint = "/run/secrets";
            proto = "virtiofs";
-            source = "/run/secrets";
+            source = "/run/secrets/${serviceCfg.name}";
            tag = "host_secrets";
          }
        ];
@ -173,7 +171,7 @@ in
  };

  systemd.tmpfiles.rules = [
-    "d ${serviceCfg.mntPaths.path0} 0755 root root -"
+    "d ${serviceCfg.mntPaths.path0} 0777 root root -"
  ];

  services.caddy.virtualHosts."${host}" = {
@ -189,15 +187,13 @@ in
  };

  sops.secrets = {
-    "${serviceCfg.name}-smtp" = {
+    "${serviceCfg.name}/smtp" = {
      owner = "root";
      mode = "0600";
    };
-    "${serviceCfg.name}-database" = {
+    "${serviceCfg.name}/database" = {
      owner = "root";
      mode = "0600";
    };
-
  };
-
 }
--- a/modules/nixos/services/vaultwarden/default.nix
+++ b/modules/nixos/services/vaultwarden/default.nix
@ -57,7 +57,7 @@ in
          };

          # Environment file with secrets (mounted from host)
-          environmentFile = "/run/secrets/${serviceCfg.name}/env";
+          environmentFile = "/run/secrets/env";
        };
        openssh = {
          enable = true;
@ -140,7 +140,7 @@ in
          {
            mountPoint = "/run/secrets";
            proto = "virtiofs";
-            source = "/run/secrets";
+            source = "/run/secrets/${serviceCfg.name}";
            tag = "host_secrets";
          }
        ];
@ -171,7 +171,7 @@ in
  users.users.caddy.extraGroups = [ "acme" ];

  systemd.tmpfiles.rules = [
-    "d ${serviceCfg.mntPaths.path0} 0755 root root -"
+    "d ${serviceCfg.mntPaths.path0} 0777 root root -"
  ];

  sops.secrets = {